Is open-source software evil? -

Is open-source software evil?


At first glance, open-source software seems like a good idea, but in the end, there are several properties of open-source software that just might make it evil.

Developing software, especially embedded software, is one of humankind’s most complex and costly activities. As a result, many teams look to decrease complexity and cost by reusing as much software as possible, including free, open-source software. The 2019 Embedded Market Survey found that 24% of the respondents reused open-source code. At first glance, open-source software seems like a good idea, but in the end, there are several properties of open-source software that just might make it evil.

First, every open-source code base comes with a software license. The software license tells the developer how they can and cannot use the software. Many open-source projects today use an MIT license, allowing the software to be used for practically anything at no cost and with no strings attached. Unfortunately, not all code bases are like this. There are licenses out there that allow for unrestricted use for personal projects. Still, if the code is used commercially, any changes and sometimes even the new associated code must also be open sourced. If a developer, manager, etc., aren’t paying close attention, they might legally have to open-source their intellectual property. Evil?

Next, as an American, doesn’t free software go against the very core of our capitalist existence? We promote the inventor, the entrepreneur, and the companies that grow to be industry leaders and titans. The very idea of paying for software might very well get an engineer laughed out of the office. Why do we refuse to pay for commercial software and instead rely on open-source software? I’ve seen in many companies the push to use free open-source software isn’t because of better quality, shortened time-to-market, or improved customer experiences. From what I have seen, the big push seems to be corporate greed to maximize profits. Why do companies expect everyone to pay top dollar for their software when they are unwilling to pay, donate, or contribute to themselves? Evil?

Finally, open-source software is often functional but not necessarily robust, thoroughly tested, or even fit for use the way developers want it. For example, an industry favorite open-source library is FatFS. FatFS provides an easy-to-use file system integrated by many microcontroller vendors so that developers can have a file system available out-of-the-box. It pains me to pick on FatFS because it is so functionally sound and useful. However, if you start to look under the hood, you’ll discover many potential quality issues.

Figure 1: The McCabe Cyclomatic Complexity range count for the base FatFS code distribution functions. (Source: Author)

For example, if you analyze FatFS for function complexity (Cyclomatic Complexity), you’ll discover that the complexity distribution for the functions looks like Figure 1. Overall, most functions are relatively simple and have a low chance of having bugs or having bugs injected if any changes are made. However, there are seventeen functions with complexity more significant than 10, with five functions having a complexity greater than 20! What functions do you think those are? The ones most often used by developers as shown in Table 1. Evil?

Table 1: FatFS functions with a Cyclomatic Complexity of 20 or higher. (Source: Author)

So, is open-source software evil? I would argue no; however, I would encourage every team who wants to rush out to GitHub and leverage every piece of open-source software known to humankind to pause and proceed carefully. You never know what you’ll get, and you or your customers might just be worse off in the end. At a minimum, schedule the time to analyze your open-source software and test it to ensure it meets your needs. Just because someone gives it to you for free doesn’t mean it will meet your requirements.

What do you think? Is open-source software evil?

Jacob Beningo is an embedded software consultant who specializes in real-time, microcontroller-based systems. He actively promotes software best practices through numerous articles, blogs, and webinars on topics from software architecture design, embedded DevOps, and implementation techniques. Jacob has 20 years of experience in the field and holds three degrees including a Masters of Engineering from the University of Michigan.

Related Contents:

For more Embedded, subscribe to Embedded’s weekly email newsletter.

3 thoughts on “Is open-source software evil?

  1. The basic premise of this article seems to be that “you get what you pay for”, that is, not much if you get “free” open source software. In contrast, the closed source software being so expensive must somehow automatically be of a much higher quality. I would argue that it is not necessarily the case.

    Of course, there is so much “free” stuff on the Internet, that indeed a lot of it is of questionable quality. But the popular open source software with history and track record gets a lot of use and this combined with the inherent transparency of open source is indeed the best guarantee of quality you can get.

    In contrast, closed-source, proprietary software often hides behind secrecy. This might range from just poor quality, as exposed for instance in the Toyota unintended acceleration lawsuits, to outright fraudulent software involved in the “Dieselgate”. My experience has been that proprietary software is generally of surprisingly low quality, mostly due to the lack of transparency. This includes even proprietary software somehow certified to functional safety standards.

    The second aspect touched upon in this article is the distinction between permissive licenses (like BSD, MIT, Apache) and restrictive licenses (like GPL). The point being made is that the restrictive licenses are somehow “evil”.

    Of course, everybody likes “free beer”, but in the long run permissive licensing is not what people really want. Permissive “do as you please” licensing creates no incentives to support the ongoing development, tends to fragment the community, and often creates resentments among the contributors. Linus Torvalds used to say: “Over the years, I’ve become convinced that the BSD license is great for code you don’t care about”.

    In the era of “great resignation,” many software developers look for independence. Open source could be one of the keys to a profitable, sustainable software business. For example, software businesses should consider the “Single-Vendor Commercial Open-Source Business Model”:

    Log in to Reply
  2. The article appears to be blaming not doing standard due diligence required for any project on a potential component being open source. For example, with your first “evil” point, you should be getting an IP lawyer to check your project regardless of whether or not you intentionally added open source libraries to it.

    Was the intention to pick a click bait title and contort some content around it?

    Log in to Reply
  3. No, it’s not evil and it doesn’t go against any capitalist ideals because it is VOLUNTARY. No one is forcing you to use it.

    Log in to Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.