Open Source Software

What is open source software?

Open source software (OSS), refers to source code that is available for use, modification, and distribution with the original rights, as defined by the Open Source Initiative (OSI). Such software is generally distributed under a GNU General Public License (GPL) or a Berkeley Software Distribution License. 

Open source code is typically shared in a public repository. The general public is encouraged to contribute to design, development, and additional software enhancements. Common examples of OSS include: 

  • GNU/Linux
  • Mozilla Firefox
  • VLC media player
  • SugarCRM
  • GIMP
  • VNC
  • Apache web server
  • LibreOffice

What’s hiding in your applications’ open source code?

What are the key differences between open source software and closed source software?

Choosing between open source and closed source software (i.e., proprietary software) depends on many factors. Two of the most critical include the risk appetite of the organization and in-house expertise availability on the specific piece of software. When deciding between open source and closed source software, consider the following:


Open source

Closed source


Available for nominal or zero licensing and usage charges.

Cost varies based upon the scale of the software.

Freedom to customize

Completely customizable, but is dependent on the open source license. Requires in-house expertise.

Change requests must be made to the company selling the software. This includes bug fixes, features, and enhancements.


Typically less user-friendly. This is dependent on the goals of the project and those maintaining it.

Typically more user-friendly. As a for-profit product, adoptability and user experience are often key considerations.

After-sales support

Some very popular pieces of open source software (e.g., OSS distributed by Red Hat or SUSE) have plenty of support. Otherwise, you can find help through user forums and mailing lists.

Dedicated support teams are in place. The level of service available depends on the service-level agreement (SLA).


Source code is open for review by anyone and everyone. There is a widespread theory that more eyes on the code makes it harder for bugs to survive. However, security bugs and flaws may still exist and pose significant risk.

The company distributing the software (i.e., software owner) guarantees a certain level of support, depending on the terms of the SLA. Because the source code is closed for review, there can be security issues. If issues are found, the software distributor is responsible for fixing them.

Vendor lock-in

No vendor lock-in due to the associated cost. Integration into systems may create technical dependency.

In most cases, large investments are made in proprietary software. Switching to a different vendor or to an open source solution can be costly.


Depends on the current user base, parties maintaining the software, and number of years in the market.

Long market-based solutions are more stable. New products have similar challenges as open source products.


Some open source solutions are very popular and are even market leaders (e.g., Linux, Apache).

In some industries, proprietary software is more popular, especially if they have been in the market for many years.

Total cost of ownership (TCO)

TCO is lower and upfront due to minimal or no usage cost. This depends on the level of maintenance required.

TCO is much higher and depends on the size of the user base.

Community participation

The essence of open source lies in the community participating in development, review, critique, and enhancement.

Closed community

Interoperability with other open source software

Depends on the level of maintenance and goals of the group. Typically better than closed source software.

Depends on the development standards.

Tax calculation

Difficult due to undefined monetary value.


Enhancements or new features

Can be developed by the user if needed.

Request must be made to the software owner.

Suitability for production environment

OSS might not be technically well designed or tested in a large-scale production environment.

Most proprietary software goes through multiple rounds of testing. However, things can still go wrong when deployed in a production environment.

­Financial institution considerations

The financial industry tends to avoid open source solutions. If used, vetting processes must take place.

Financial institutions prefer proprietary software.


No warranty available.

Best for companies with security policies requiring a warranty and liability indemnity.