The use of open source software (OSS) has exploded, and many companies are using it as the cornerstone of their infrastructure. When buying commercial vendor-supported software, you can expect the vendor to be in charge of the products’ upgrades, maintenance, integration and support.
By going the OSS route, this is no longer the case. Instead, you will interact with components built by different entities, individuals, or communities with different standards and goals. For example, the recent Log4j security issue led multibillion-dollar companies to request support from the project maintainers as they had a contract with them.
Companies need to put many elements in place to use OSS in production smoothly. Here’s how to get started.
Before committing to using an OSS project, you first need to complete a full audit: How many contributors does the project count? Are they individuals or organizations? Most OSS maintainers are volunteers, and their level of involvement is never guaranteed.
You are directly contributing to the open source space by working with vendors, ensuring that the OSS tools you are using aren’t going anywhere.
You also need to look at the project’s velocity. For example, how many open feature requests or bug tickets are there? How quickly does the community answer and get them pushed? The goal is to ensure that the project is being maintained and evolving.
Finally, you need to audit the actual code. Is it well-documented? Can it handle the use cases and scale that you need? Picking the wrong project could become a costly mistake in the long run. Countless growing startups that picked what looked like shiny OSS projects were later compelled to spend tremendous effort decommissioning and replacing projects that could not keep up.