As the WordPress saga continues, CIOs need to figure out what it might mean for all open source

“Any of your vendors might go bankrupt” or get acquired, he said, and the answer to all of these problems is to focus on proper vendor vetting, looking especially hard at their supply chains. 

Even if an enterprise wanted to avoid open source, Gustavsson said, it is simply no longer possible, given how deeply embedded open source code is in everything from commercial vendors, including Microsoft, Google, Amazon, or IBM. “That train has passed a long time ago,” he said. 

As for the WordPress battle, Gustavsson said it is nothing new. “This is not the first time something like this has happened, and it will not be the last. The core of the controversy was put down in writing decades ago, using the phrase ‘free as in free speech, not as in free beer.’ There is a built in tension between open source ideals and profiting off it,” he said. “Talking about software in general, there is always a risk building dependency on software controlled by a single entity, nothing specific to open source. What may be specific to open source is that organizations have made assumptions that the software will always be there, free and supported by someone — an assumption no-one would make when using proprietary software.”