How to Use Open Source Code in Proprietary Software
You’re probably leveraging open source software in some way or another. After all, much of the internet was built on open source technology. This includes the Linux operating system, the Apache web server application, and even GitHub repository hosting.
But teams aren’t just using open source software. Some teams are even leveraging open source code for use in proprietary software.
What Is Open Source Code?
Open source code is source code that is made available for anyone to use — for free. Open source is typically supported by a community.
But there are some commercial options available for open source. These include:
- Dual-licensing (open source and proprietary).
- Professional services (such as OpenLogic).
- Software as a service (selling subscriptions).
Using Open Source Code in Proprietary Software
Many development teams use open source code as building blocks for proprietary software. In fact, a 2018 report found that 96% of applications have open source components. And the average percentage of open source codebases in applications grew from 36% in 2017 to 57% in 2018.
If you’re considering leveraging open source code, you should carefully consider the pros and cons.
There are some significant pros to using open source code in proprietary software development.
The biggest pro by far is to speed up development while adding little to no cost.
For example, you need a source code editor inside your own project. You could build a basic one yourself. Or you could use one of the best editors available today — the Microsoft Visual Studio Code open source project. It’s supported by hundreds of contributors. Using it would make your own project that much better.
There are other pros, too. If you leverage open source code as the building blocks for your project, it enables innovation for your developers. Instead of reinventing the wheel, they can think outside the box — and focus on the features that will set your product apart from competitors.
There are also some cons to using open source code for commercial projects.
Open source has strings attached. Most open source software falls into two licensing categories:
- Permissive (with few terms and conditions).
- Copyleft (with strict terms and conditions).
Most open source projects fall into the copyleft category, which can be more difficult to navigate. If you don’t follow the licensing terms and conditions, you could be sued.
Plus, open source isn’t entirely free. That is, while it’s free to acquire open source code, it’s not free to maintain and manage it. Your team will have to do that.
There are other risks, too — including quality, security, and maintainability. Open source code might not be held to the same standards that your development team is held to. It is largely reliable, because there are more eyes on it. But this transparency means that the bad guys can look at the code, too — and find vulnerabilities.
How to Use Open Source Code Wisely
Open source software is everywhere. And using open source code — and open source repositories — could help you accelerate development and reduce costs.
But how do you do it without risking the drawbacks?
It’s definitely possible. If you follow the right steps…
1. Find a Sound Project
Open source projects are not created equally. Some projects will be more reliable than others. And there are tons of options to consider for every type of open source component. For instance, GitHub alone has over 100 million repositories created by 31 million contributors.
As you evaluate potential code to leverage, ask the following questions:
- Who created it?
- Is it actively developed?
- Is it maintained?
- How often has it been downloaded?
Popularity indicates quality — and applicability of open source. If a project is popular (and has many contributors), it will likely have what you need for your own project.
Some projects are universal. Big name companies (Facebook, Google, Microsoft, Netflix) all have created popular open source projects. These become so popular that developers almost forget where they started.
2. Check the License Before You Use It
There are different types of licenses for open source projects. After you select a project, be sure to read the fine print. That way, you’ll know what exactly you’re signing up for — and avoid any potential violations/lawsuits.
3. Vet Security — Beyond the Community
Before you use open source components in your proprietary software, you need to know it won’t cause security risks. Selecting with an open source project with an active support community helps. That community can alert you to any security issues.
But the best way is to do security checks up front. Using a static analyzer can be useful here to identify potential errors (such as buffer overflow) that lead to security risks.
It’s also important to ensure security as you bring the code into the build. For example, if you use Jenkins, you can mirror or populate open source code into Helix4Git. That allows you to control the code more closely. Then you can execute security tests at appropriate stages of the pipeline.
4. Stay on Top of Updates
Any time the open source components you’re using get updated, you’ll need to ensure they still work properly with proprietary components. Staying on top of updates is key to avoiding issues.
Managing the code in a tool like Helix4Git gives you more control over when and how you adopt it into your product.
The Best Way to Incorporate Open Source
It’s important to use open source code wisely. It can give you many advantages as you develop your product. It can also introduce some risks. The steps we’ve outlined above are solid starting points for leveraging open source wisely.
But the best way to incorporate open source code into your product is to use the right tools.
Using Helix4Git (with Helix Core) makes it easy to bring open source Git code into your build safely. You can pull together code from multiple sources — GitLab, GitHub, Bitbucket, Helix Core, etc. — into a single workspace. And you can even have your digital assets and binary files in that workspace.
As a result, you’ll get a single source of truth in Helix Core — and you’ll be able to pull in open source code from Git.
Ready to learn more?