Compared to the “openness” of open source software, closed source software’s proprietary nature is scary. Its source code is closed and unknowable. It is also controlled by entities that have the potential for evil. Or, if not particularly evil, they might disappear and leave their users in a permanently unsupported state. Proprietary software may have price tags that put it out of reach of your firm’s security budget. Finally, if something goes wrong, relying on proprietary support can make or break security operations.
Believe it or not, despite how free it is to procure open source software or join community forums, there are costs associated with using open source software. When bringing unvetted software into your environment, it should be checked over and scanned. If you aren’t paying for a support contract with the open source software’s development team, developers are left to rely on community support and internal know-how to keep a piece of open source software working.
These technical debts aren’t as large as the proponents of commercial, closed source software would have you believe. However, they aren’t as non-existent as the open source advocates promote either. Factor these concerns into the decision to pick a piece of software, but don’t let the support or vetting piece sway you away from a tool that is a better overall fit.