In 2005, Scott McNeely of Sun Microsystems quipped that open source software was “free like a puppy is free”. Just as you can pick out a puppy from the pound without paying expensive breeder fees, you can download and use open source software without buying a single license. But puppies become dogs, and dogs need food, toys, training and lots and lots of love.
1. White Paper Open Source: What is the Total Cost
March 2008
of Ownership?
2. Open Source: What is the Total Cost of Ownership? 2
Is Open Source For the Dogs?
In 2005, Scott McNeely of Sun Microsystems quipped that open source
software was “free like a puppy is free”. Just as you can pick out a puppy from
the pound without paying expensive breeder fees, you can download and use
open source software without buying a single license. But puppies become
dogs, and dogs need food, toys, training and lots and lots of love. Even with
As soon as you introduce all this attention, there’s no guarantee your cuddly puppy won’t develop a
open source into your vicious streak. Will you need endless obedience classes and a chain and
organization, the real muzzle to control it? The same goes for open source software.
costs, commitments and As soon as you introduce open source into your organization, the real costs,
risks become clear. commitments and risks become clear.
Of course, there are lots of good reasons to use open source in enterprise
development projects: overall efficiency of IT, quality of products and
processes, reduced time to market, improved innovation and increased
competition among service offerings. That’s why, according to one recent
survey, the average enterprise reported using 94 different open source
packages, up 26% from 2006.
There’s even a trend towards implementing open source solutions in
“differentiating technologies”. Differentiating technologies are the features
that make your product more desirable than your competitor’s. Open source
may provide a cheaper and faster way to build these special features, but it
can introduce sub-par code, lax tech support and license infringement into
business-critical functionality, so it must be executed with care.
If open source adoption is so high, it must be less expensive than the cost of
commercial software licenses, right? Not necessarily. That debate continues
to rage in the technology industry. There are plenty of studies that claim to
indisputably prove both sides of the argument. This paper doesn’t seek to
prove or disprove either position; instead, it outlines the hidden costs and
hazards involved in open source development and discusses how savvy
project managers can curtail them.
The Hidden Costs of Open Source
Founding editor of Wired, Kevin Kelly, was recently discussing the economics
of free software, and remarked:
As the old joke goes: software, free. The manual: $10,000. But it’s no
joke...the copy of code, being mere bits, is free—and becomes valuable
to you only through the support and guidance.
3. Open Source: What is the Total Cost of Ownership? 3
Who Do You Call When Things Go Wrong?
When you purchase enterprise software licenses, you’re also buying favor and
attention from the software vendor. Your licenses are usually accompanied
by a comprehensive and reassuring support agreement and a 1-800 number.
You’re buying confidence that, when issues arise, the vendor will be able
to resolve them quickly and cost-effectively. The quality of vendor technical
support varies, but at least you know who to turn to when things go awry.
When it comes to technical When it comes to technical support, open source is a more complex matter.
support, open source is There are no service level agreements for support or issue resolution.
a more complex matter. There’s not a group of IT professionals awaiting your call. Instead, there are
communities who may or may not answer your questions on web forums,
There are no service level
mailing lists and ad hoc support databases. Even worse, you may end up with
agreements for support or
a half-dozen conflicting responses when they do. There’s no business model,
issue resolution.
and no financial incentive for the open source community to help you. That
can be a serious concern for software development companies trying to meet
release dates, produce quality products and get their software to market.
Just as you can’t assume that open source developers will rapidly respond
to your support requests, you have no control over an open source project’s
development schedule. If your next major release depends on new caching
functionality in an open source web server, then you’re beholden to two
schedules: your own and the open source project’s. It’s enough work to keep
an eye on one Gantt chart when you can control it; open source projects are
subject to more schedule creep, more often. If the lead developer on an open
source project takes sick leave, goes traveling or starts a demanding new job,
there are not necessarily resources to replace him. Are you willing to put your
in-house development schedule in the hands of the open source community?
Will open source Another common concern in open source revolves around security. Will
communities respond open source communities respond rapidly enough when a security hole is
rapidly enough when discovered? Patches and upgrades may be slow in coming if at all. Until it’s
a security hole is fixed, how many more malevolent users have access to information about
your security breach? Additionally, complex integration common in open
discovered?
source solutions—code cobbled together and tweaked from many sources—
can expose systems more dangerously than commercial software.
That said, experiences vary. There are times when the open source
community is faster with security patches, simply because they don’t have the
PR and project scheduling considerations of their commercial counterparts. A
software vendor might decide that “we can’t afford to reveal this breach” or “it
can wait until next quarter because we’re behind schedule already.”
4. Open Source: What is the Total Cost of Ownership? 4
In short, open source technical support and issue resolution can be unreliable.
Project managers with tight timelines should consider the “unpredictability
factor” before jumping headlong into open source development.
Labor versus Licenses
Don’t let unpredictable tech support turn you off open source. Its flexibility and
agility can be a real benefit for enterprise software development projects. For
instance, if you can’t wait for the open source community to patch a security
hole, you can always do it yourself. But this has drawbacks too.
You probably didn’t hire your developers based on their knowledge of a
specific open source platform. Most companies don’t have in-house engineers
who understand open source code and can change it. So, instead of honing
their core skill set, your developers need to get up-to-speed on an open
source application or platform and inevitably take time away from product
development to fix open source problems. These kinds of opportunity costs
won’t help deliver your software projects on time.
Similarly, your IT staff will need to document all the open source products
you are using and do regular manual searches for updates and patches.
This onerous process redirects time and resources away from product
development. If, over time, your IT department doesn’t stay on top
performance and security updates, your software project will suffer.
Even if your engineers become open source experts, you’ve still got to
Staff turnover rates of keep them around. Staff turnover rates of 20% are common in the IT sector.
20% are common in Those are unpleasant odds. Sooner or later you’re going to lose a key staff
the IT sector. Those are resource. If your chief open source troubleshooter takes a job across town,
unpleasant odds. Sooner a lot of intellectual capital walks out the door. Good knowledge management
or later you’re going to lose practices can mitigate this threat; however, industry veterans know that when
a key staff resource. delays are threatening and the bugs are thick on the ground, knowledge
transfer is ignored in order to “go gold” on time.
Another alternative is to contract open source experts to consult on projects.
These gurus can be difficult to find, and are in high demand for popular open
source implementations. Plus, with consulting rates often exceeding $200 an
hour, these hired guns can get very expensive, very fast. And when they leave
at the end of their contract, all of their intellectual capital leaves with them.
Staying Above the Law
In a recent InfoWorld survey, respondents said one of the major challenges
of using open source languages in enterprise software development is
understanding and enforcing open source licensing.
5. Open Source: What is the Total Cost of Ownership? 5
Open source licensing can be a daunting problem. The terminology and
licensing requirements are often confusing to the neophyte project manager.
And that’s before you even consider which license to use—GPL, Artistic,
LPGL, Creative Commons, BSD... the list goes on.
To ensure that you’re There’s no single tool or strategy for making sure you choose the right open
indemnified against source license for your project. To ensure that you’re indemnified against legal
legal action, you’ve got action, you’ve got to be patient, diligent, detail oriented and ultimately right.
to be patient, diligent, You need to conduct regular open source audits to find out what code you’re
detail oriented and using, what license it’s under and whether you’re abiding by the terms of each
ultimately right. license.
You don’t want to get it wrong. The legal risk of working with open source
languages is being hit with a breach of contract lawsuit or a patent
infringement lawsuit. Last year, the Software Freedom Law Center charged
Monsoon Multimedia Inc. with using an open source set of Unix utilities
called BusyBox, but failing to publish the source code as required under
the GPL license. The lawsuit was settled out of court, but it signaled a new
assertiveness on the part of open source programmers to protect their code. If
they hadn’t settled and the Software Freedom Law Center had won the case,
BusyBox would have been entitled to damages, an injunction prohibiting
continued infringement and court costs. As you can see, a copyright lawsuit
could cost your company financial harm far beyond the price of a purchased
software solution.
The Good, the Bad and the Ugly
As demonstrated in this paper thus far, open source software comes with both
advantages and hazards. So, is it worth it? We use the tried-and-tested SWOT
analysis tool here to provide a snapshot of the benefits and disadvantages
(see page 6) that go along with integrating open source into enterprise
software projects.
If you can mitigate the If you can mitigate the weaknesses and risks, then there are clear advantages
weaknesses and risks, to using open source in commercial software development. Many businesses
then there are clear are reaching the same conclusion. According to Forrester Research, 75% of
advantages to using open enterprises are already using or will be using open source soon for in-house
source in commercial development. Open source provides the opportunity for less expensive, faster,
software development. more efficient development if you can reduce the risks.
How do you control these threats? Start by choosing a quality, stable platform
with a large, responsive community base. Do your homework to ensure you’re
not committing copyright fraud. Protect your organization against spiraling
costs by choosing a supported open source solution that will keep costs and
technical meltdowns in check.
6. Open Source: What is the Total Cost of Ownership? 6
Helpful Harmful
Strengths Weaknesses
• Free source code; no seat license fees • No control over an open source project’s
development schedule
• Flexible, adaptable, extensible code
• Dependency on in-house expertise or
• Agility gives open source deployments a overpriced open source consultants
competitive advantage in the marketplace
• New versions must be integrated and
• Active, global open source community compatible; rapid release rates make this an
ongoing challenge
• Rapid release rate distributes fixes and patches
quickly • In-house staff must stay up to date with open
source platform issues, fixes and bugs
• Potential for code reuse reduces inefficiencies
• Open source quality can vary dramatically
• Open source typically achieves a high degree
of interoperability
Opportunities Threats
• Potentially reduce project costs by building • Spiraling costs often associated with open
commercial software on top of open source source maintenance
platforms
• Non-supported open source development
• Using open source can make it easier to take projects are prone to increased schedule
advantage of external expertise, applications overruns, both in frequency and magnitude
and code components
• No 24/7 technical support
• Open source schedules can be faster than
commercial ones, providing a competitive • In-house experts may leave your
advantage for enterprise development organization, along with their intellectual
capital
• Potential economic slowdown in 2008 won’t
affect open source project development • Ensuring open source distributions are
legally licensed
7. Open Source: What is the Total Cost of Ownership? 7
Control the Total Cost of Ownership with ActiveState
Enterprise Language Distributions
Too many companies Too many companies embrace and implement open source technologies
embrace and implement without fully understanding the costs that go along with deploying and
open source technologies maintaining open source. Additionally, businesses that distribute commercial
without fully understanding implementations of open source often take big risks when it comes to code
the costs that go along stability, unreliable technical support and potential license infringement.
with deploying and That’s why ActiveState developed enterprise-level language distributions for
maintaining open source. Perl, Python and Tcl that have become renowned for quality and are now the
defacto standards for millions of developers around the world. Like all open
source code, ActiveState language distributions are provided free to the
community, but can be enhanced with a comprehensive software, support
and maintenance package.
Investing in enterprise-class supported open source language distributions
ensures that your open source costs won’t spiral out of control.
Cause and Effect Diagram for Hidden Open Source Costs
Open Source Spiraling
Licensing Issues Development Brain Drain
Costs
Mismanaged Open source Your in-house open
open source consultants source expert leaves
licenses result in blow the project for a rival company,
a lawsuit. budget. taking vital knowledge
with him. Over-Budget,
Late-to-Market Enterprise
Software Development
Open source projects
Projects
Can the open source operate on their own
community rapidly schedules, putting
respond to urgent your development
security breaches? project way behind.
Unreliable Technical
Schedule Creep
Support
8. Open Source: What is the Total Cost of Ownership? 8
Make Sure Open Source Pays Off for You
As discussed, there are plenty of good reasons to use open source including
agility, flexibility and competitive differentiation. Saving $5 today isn’t one of
If you’ve already got them. If you’ve already got open source deployed in-house, you know there
open source deployed are lots of hidden costs: maintenance, updates, security fixes, major bugs,
in-house, you know there keeping up-to-date with important issues. Running open source in-house can
are lots of hidden costs: be a strain because, frankly, a lot can go wrong.
maintenance, updates, Make sure open source pays off for you. ActiveState Enterprise Distributions
security fixes, major bugs, of Perl, Python and Tcl eliminate concerns about maintenance and labor
keeping up-to-date with spiraling out of control; all the tedious, unpredictable work is already
important issues. complete, tried and tested. Additionally, a fixed support price puts an end to
hidden and soaring costs.
Reduce Complexity
Complex integration issues are commonplace in open source and can lead
your engineers down an unfamiliar and potentially risky path. Even if they
become familiar with the language cores, they’ll soon discover that working
with all the modules involved demands a much higher level of expertise.
Don’t let your engineers waste development time keeping your open source
platform up and running.
Using quality pre-configured, pre-tested Perl, Python and Tcl builds can save
months of developer time. Enterprise distributions also aid faster software
development by eliminating the time it takes to build, test and maintain your
own distributions.
Get Expert Advice
Turning in-house staff into open source experts can be time consuming
and costly, often at the expense of your own software project. Even if your
developers become open source experts, you’ll need to keep them
Close to 100% of ActiveState Enterprise and their intellectual capital in your office in order to protect your
customers renew their subscriptions investment. Will you have to pay them more to stick around? If they
year after year because it saves them leave, will you be forced to hire expensive open source consultants?
time, money and the worries of unsup-
ported open source. With ActiveState Enterprise Distributions you get access to some
of the industry’s foremost experts. ActiveState developers are
supporters and contributors to open source languages and maintain
active relationships with the open source community. Your developers can
focus on their core competencies and lean on dedicated language experts for
design and development advice for all your Perl, Python and Tcl requirements.
You don’t have to become an open source expert; ActiveState has you
covered.
9. Open Source: What is the Total Cost of Ownership? 9
Have Someone to Turn To
Supported open source language distributions combine the flexibility of open
source with dependable support agreements. If your customers count on you
to deliver problem-free software, waiting to get answers from an open source
community with no financial incentive to help you becomes a serious liability.
ActiveState support subscriptions are priced considerably lower than the
cost of hiring one qualified engineer, and much lower than the cost of a
core expert. As part of ActiveState’s Enterprise language distributions,
customers receive unlimited support incidents each year. Find out more about
ActiveState support packages at www.activestate.com/support_resources/.
Deploy with Confidence
ActiveState’s premium ActiveState’s premium open source language builds are created, quality
open source language assured and maintained with exceptional expertise that can’t be replicated
builds are created, quality in-house. Pre-configured, pre-tested Perl, Python and Tcl builds are renowned
assured and maintained for quality and are now the defacto standards for millions of developers
with exceptional expertise around the world.
that can’t be replicated Enterprise distributions help you build software faster by eliminating the time it
in-house. takes to build, test and maintain your own distributions. In addition to getting
to market faster, ActiveState’s quality guarantee boosts confidence in your
commercial software project.
Mitigate Risk and Prevent Legal Exposure
When you use ActiveState enterprise distributions—ActivePerl, ActivePython
or ActiveTcl—you can obtain out-of-the-box OEM licensing packages that
will protect your company from legal exposure. ActiveState enterprise
distributions are guaranteed to comply with all licensing requirements, so you
can deploy your software worry-free.
What Are the Next Steps?
There are lots of great reasons to use open source. But, don’t get won over
by the cuddly, not-so-free puppy. It will inevitably become a full-grown hound
that needs and costs more than you might be able to afford. It’s only after you
download open source software and start using it that the real costs become
clear. As open source guru Jamie Zawinski said about Linux:
Linux is only free if your time has no value, and I find my time is better
spent doing things other than the endless moving-target-upgrade
dance.
10. Open Source: What is the Total Cost of Ownership? 10
Before open source becomes your new “pet” project, talk to ActiveState
open source experts to get a full understanding of the true cost of open
source ownership. ActiveState will walk you through the technical cost-
benefit analysis and can make recommendations tailored specifically for your
business. Don’t get sucked in by the cuddly open source puppy unless can
guarantee it won’t become a rabid dog.
Register today for a complimentary consultation with an ActiveState open
source language specialist. Email kendrap@activestate.com or call 778-786-
1134.
Who is ActiveState?
ActiveState has been a player in enterprise-level open source distributions
since 1997. The company’s developers are supporters and contributors to
open source languages including Perl, Python and Tcl, and maintain active
relationships with the open source community.
ActiveState creates professional software development tools, programming
language distributions and business solutions for dynamic languages, and
practical tools and applications for social networking platforms.
It is owned by its employees and Pender Financial Group, a private merchant
bank focused on technology in British Columbia. For more information, visit
www.activestate.com.
11. ActiveState Software Inc. Sales
1700–409 Granville Street enterprisesales@activestate.com
Vancouver, BC V6C 1T2 Phone: +1.778.786.1101
Phone: +1.778.786.1100 Toll-free in North America
Fax: +1.778.786.1133 1.866.510.2914