Open source software quite literally means software with open source code, which allows developers to modify, build upon, and share because its design is publicly available.

Open source has many benefits, some of which we dug into here, but many of its positive characteristics and traits like transparency, collaborative environments, community, early and often releases, security, longevity, and meritocracy can often take a backseat when projects are underway.

We were on Twitter when we saw Brian Vaughn — -@brian_d_vaughn — ask the great question:

What’s the greatest lie of open source?

While we already published our favorite replies on Medium we thought we'd dive into some of the themes that became apparent in the comments.

Meritocracy

The idea of meritocracy within open source is that the best projects, code, and developers rise to the top. They are rewarded and thus get more opportunities.

From Ashe Dryden at Ada Initiative - "We prize the idea of meritocracy and weigh merit on contribution to OSS. Those who contribute the most, goes the general belief, have the most merit and are deemed the most deserving. Those who contribute less or who don’t at all contribute to OSS are judged to be without merit."

She further describes the issue with this "Meritocracy creates a hierarchy amongst the people within it. Some of those at the top or striving to at least be above other people have been guilty of using their power... and that they use against others directly and indirectly. This creates an atmosphere where people who would otherwise be deemed meritorious within this system choose not to participate because of a hostile, unrewarding environment."

She wrote a great article on the ethics of unpaid labor and the open source community which you can see here. Beyond general open source projects, those that are being pushed by specific corporations, or those that have ulterior motives can dramatically affect the idea of their being meritocracy within open source.

One quote from the prviously mentioned Twitter stream that sums it up sarcastically was herm.wong when he wrote “Are you suggesting that people that run open source foundations can be just as political as people that work in organizations.”

While not always the case, it is obvious that the idea of meritocracy within open source can be challenged, at least on a project basis.

Career

Below are a few of the tweets from the original Twitter thread on how open source is related to career opportunities.

From @zedshaw — “Implied lie: If you work for free on their code it will improve your career.”

From Daniel Schildt— “That people can’t get hired if they don’t do open source software. (Most don’t need OSS experience, even while it can be helpful for learning.) A lot of people who do OSS don’t get jobs, even when they are definitely trying their best to show their skills. It isn’t enough.”

In the previous mentioned artice by Ashe Dryden, the idea of contributing to open source as a requirement for a career came to light. She published someone else's tweet that read - "NO ONE IS FORCING ANYONE TO CONTRIBUTE TO OPEN SOURCE." And she went on to write the following:

"While that on the surface is true, the imposition is there. Many jobs require open source contributions to even consider a candidate.

@ashedryden also isn’t it kind of weird to expect people to do work outside of work as a basic requirement?
— Jeffry van der Goot (@jvdgoot) October 30, 2013

Further, deciding that someone is a good programmer based solely on their publicly available code excludes far more than marginalized people. It also excludes anyone who can't release their code publicly because of licensing or security reasons. This also includes a large number of freelancers and contractors who are unable to publicly claim that they worked on a project for legal reasons (NDAs, for instance)."

Cost

From Addy Osmani — “That it’s easy. Open-sourcing code is just the start of a long journey. If someone is lucky enough for a project to take off, maintenance & support have very real time and emotional costs. This isn’t always clear when looking at star counts.”

From Becca Liz — “That there is an unlimited supply of people who will write and review code for free. Most successful OS projects need a funding source to survive.”

From Koen Bok — “That contributions are frictionless / free”

From @Makdaam — “It is free. Free as in ‘free puppies’”

To further the sentiment of these thoughts, Andy Jordan of Information Week stated the following "Open source software isn't free, whether looked at in terms of hard dollars or in missed opportunities." While the software may be free he points out the following:

  1. Companies still need the hardware and IT infrastructure to run it
  2. You might have to upgrade to a paid version or purchase add-ons or extensions
  3. Business solutions will likely need a lot of additional development time to make sure the open source solution meets the original vision
  4. It's very much DIY - development and customization require huge time commitments from any enterprise that chooses the open source pat

Maintenance / Security

From @olivtassinari — “A closed issue equals a solved problem.’

From nullvoxpopuli— “That ‘someone else will fix it’”

From Hiku — “But perhaps the biggest lie is that open source software is more secure because it has more eyeballs on it. Bullshit. Most js libraries are run by 1 or 2 people, security is their last concern.”

From Belén Curcio — “That it is safe code because the codebase is open.”

From Jeff Cross — “Projects controlled by big tech companies are at lower risk of being abandoned”

These seem to be common issues throughout open source adoption, more specifically for the companies deployng the software. Datamation writes - "According to the Black Duck survey, nearly half of enterprises don’t track their open source code. That makes it very difficult to keep patches up to date. If researchers find a vulnerability in an open source project, companies may have that same bug in their internal applications and not realize it. In fact, about a third of companies don’t even have a process for tracking or fixing security vulnerabilities in the open source code they use... Many companies find themselves using several different versions of the same tools, which can lead to compatibility problems, confusion and poor performance."

Andy Jordan of Information Week also stated the following challenges related to open source maintenance and security:

  1. When something goes wrong, you can’t just call a toll-free number and have a trained, professional technical support rep walk you through it.
  2. While one of the alleged benefits of open source is access to support from a large user community, it’s your responsibility to search for the specific help you need. The sheer amount of information can be overwhelming; think searching on message forums with thousands of posts going back years.
  3. However, just like proprietary software, open source solutions require oversight from your technology owners; they cannot be installed and forgotten.
  4. This lack of defined processes and established baselines causes problems across the board (just ask Equifax), but it is especially problematic when dealing with open source security tools. Without establishing a baseline of normal network activity, it’s impossible to detect the anomalies that indicate a cyberattack.

And there was this from the Twitter thread…

From Claudio Cicali

Now let’s do “What’s the greatest lie of expensive, corporate closed source solutions?” please

So I think we will. If you liked checking out the responses make sure to check out the full thread on Twitter. And if you want to continue exploring open source, follow our blog here and make sure to sign up for the Snipply beta here to boost your productivity.

Suffering from editor fragmentation and collaboration headaches resulting from it? Love using Excel but hate Sheets? Want to put an end to your team’s friction over Office and G Suite? Join our waitlist here.