We often hear open source software (OSS) is free.  This is really a statement about the license cost.  The reality is that to responsibly use OSS in a business there is cost – sometimes substantial cost.  Let’s discuss two scenarios for using OSS: using OSS in your data center and using OSS in your products.

OSS in Your Data Center

Selecting and using OSS to support your data center is a common practice.  Your system administrators know how to use many of the open source products that cater to data center functions.  For instance, the OS, web server, database server, monitoring system, and many of the utilities they use on a daily basis are likely OSS.  System administrators are smart individuals, but at times even they need to consult with others.  Sometimes, it is for the setup of a new OSS platform.  Other times, it is to seek advice on the overall environmental design.  But most often, it is to fix something as quickly as possible.  For these functions, system administrators rely on software support and consulting services.  They select OSS that has these support services available.  Administrators want the security of having a vendor to back them up.  When the CIO comes calling about a service outage, the administrators need to be able to respond effectively – having a vendor to support them helps.  So, the cost to use OSS in your data center often consists of the cost of support and consulting services.

OSS in Your Products

While using OSS to support your data center is fairly straightforward, using it in your products is a bit more complex.  Certain costs to use OSS in your product aren’t obvious.  Let’s run through a number of the most common costs:

• Legal cost to review the OSS license.  All OSS has a license.  Each license is different.  You need to recognize your obligations and constraints when choosing to use any piece of OSS.

• Security vulnerability monitoring cost.  OSS is software.  Software is created by humans.  Humans are prone to errors.  Certain errors introduce security holes.  Knowing which OSS is in use and monitoring for discovered and publicized security vulnerabilities is essential to retaining your reputation and keeping your clients safe.

• Software issue and functionality monitoring cost.  Once you choose to use a piece of OSS in your product, you need to stay current on its bugs, the fixes for bugs, and new capabilities that may enhance your product.

• Case law monitoring.  Your legal expense doesn’t end with simply understanding the license.  It continues well beyond that.  Legal challenges arise for various reasons.  It is important to stay current and recognize which OSS licenses are being challenged or which OSS components are being attacked.  This may lead to planning for remediation.

• Cost of changing OSS license terms.  Just like a commercial software license, OSS license terms may change over time.  These changes often impact your risk exposure.  What actions do you need to take?

• Publicity cost.  Certain OSS licenses require you to acknowledge the use of an OSS component.  The method of acknowledgement may require changes to contract language, website design, and even user documentation updates.

• Cost to create and maintain a formal OSS management practice.  Managing and tracking the introduction of OSS via a process and tools takes commitment and effort.  This effort consumes financial, human, and technology resources.  One such responsible OSS management practice can be found here.

As you can see, to use OSS responsibly for either data center or product use does incur related costs.  OSS is free to acquire, but does take care and feeding.

—Jeff Brown, SilverStream Consulting