Free vs. open source software - what's the difference?

The terms free and open source get used interchangeably but in reality they’re not the same

Although business may often use the terms interchangeably, there is a small, but fundamental difference between free and open source software that organizations should be aware of.

Essentially the same category of software, the difference lies in the values and beliefs behind their creation, which can affect licence implications and upkeep costs.

In a nutshell, open source is a development and distribution paradigm, whereas free (freedom, not zero cost) is a social movement. For software to be considered ‘free’, it must be possible to exercise the ‘four freedoms’: to make use of the programme for any purpose, to access the source code and study and change it as you wish, to redistribute freely copies of the software, and to distribute freely modified versions of the software.

Providing an API is not the same as ensuring users aren’t locked in: The difference between ‘open’ and ‘open source’

“The free movement believes the world should be rid of non-free – i.e. proprietary – software. Its ideology dictates that the user should be completely liberated from the controls of the software developer,” explains Zohar Babin, VP of Platform and Growth at Kaltura. “The open movement, by contrast, is about open access to software code. It’s practical, and far less political: it’s about getting access to the source code so that the user can modify and share it with the community. The open movement doesn’t advocate against one license or another, but rather promotes a practical approach where people can decide on what is most suitable for their needs ­– including proprietary options.”


Software to fulfil any business need

The growth of both types of software in the enterprise sector has been down to their ability to quickly deliver innovation through their collaborative approach, and today companies can find both free and open source solutions that will fulfil pretty much any business need. Three of the most popular uses of free and open source software are end user applications, operating systems and libraries, with many commonly used in the workplace, such as Linux, MySQL, WordPress, PHP and Apache.

“For some users being able to access the source code is important as it enables them to be part of an active community that is regularly committing updates to the project,” says Dave Page, chief architect of Tools and Installers at EnterpriseDB. “Additionally, as the software is not ‘owned’ by one company there is also less likelihood of vendor lock-in – an age-old problem in the enterprise software market. It also offers greater transparency, because one vendor is not attempting to protect IP.

“I would suggest that there’s hardly a business or industry today that isn’t using a free or open source piece of software,” declares Colin Domoney, consultant solution architect at CA Veracode. “Almost all business will be running some form of web or file server and there is a high likelihood these will be based on a free or open source implementation.”


Additional purchases necessary

In the majority of instances, whether consciously chosen or not, organizations will have likely chosen an open source product rather than a free one, as they’ll have purchased a licence or support.

“Often a supporting organization will offer a paid service to support and maintain such free software,” Domoney points out. “The user then has the choice of using either the free (unsupported) version or the paid (supported) version; this choice is often determined by the user’s skill level.”

Microsoft's increasing love affair with Linux - clash of computing philosophies or a marriage made in Heaven? Check out: Why does Microsoft Windows 10 need Linux?

Babin notes that not all licences are equal and not all projects the same – he believes that when considering new software, it’s important to evaluate merit against need. In reality, whether a piece of software is free or open source is unlikely to be a priority to business, they simply need to choose the solution, licence and level of support for their needs, and be aware of what they’re using in order to respect the relevant licences.

“What really matters is understanding each licence’s merits, respecting the terms and the project’s community norms. [It’s about] choosing the licence that will best meet projects’ goals; what best suits your business and the community you’re in,” Babin says.


How to understand licences

“Free/open source software is released under one or more licences, which determine the manner in which that software may be used, adapted or modified by the licensee (typically the end user),” continues Domoney.

“Some licences are very open and unrestricted and allow the software to be modified at will leaving ownership of the modified product with the licensee; however, some licences require the licensee to contribute the modifications back to the community to further improve the product for the greater good of the community. These are typically the GPL or ‘copyleft’ licences, sometimes considered ‘toxic licenses’ since they have implications from a commercial perspective.”

For those choosing a free or open source solution, Babin’s advice is start by understanding the difference between copyleft and permissive licences.

“The former requires that any derivative works continue to be licensed under the same source code licence as the original software, whereas the latter permits the inclusion of this software inside proprietary software, which is closed and where redistribution is limited,” he explains.


There are security concerns

Aside from the issue around licences, a big concern for businesses choosing software is security. Many may consider free or open source solutions less secure. Domoney explains that 88 per cent of Java applications when tested by Veracode contained at least one vulnerability in a free or open source component:

“The issue here is not that this third party software is less safe compared to proprietary code. Security flaw densities are similar regardless of how the software is produced. According to Veracode surveys over the past year, only 28 per cent of organizations do any kind of regular composition analysis to understand which third party components are built into their applications. If more than two in three organizations don’t even fully know which components they’re using, it’s not hard to comprehend that so many of them remain insecure.

“On the topic of whether free or open source software is more or less secure than proprietary – there’s no compelling evidence one way or the other,” he adds. “One danger however, is the perception that ‘somebody else’ has probably security tested the application, because so many developers can access the source code. In the case of the Heartbleed vulnerability for OpenSSL, vulnerabilities were not recognized by community developers. Development teams, therefore, need to have access to security feeds that pinpoint flaws disclosed in third party components being used in the enterprise application.”

But it’s also worth noting that the free and open source communities are actually helping to develop new and exciting cybersecurity systems. Take Apache Spot for example.

“With community developed and shared machine learning modules, this community is changing threat hunting from shared indicators to shared algorithms. It has raised the bar higher in terms of capabilities, while at the same time making machine learning accessible to every organization,” says Stephen Line, regional VP for EMEA at Cloudera.


Business considerations between free and open source

Clearly, when looking at free or open source software, there’s no wrong or right choice. However, organizations should understand what each entails in order to make an informed ‘purchasing’ decision. It is only by considering total cost of ownership, licence and security implications that can you can then determine the best software solution for the job.