Feb 6th, 2009, 09:39 AM
When not to Open Source?
Most likely I'm asking the question in the wrong place, but worth a shot .
Can anyone advise when not to Open Source a solution? This meaning developing a solution and making it Open Source, rather than adopting Open Source solutions.
This is something I'm trying to get an understanding in the limitations of adopting Open Source when developing a solution.
I'm concerned around cases such as:
- Is it okay to Open Source a solution that is developed against a data source or system that contains sensitive data (such as National Insurance numbers, financial details, etc.)?
- Could it put a risk in competitive advantage?
Are there any other factors that could impact the adoption of Open Source of the solution?
Mar 12th, 2009, 09:51 PM
Are you asking about when to use/not use Open Source components, or are you asking about when to provide your actual project as an Open Source project.
Mar 19th, 2009, 11:15 AM
I'm asking about when to provide an actual project as an Open Source project.
Mar 19th, 2009, 02:22 PM
Other factors to consider:
Originally Posted by shahnawazshahin
- is it generic enough to be useful elsewhere?
- what is the reason for open-sourcing?
* more eyes for testing?
* more hands for development?
* more minds for problem solving/ideas?
* will anyone else be interested in those roles? what incentives will attract them?
- Do you want to retain control?
* have final say on what is committed?
* have final say on what ideas are included?
* have final say on release cycles?
* have final say on backwards compatibility etc. after first public release?
As to your original two points, does the project really have anything to do with sensitive data, or is the use on sensitive data just one way that the project could be used? (i.e. do you need to actually expose that data?)
As to competitive advantage, do you currently have something already in this space? Is it currently providing you with an advantage, or does the advantage come from data that it uses that wouldn't be released? If you currently have software how reliable is it? How hard (cost/time) would it be for a competitor to imitate?
Mar 27th, 2009, 11:14 AM
Thanks for your valuable input.
With regards to sensitive data, if a solution is open source that could potentially expose the data model of, say, a financial system holding bank account details?
Mar 29th, 2009, 02:21 PM
Exposing the model should not be a concern from a security perspective.
The questions I'd ask would be is the model reusable? Is it likely that a competitor would come up with a similar model (or already have one)? Is the model 'clean' (i.e. is it just the model being exposed or does it have some additional functionality tied in that may be a risk to expose)?
If you came to the conclusion that the model couldn't be exposed then I'd ask, could you inject a model into the framework (i.e. open source the framework with interfacese for a generic model, and keep your specific implementation private)?