Prior to the discovery of the Heartbleed security vulnerability in OpenSSL, the only criteria used to evaluate open source software (OSS) was whether its license terms were acceptable. Even though evaluators have since added the security of the OSS as a second criterion, that is still not sufficient.

Evaluating OSS must use all these other criteria used for proprietary software: maintainability, extensibility, usability, reliability, scalability/performance, portability, compatibility, and reusability (aka Architecturally Significant Requirements, Non-Functional Requirements, software -ities)…

…then must consider whether that OSS itself violates any copyrights or infringes any patents, and also whether all OSS it uses meets all of these criteria.

Like with proprietary software, you are not likely to find OSS that perfectly meets all these criteria, but you need to know these same criteria are relevant and know how well the OSS meets each criterion.

For example, it is tempting to assume that each OSS project is developed, tested, and maintained by its own crowd of specialized engineers. However, many OSS projects have been abandoned, which puts the burden of maintaining and extending it on each proprietary product that uses it: crowdsourcing without the crowd.

Retrieved April 27, 2017, from  https://www.openhub.net/explore/projects