Are there any notable examples of business disasters directly attrutible to open-source software?

Question

In "enterprise" environments, I've observed a strong prejudice towards proprietary software. Even in large business that use Java, it is unusual to find MySQL or PostgreSQL, and WebSphere and WebLogic are strongly preferred over JBoss or Tomcat.

This is very understandable. While many developers prefer Tomcat or Postgres to WebSphere or Oracle DB, they are not the ones that make the final decisions in these matters. Whoever does make the decision regarding which DBs and application servers will be used in production will find that the licence fees seem quite small compared to being fired for choosing the free software that caused something really, really, bad to happen.

I'm not asking the question of whether Postgres is as good as Oracle. That's not the point. Oracle doesn't get chosen over Postgres after a careful considerations of features and benchmarks. Postgres doesn't enter the conversation, because free software isn't trusted in certain places.

I'm curious if this lack of trust came about in response to any specific events. So my question is this: Are there any documented cases of business calamities (failures, significant loss of revenue, significant loss of corporate data, etc.) that were shown to be the result of deficiencies in open-source software?

Clarification: If you have experience with enterprise level companies that fully embrace OSS, that have to prejudice in the matter but make choices based on the needs of the particular situation, then Good for you! Your experience doesn't change the fact that other enterprise companies have a very different attitude, and my question is valid even if these companies are in the minority.

Answer 1

Are there some prejudices, yes perhaps in some cases. For large organizations however this path to expensive proprietary application servers and other expensive software suites given them some advantages and securities that some rarely think about.

1) Support: Typically when a large corporation has million dollar software the support is built into the contract. I don't need to delve into the advantages of having application support.

2) Leverage: Expensive proprietary software, especially niche software have fewer clients and independent users. If a large corporate client decides not to renew a contract then it can seriously affect the bottom line of the vendor. Many of them use this leverage to push for features and fixes that they may not be able to influence into open-source software. The argument for open-source states that the large corporation can contribute its own changes and features into the project for the good of all, but that would involve developers time which they try to avoid.

3) Security: And I don't mean as in encryption and firewalls and stuff. Open source projects come and go, some are widely supported and surpass the proprietary software. Many fail or just lose contributors over time. If they are stuck with this software for 20 years down the road is the open source community going to continue to support this? With proprietary software, the money you pay as a client encourages the vendor to stay in business as long as you continue to pay him.

As far as a story where open source blew up in my companies face, a long running project that was started on an uncommonly heard of ORM mapper that was open source. The project just stopped as the main contributor died or something, then the company was left with an expensive refactoring effort to move to a proprietary library. It happens and these kinds of scenarios scare the crap out of large corporations.

Answer 2

I haven't ever heard of any problems that were the result of using an Open Source product. I think the reason for the concern isn't due to some historical failure, but something else.

When you use a commercial product for some task, and something goes wrong, you usually have someone you can call for support. That person (and company) usually has a vested interest in helping you resolve the problem, because if they don't help there's always the threat that you will stop giving them money.

With an open source product, whom can you call or contact? The community? Since you haven't given them anything for the use of the product, there isn't anything you can threaten to take away. You can file a report and hope that it's fixed in the next release, but it's very difficult to pass on a sense of urgency to a nebulous community of people volunteering their own time.

So, the open source product can be vastly superior to a commercial alternative, but at least in my experience, in a corporate environment where you have to plan for contingencies if something goes wrong with it, not having anyone to get support from is a big deal.

That's the barrier I've always seen.

Answer 3

I suspect that companies like Oracle are more relatable to other "for profit" companies; they can't imagine that an organization could turn out a product that's as good as Oracle without also having a profit motive. Of course, PostGres isn't entirely non-profit; there's a whole ecosystem of service providers available that will sell you support.

If you really want to know what the Achilles heel of any product is, you can do a Google search for "[name of product] sucks." It works for any product, including Oracle's. In PostGres' case, you find Postgres DDL Transaction Control Sucks, in which someone describes a hypothetical situation where data was lost on a test server. Of course, losing data is possible on any SQL database if it is mis-handled.

All that said, I haven't heard of any real calamities that have befallen companies because they decided to use an open source database. The quality of the software available in that space is quite good, rivaling and (in some cases) exceeding their commercial counterparts.

Answer 4

To counter the argument of OSS as risc factor I like to give the counter-example of SAP, which is often cited as a major factor in insolvencies of small and medium enterprises - one example is given here: http://www.intl-spectrum.com/article/359/Migration_to_SAP_from_U2_Causes_Bankruptcy_of_Company.aspx

This claims to be a list of the top 10 corporate IT failures: http://www.computerworld.com/computerworld/records/images/pdf/44NfailChart.pdf

It lists introductions of SAP products three times.

Answer 5

It's a case of using what is popular/established versus new and presumed less tested. Has anyone gotten fired for using Apache? I'm sure a few websites running it have been hacked to the point of costing money, but did they blame Open Source or those responsible for a poor installation? What is the ironclad propriety alternative?

The question is an attempt to defend one solution, so what is the problem?. Your company doesn't want to use open source software and their arguement of instability is not substantiated by any anecdotal evidence. Create a side project and prove they're wrong. They can pay you the money they save on licensing fees.

Most companies don't publish bad news, so you're lucky if you can get the dirty version from the street.