The Double Edged Sword of Very Popular Open Source Software

I've been involved with content management systems (CMS) now for 16 years. I've been through all the "proprietary" vs "open-source" arguments. I've argued and defended the case of open vs. proprietary with countless clients and competitors.

My stand has always been that, if the software product does exactly what you want it to do, and you have the support of an excellent vendor, and the core components (database, CSS, HTML) are freely available and widely used, then platform is secondary and shouldn't be ruled out because its not open source.

And back in December 2014 something happened that supports my position against "just because it's open and big its a safe bet".

Wordpress is the biggest player in the content management space today with 70 million web sites running on their platform had a major vulnerability discovered.

Its another case of "the bigger you are, the larger the bulls-eye on your back."

In December a "Russian malware called SoakSoak" infected 100,000 Wordpress sites. It's reported that a slideshow plug-in  opened the vulnerability. More on the issue here.

So, what's my point. Don't always buy into the argument that large, open source software is better than smaller, proprietary platforms. Consider this before you decide:

  • Does the product do what you need it to do?
  • Do you see value  - technical, budgetary, experience, or market - in the vendor?
  • Is the code sitting on top of a widely used database and have a large pool of knowledgable coders?

If the answers to all three of these are "yes", then I wouldn't let the "I must have open source" argument drive your decision. There are many excellent, smaller platforms out there today - and in some ways - they are more immune from attack by virtue of their being under the radar.