, ,

3 Things to Consider About COTS vs. Open Source Software

Software is not just an IT issue. It is critical to how government performs and provides anything. This is made clear in the President’s Management Agenda (PMA), and it’s been made clearer with recent events surrounding shutdowns and shelter-in-place orders due to the COVID-19 virus.

“If we don’t have solid software and good code in place, how can we serve the public?” said Nicole Blake Johnson, GovLoop’s Managing Editor, during an online training Tuesday.

Both open source and commercial off-the-shelf (COTS) software are equally powerful tools. “The key is knowing when to use which,” said Helen Corin, General Manager of Public Sector’s Adobe Experience Manager Center of Excellence at Adobe.

In just a few decades, open source has become an invaluable tool for building software. But sometimes, it’s not always the best tool for agencies to use when it comes to enterprise solutions. Compared to COTS software, which is pre-built and packaged to use out of the box, open source software can have undesirable security vulnerabilities, less streamlined innovation opportunities and higher long-term costs.

Corin outlined some key benefits to consider that could make COTS software a better alternative to open source in certain cases.


The main security drawback of open source products is not knowing who wrote the code. The idea of an open source portal driven by the principles of self-governance and peer review “is to be applauded,” Corin said. “But it can leave agencies vulnerable.”

That is, agencies can unknowingly leave their data at risk if they don’t know the origin of the code powering a solution.

In COTS software, only the in-group can edit the source code, and it is heavily audited. Therefore, vulnerability is less likely. There’s never a question on whose responsibility it is to fix a problem or a security weakness. Although there might be fewer eyes on the code than in open source software, threats can be contained and fixed before it’s even exploited, Corin said.


One of the key differences between open source and COTS products is that innovative capabilities come fully tested and fully available to all software users when they come from a COTS provider.

“Because vendors need to ensure their technology doesn’t become redundant, users benefit from targeted innovation. It’s really business-focused rather than technology-focused,” Corin said.

Especially in government, technology for technology’s sake is unhelpful. Solutions are often deployed to specifically improve mission outcomes. Losing sight of that target can slow down and muddy an agency’s ability to innovate. That’s why in certain cases, it’s preferable to opt for timelier and business-targeted COTS software.


Initially, it may seem like the COTS price tag is too high for agencies to consider. However, agencies need to think about the additional costs that they might spend on maintenance, development, managed services and administrative responsibilities when using open source software.

“The initial cost may seem prohibitive to some. However, what users are paying for are generally more robust products from a trusted brand, with continuous innovation and a greater ability to scale,” Corin said.

The lifetime cost needs to be considered, not just the upfront software and hosting costs, Corin said. What expenses are incurred if there is additional traffic to a site? What is the toll if a site isn’t available? And what are the human costs to manage the web experience?

To tackle problems, government oftentimes can’t risk the time, resources or security to build solutions from scratch. Leveraging COTS software can be a better alternative for delivering web services quickly and efficiently.

“We’re seeing agencies move from the mentality of building [software] for years to wanting to buy and scale software and add value in weeks or days,” Johnson said.

This online training was brought to you by:

Leave a Comment

Leave a comment

Leave a Reply