The open source movement has significantly changed the software industry over the last decade. Nowadays, open source projects are available for almost any functionality you can imagine. That gives everybody a lot of freedom; businesses as well as individuals, because there are many alternatives to choose from. So, when a business makes a decision to choose a software for its product or operation, what criteria should be considered?
Well, there are several: costs, quality, security and feature completeness. Depending on the use case, some will be more important than others.
However, when businesses integrate 3rd party software into a customer-facing product, there is a strong motivation to choose software that is backed by a company and here are the reasons why:
Usually comprises of a one-off integration cost plus running costs:
Total Cost = (License Fee) + (Integration Cost) + (Maintenance/Support/Bugfix Cost)
Open source projects that are not backed by a company, often provide liberal licenses. So the License Fee is zero, but they DO NOT provide any integration help or a guaranteed maintenance bugfix service. This means a business will need to spend its own resources to maintain, support and fix bugs which regularly significantly exceed the initial estimations and end up as a notable expense.
On the other hand, open source software that is backed by a company often does both. This drives the total cost down, and sometimes substantially lower, compared to non-commercial projects, despite the fact they charge a License Fee.
Security, user base and brand protection
Any software is vulnerable to future security attacks. Nobody can guarantee their software is completely bug-free. When a security research group finds a vulnerability in a software, they contact the software vendor, and after some period (usually 90 days) the vulnerability is made public. Releasing information about a security hole brings a major risk to businesses, since a hacker would have potentially all the information to compromise vulnerable systems. It is critical that a business takes action prior to the vulnerability release.
Let's look at the case of when a security hole is found in an open source project which is not backed by a company. Depending on the project activity and size, a security hole may or may not be fixed promptly - there is no guarantee. But most importantly, such a project will NOT explicitly notify its users about the issue, since the project owners do not have an exact idea who their users are. So, a business that uses 3rd party software not backed by a company risks to find out about a security hole at the time when the vulnerability information goes public - and that's too late.
On the other hand, when an open source project is backed by a company, fixing the security hole and notifying customers is a top priority, long before the vulnerability information goes public. In that case, the user base and corporate brand would stay protected.
All in all, if you're a business and want to integrate 3rd party software into your customer-facing product, choose software that is backed by a company.
At Cesanta, we develop best in class software for network communication: Mongoose Embedded Web Server Library. It is open source, and backed by a commercial entity - us! Our goal is to keep them as the best on the market and make sure we taking a load of managing network communication issues for our customers, so they can take care of their own product development plans.