It must have come as quite a shock to users of Codecov – the code-coverage tool so popular with open source developers – that hackers managed to breach the software company’s app and steal the data of hundreds of its users.
How did the cybercriminals do it? Codecov is such a committed proponent of the open source movement that a few years ago the company announced it was making its own application open source. Now that they had direct access to the app’s source code, the hackers snuck in a malicious script that allowed them to steal users’ data.
On the bright side, though, those users had been enjoying Codecov’s tool for “free.”
How even free open source software can cost you
Yes, open source has its merits. Software tools built in an open source environment can benefit from the collective work of many smart coders. And the big one – the benefit that likely appeals to your company – is that open source database tools are typically free.
But are they?
Although you can obtain open source software applications, such as database tools, without buying licenses or seats, you could find your business paying for those tools in other ways. And those other types of costs could prove far greater. Here are a few examples.
1. Security vulnerabilities
Some argue that open source is at least as secure as a proprietary software tool because it benefits from an entire community of developers watching over its code at all times. But if everyone in the community is responsible for an application’s security, then no one is truly responsible.
Case in point: In early 2024, an engineer discovered – by accident – a Linux backdoor injection that was ready to carry out a massive cyberattack that could’ve compromised millions of systems around the world. In other words, even with the entire community of developers watching over the code at all times, only one person caught the breach – and only by chance.
The main problem with open-source software is that because of its distributed nature, a vulnerability can remain undetected for a long time.
– Security Today2. Longer to onboard
One lesser-known cost of using open source database tools is the additional time and effort businesses need to train their teams on using these applications effectively.
Because they often lack the intuitive interface that a proprietary software company can build – using the research and expertise of a dedicated product management department – open source tools often prove difficult for non-technical professionals to master.
This can mean that your business analysts and other non-developers who need a database tool to extract important insights will take longer to onboard on that application – and gain the full benefit of its feature-set – if the tool was built on an open source platform.
3. Less reliable support
If you’re using a proprietary database tool – particularly a database tool built and maintained by an industry leader – you’ll know exactly who to contact for questions and support. And with the right vendor, you’ll also have assured response times, often included as SLAs in your contract.
With an open source tool, however, you don’t have that direct channel to guaranteed support from a central vendor – because your tool has no central vendor.
If your team needs help with an open source database tool, they’ll probably have to toss their question into a large chat forum and hope someone responds quickly – or at all.
Consider the pros and cons of “free”
While open source database tools like Codecov offer appealing benefits such as cost savings and community-driven development, they also come with significant risks that your organization must consider. The recent breach of Codecov’s application highlights the potential security vulnerabilities in open source software, where the distributed responsibility for code maintenance can lead to undetected flaws. In addition, the onboarding process for these tools can be more time-consuming and a lack of reliable support can leave your team struggling to find timely help when issues arise. At the end of the day, you need to weigh these factors carefully to determine whether the advantages of open source tools outweigh the hidden costs they bring to you and your organization.
The case for closed source software
Review the case for proprietary/closed source software in this Redmond white paper.