At times simply referred to as Open Source or Free Software meant to be used for free and to be modify or even share. Features of open code from various community developers and are able to view, create new functionality, and fix the bugs. There is a lot of great Free Open Source Software (FOSS) for identity ranging from client and server software, web software and mobile software, libraries and plugins.


FOSS software PROS

Free to use and try before you commit: The cost of the commercial software can be exorbitant for many organizations specifically those that are looking for internet scale IAM platforms. Yes, FOSS will still cost in terms of implementation time and consultation. So it’s not entirely free by definitely cheaper than commercial software.



  • Innovative and open standards: FOSS software has also proven to be very innovative with fast release cycles than the commercial software. Working with more developers with different backgrounds and skill sets is more like to lead to great innovative ideas.  
  • Fewer bugs and faster fixes: The FOSS development methodology makes it even more compelling to use. According to Jim Whitehurst, CEO of Red Hat, has asserted that FOSS is the best development methodology—that it results in the best available software. Research in 2014 showed that open source software had 0.61 defects per 1000 lines of code, while commercial code had 0.76!
  • Skills (Training): Due to its ubiquity and cheap to acquire and use there are more people who can use and learn the software. It is easier for beginners to get hands-on experience with FOSS, which translates to more people getting trained. This means organizations can find more candidates whether recruiting an initial team or replacing members of an existing team.
  • Support: Free publicly searchable support for FOSS is an added advantage. It much quicker and simpler to Google a question and use online support community groups than to open a support ticket with a vendor? FOSS communities offer an alternative to support from a vendor. And as a last resort, you can always look at the code. Developers are used to this process and are frustrated when commercial support is the only option, which frequently leads to less content.
  • Better Security: A side effect of the above point is that open source software is more secure overall. Since the security of proprietary software vendors depends to some extent on their source code being opaque, it does not follow that security bugs are not present in their software. It is more probable that the security holes have simply not been found yet.
  • Avoids Vendor Lock-In: Except in the case of COSS, there is minimal reliance on a single vendor or group for continued improvements, maintenance and support for open source software. Additionally, since the open source community is distributed and diverse, there is little risk that you will end up holding orphaned software, which would be the case if the proprietary vendor were to fold or abandon their project.



FOSS software CONS


  • Minimal Support Leverage: Large open source projects have a vast, supportive community that provides documentation, tools and support systems to back up users of the software. Free support is not always the fastest support, however, especially if the enterprise is seeking a solution to a thorny problem resulting from seemingly random code bugs, design flaws or integration difficulties. Larger enterprises with the ability to pay for top-tier support packages can expect prompt and detailed attention that is rarely available from open source communities.
  • Usability: Open source projects, even COSS, are complex packages of software that are not as closely aimed at markets of unskilled end users as is much proprietary software. Unskilled users will never look at the source code let alone compile it. This aspect explains why open source Apache Web Server is the leading deployment in data centers, but desktop Linux has barely penetrated the PC market where alternate, easy-to-use products already exist that do not have to compete based on high performance metrics.
  • Increased Business Risk: Aside from Red Hat, large financially strong open source software vendors are few and far between. Although great products may come from smaller, more nimble companies, there is a significantly higher risk that they will not be there when you need them the most.


Commercial Software

Also known as proprietary software, developed by a specific company to solve a particular problem, licensed and sold to individuals or organizations.

Commercial software PROS


  • Usability: Commercial, proprietary products are typically designed with a smaller scope of features and abilities. They are focused on a narrower market of end users than those products developed within open source communities. Commercial vendors’ users may include developers utilizing a firm’s APIs and libraries, but they are just as often to be composed of application users more concerned with ease-of-use and functionality than how those aspects are accomplished behind the screen.
  • Product Stability: Proprietary software vendors must, if they are to survive, maintain tight control of their product roadmap. Their products are designed from the start to nurture a long and prosperous future with many paid upgrades along the way. Putting aside the arguments that proprietary software can become stale if not re-architected at regular intervals, in general it exhibits a stability that often exceeds that of open source software.
  • Ownership: A company building upon proprietary software may pay a bigger fee for acquisition, but typically that acquisition includes full rights to the ownership of their own software product and the expectation that the vendor will promptly supply them with updates, bug fixes and revised documentation as new product versions are released.


  • Tailored Support: Customer support packages from larger closed source vendors are specifically designed and fine-tuned for their own products over many years. Since the scope of their software is typically narrower than that from open source projects, training and after-sale support is more complete, accessible and succinct. There is a huge difference between posing questions in an online open source forum compared to receiving support directly from technical reps or consultants from a proprietary software firm, especially at integration time.


Commercial software CONS


  • Total Cost of Ownership (TCO): This is the measure of all the costs of identifying and acquiring software, installing it and operating it, and finally the exit costs found in migrating away from the software. This includes the relationship of the software to the organization’s broader set of technology platforms, installed systems, culture and skills base, and strategic goals, as well as the ability to access market and community based services and support. The cost of ownership is usually high with the commercial software because of all the licensing (initial and renewals), maintenance and the cost of obtaining skilled professionals with the right experience on the proprietary IAM solutions.
  • Vendor Lock-in: Most commercial software companies build solutions to work well with their technology ecosystem i.e. their infrastructure, other software and the protocols used. This might result in a situation where you will need to purchase of the vendors supporting solutions to have a working solution and it will also make it very difficult to move away from the vendor creating a vendor lock-in situation. FOSS solutions are built on open standards making them easy and connect with other technologies easily.
  • Dependency and vision mismatch: Customers of closed source software companies are more or less at the whim of where their software supplier wants to take them. They have minimal influence, unless they are their number one customer, of influencing the vendor’s priorities, timelines and pricing structure. To change vendors once their software has become embedded within your enterprise is likely to be prohibitively expensive.
  • Software Opacity: By definition, the internals of closed source software are closed to viewing. Users of this software are unable to modify the code let alone debug it effectively. They are only able to supply error codes, messages and dump stacks to the vendor and wait for a fix if there is no existing workaround or patch. Such fixes may not be anywhere near the top of their priority list. This opacity also means that it is usually more difficult for customers to make customizations or optimizations in their final product.