๐ŸŒฑ
Strategy6 min readยทDecember 28, 2025

Open-Source Software: Pros and Cons

TB
ThynkBlox Team
Strategy

Why Open Source Won

Open source is the substrate of modern software. The benefits are decisive:

  • Velocity โ€” start with proven components instead of building from scratch
  • Quality โ€” the most-used libraries are battle-tested at scale
  • Cost โ€” no licensing fees on the components themselves
  • Talent attraction โ€” engineers want to work with familiar, modern tools
  • Vendor independence โ€” fewer lock-in dynamics

Where the Risks Are

License Risk

Permissive licences (MIT, Apache 2.0, BSD) are safe for most uses. Copyleft licences (GPL, AGPL) carry obligations that can affect your product. SaaS using AGPL components, in particular, requires careful review. New "source-available" licences (BSL, SSPL) are not OSI-approved open source.

Security and Supply Chain

  • Supply-chain attacks (xz-utils, npm typosquats, malicious package takeovers)
  • Dependency confusion attacks
  • Vulnerabilities in transitive dependencies you didn't even know you used

Sustainability

The xkcd "lone unpaid maintainer" problem is real. Critical infrastructure depends on people doing this in their evenings. Maintainer burnout, abandonments, and rug-pulls happen.

Operational Risk

  • Documentation quality varies
  • Support is community-based; SLAs are nonexistent
  • Project direction changes can break your usage

Practical Mitigations

  • Curate your dependencies. A smaller, deliberately chosen set is safer than the kitchen-sink approach.
  • SBOMs for every release โ€” know what's in your software.
  • Automated scanning for vulnerabilities and outdated packages.
  • License compatibility checks in CI.
  • Pin and verify โ€” exact versions, integrity hashes.
  • Sponsor your critical dependencies. It costs less than rebuilding them when they go unmaintained.
  • Mirror or fork anything truly critical โ€” protect against rug-pulls.

When to Build Instead

  • Component is core to your competitive advantage
  • Compliance demands you control the code path
  • The licence doesn't fit your distribution model
  • The maintainer situation is genuinely concerning

The Bottom Line

Open source is a gift and a responsibility. Use it wisely, contribute back where you can, and treat your dependency tree as part of your security perimeter.

*We help teams build sustainable open-source strategies โ€” including licence review and supply-chain security. Talk to us โ†’*

Ready to Build?

Let's turn these ideas into your next product.

Start Your Project
โ† Back to all posts