If I use open source then does it mean that
...everyone will have access to our data?
...we have to give our data to the organisation which provided us with the software?
...anyone can change the code and introduce defects in our system?
These are real questions that get asked by our non-profit customers. We usually take a step back and discuss what is software, how its ownership works, data, and hosting. Here, we take the same course and try to explain these in as simple terms as we can.
These questions are not about licensing but about the overall "customer experience" of open source specifically about "open source" "software" and "reusable products".
In this article, we deal with work-software-products that are used by organisations (like donor management system, accounting systems) and not by individuals for personal or official use (like Microsoft Office, browser, WhatsApp etc.).
Let's start by understanding what software is. Each software project exists in two forms - as passive source code in forms of text files, and as a running package on the server or one's device. Please see the diagram below.
Let us expand the server a bit to see that the server also has your data stored in the database.
The power of software, unlike physical goods, is that it can be copied any number of times - provided it is functionally reusable (e.g. an organisation's website code is likely to be not reusable for other companies). Hence, we can provide it to multiple organisations at almost no additional cost. But, when we do that it is important to note that each organisation has its servers running the software and their databases.
Now, let us get back to the top part of the above diagram i.e., the three arrows. Even though the software can be copied an infinite number of times, there are legal and commercial restrictions to it. The organisation which owns the software programs decides who gets the software - usually with permission and fees. The other difference is that the organisation usually provides only the installable files and not the source programs. This is because mostly the customer organisation doesn't have much use for the source code.
Let us look at the ownership of each of the pieces now.
Now, let us look at how it works in case of open-source software. The software source code and installable files are available free of cost publicly and anonymously. That is, you don't need to pay anything, take any permission, nor do your need to tell anyone. Like, commercial software earlier, you retain the ownership of the server and database.
With that context, let us try to answer the questions at the top of this article.
1. Does open source mean everyone will have access to our data?
As you can see from the diagram above, there is no relationship between your data and whether the software is open source or not. Your data is owned by you.
2. Does open source mean we have to give our data to the organisation which provided us with the software?
Again, as you can see in the diagram, the open-source software provider (community) doesn't impose any such conditions on the users of their output. While they would like attributions, it is not binding.
3. Does open source mean anyone can change the code and introduce defects?
Anyone can copy the code and change it. Let us look at what would happen in this case. The diagram below has a couple of examples of such copying - one by another open source community or by someone in your organisation. On the question - other people can make changes to the code but to their "own version" of it and their version generates their installers. It doesn't affect the software that you are running from your provider (Community 1).
One of the goals of this publication is to reduce information asymmetry between software providers and non-profits. There are several misconceptions about open-source, which are not in the interest of non-profits. We believe that given the public nature of the work, open-source and non-profits are naturally aligned with each other. Finally, if there are other topics/questions about open source that you would like us to write about, please do contact us.