InformatiQ

this is a shot at advocating opensource, well not really opensource but more on the right practices in IT as I see it

On launching new applications
The need for a new application at work arises when new requirements occur, maybe there is already an application doing part of the job but the needs are more or maybe their a new requirement in the work flow that needs a new application.
so now the decision is to be made, do we get an application or do we get a developer team to do that application!
For the sake of the discussion lets say that the company's website was already a static page with some text and now the company decides to take advantage of the new technologies.
So the requirements of the website have changed from a simple page to an easy to edit, dynamic portal and have a product catalog, maybe a shopping cart and a forum.
The decision now has to be taken between two options either getting a - ready made - package (proprietary or open source) or hiring a (either a team or one person) developer - custom work - (this also implies hiring a company) to do the work .

So let's investigate these options and see.

Before i go through with the investigation, let's agree that there are too many variables to this topic. Choosing the right team to hire or choosing the right ready made application is not covered here in this post. So I will assume that in both cases the manager have made the right choice, i will discuss that in a later post. The only comment I want to say here that hiring one developer and make him report to a non-technical manager is not a right choice, I hope that the following will demonstrate why.

Custom Work. The job seems pretty easy to the manager, so he will hire one developer and that developer will report to the sales/marketing manager because it's the sales/marketing manager who needs this website - that's the first mistake -
This developer does his research, gathers requirements and then starts implementing. Now he will either write his code or use tools that generate code such as Microsoft visual studio for example.
He implements the functions and beautifies it with some nifty design, site is launched everybody is happy, until something wrong happens !

Ready made package, the IT guy is instructed to find a good web application (probably a Content Management System) that will do the job. Searching will lead to a bunch of opensource apps and a bunch of proprietary applications.
He would chose one, study it, implements it, publishes the new website, everybody is happy, untill something wrong happens !

Now what could happen wrong?
Several wrong things could happen, maybe a broken function that wasn't used during the testing but let's assume that both solutions turned to have all the functions and no broken code.
what else? that's simple, someone would break the security of the website.
This could be getting unauthorized access to confidential materials, manipulating the contents of the site or maybe making it unavailable or many other ways of breaking it.
The least malicious would be to make it unavailable and the worse could lead to a server compromise.

Let's evaluate.

Maturity/Security
now what are the odds that this happens in a ready made application. and another created from scratch?
I'd give the custom application. no more than a week before it gets a successful attack depending on how much it is advertised this could take less or more time.
The ready made application. will have a longer uptime.
Why did I say that?
A custom application will be audited by how many coders and tested by how many users to be bug free and secure? no more than the team hired (so what do you think about hiring one developer now?) and for a very limited period of time.
While a ready made application is being tested and developed for a long time now that probably they have fixed most of the critical problems.
Custom applications lack the time the ready made application went through, the ready made app is more mature.

Scalability
adding a new feature to both applications will result in an equal amount of risk, since both new features probably have the same age.
but again testing on the custom application is not intense as on the ready made application.

Maintainability
In case of bugs, security flaws that occur afterwards, how will both be supported?
Custom applications are done either through a hired team or a software house, in the case of a hired team, this is your team on your payroll and will maintain the application for as long as you want, while the software house would only maintain it if it is an application that is deployed at several of his clients. Your team will cost you their payroll, the software house will charge you for maintaining it and that will vary depending on your negotiation skills.
Ready made applications are maintained by as long as they are being sold and patches/updates are usually released periodically either free of charge or through a contract.

So far I find the ready made application a better solution in the light of mentioned arguments and assumptions.

Now what about comparing open source to proprietary ready made applications?
Open source application probably have more developers and more testers than the proprietary app. , that's one thing the other is how fast can both camps release updates or security/bug fixes. what happens a security hole is discovered?
Definitely someone in the open source community will announce it and send it to the developers - that is if he doesn't fix it himself - and the bug could get fixed in a matter of hours.
This cycle is so much longer in proprietary software.

Open source application will not cost you a license fee, you can get it free of charge and hire a team to implement it or add more features to it (that is if no one in the community have done it before) and the big advantage here is that you have full access legally to the source code and you have all the right to tweak/audit/extend it.

When it comes to deploying an application i prefer to have full control over it and access to its internals, open source gives me this option, while in a proprietary i cannot have all this access.