Guide to the Total Cost of Ownership of Open-Source Software


Tuesday May 10, 2022 by Peter Schneider | Comments

​2022年5月10日星期二 彼得·施耐德 评论

Using ready-made software speeds up development. The use of open-source software (OSS) however is not free of costs. Using open source comes with obligations and risks, which carry a cost.


This guide summarizes the costs of using open-source software for professional software development based on public information and my 15 years of experience.


My background: I’ve worked with a lot of software based on open-source principles in my career: I switched from Solaris OS to JBoss OS (before Red Hat acquired it) for carrier-grade blade servers at Nokia Networks. At Nokia, I promoted and contributed to, the open-source operating system for mobile devices. I’ve used many open-source libraries such as Angular, Docker, Log4J, and when heading the product management for an enterprise service management platform.

我的背景:在我的职业生涯中,我使用过很多基于开源原则的软件:我在诺基亚网络的运营商级刀片服务器上从Solaris操作系统切换到JBoss操作系统(在Red Hat收购之前)。在诺基亚,我为maemo.org的移动设备开源操作系统做了宣传和贡献。我使用过很多开源库,比如Angular、Docker、Log4J和。在为企业服务管理平台领导产品管理时。

Authors Note: I am a firm believer in the value of open-source software. Analyzing the cost of using open source is not intended as means to promote or disregard the value of open-source software. I have always believed that sharing intellectual property when there is a common interest is the future of software development. Nevertheless, I was always willing to pay the price for the use of open source: whether it was the support fee for JBoss, the sponsorship of the Maemo community, paying for multiple years of open-source management in the service management platform, or the acquisition of premium features linked to an open-source product ( I have always valued open-source software, especially in commercial product development. The purpose of this guide is to provide transparency for better decisions.


The Myth of Open Source is Free


The acquisition cost of open-source software is close to zero. However, open-source software comes with management costs and risks. The figure below illustrates the common misperception of the total ownership cost related to open-source software-based development.


At first impression, when using open-source software libraries, the total cost of software development consists only of the direct development costs for staff and development tooling. Commercially supported software libraries come with an additional charge of software licenses and potentially distribution royalties. Looking at this comparison, deciding what approach to choose seems straightforward. The whole truth, however, lies below the surface.


While the use of commercial software includes little hidden costs over the product's lifetime, several additional costs must be considered when using open-source libraries. These include:


  • Fixing bugs yourself instead of having a commercial maintainer doing it on your behalf (or hope that somebody in the community will do it quickly free of charge)
  • 自己修复bug,而不是让商业维护人员代表您(或希望社区中的某个人能免费快速修复)
  • Implementing the open-source obligations such as documenting the used open-source components for audits, managing a repository where people can download your source code, and creating a user interface displaying the open-source libraries used in your product
  • 实现开源义务,例如记录用于审核的已使用开源组件、管理人们可以下载源代码的存储库,以及创建显示产品中使用的开源库的用户界面
  • Implementing legal checks and risk assessments when introducing a new open-source element or when the open-source licensing terms have changed
  • 在引入新的开源元素或开源许可条款发生变化时实施法律检查和风险评估
  • Performing regular license compliance checks in line with the corporate information security, corporate open-source policy, and the open-source license terms
  • 根据公司信息安全、公司开源政策和开源许可条款定期执行许可证合规性检查

I have excluded other direct costs such as annual security audits and indirect, one-time costs for this guide. Security audits, including penetration testing, need to be done in either case. Potential one-time expenses related to incompliance with open-source terms and conditions, such as the loss of product distribution rights, patent litigation, or brand damage due to public defamation are of such magnitude that I excluded them. These need to be considered as risks.


The guide is written in such a format that it demonstrates the total cost of open-source based on examples. It’s easy to adjust the TCO calculation with your input values. The focus of this guide is on explaining the cost components and not on any individual results.


1) The Cost of Fixing Open-Source Code Yourself

1) 自己修复开源代码的成本

Fixing bugs takes time. Every software has bugs, whether it uses open source or not. The question is only who fixes the bug. If one buys commercially supported software libraries, the code maintainer does the bug fixing. If one uses open-source, then one can hope that the bug is fixed in the open-source community by somebody else. But there are no Service Level Agreements (SLA) in the open-source community. Alternatively, one can fix the bug in open source oneself and ask the open-source maintainer to merge the bug fix in the upstream code library, i.e., the master of the code. Those logistics are also an additional effort, and there are no guarantees the open-source project maintainer will approve it. If the open-source project does not accept the self-made bug fix, one must manually patch the open-source library with every new version.


To calculate the effort of fixing a bug, one can estimate the average time it takes to fix a bug with the average amount of bugs one would expect to find in any software code. If one searches the Internet, one will find several statements that fixing a bug in a commercial product takes on average half to one day of a software developer. Based on my experience running an R&D team of 20 developers, I have to say that I never saw a bug fixed in a single day. I agree that the actual correction of the code sometimes takes not more than 30 minutes, but that's only a fraction of what it takes to fix a bug. I would set the range of developer days it takes to fix a bug from 0,5 to 2 days.


It takes a developer between 0,5 to 2 days to fix a software bug.


The second parameter for the cost calculation is the number of bugs in the open-source software. Suppose we assume that open-source software has as many bugs over its lifetime as any software. In that case, we use a widely-used assumption: Commercial software typically has 20 to 30 bugs for every 1000 lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. Let’s assume further that open-source software has fewer bugs than individually developed software (due to more participants contributing and using the same software), then we might take a value at the lower end of that spectrum.


Open-source software has an average of 20 bugs per 1000 lines of code.


That leaves the question of how many lines of code an application has and how much of that is open source. There is a wide variety of lines of code in an app. While the average iPhone app might have 50.000 lines, the Über app has some 428.000 lines, and TikTok has 15 million lines of code. To simplify this complexity, and since I work at Qt, I assume that our model application uses the Qt Framework Essential open-source libraries available in dual-licensing (commercially supported and open-source). The Qt Framework Essentials software libraries are often used in high-performance mobile apps, desktop applications, and embedded devices. The Qt Framework Essentials (qtbase and qtdeclarative repositories) of the Qt 6.3 release include 2.936.523 lines of code (LOC) according to a measure with SLOCCount.

​这就留下了一个问题:一个应用程序有多少行代码,其中有多少是开源的。一个应用程序中有各种各样的代码行。iPhone应用程序的平均行数可能为5万行,而Über应用程序的行数约为428.000行,TikTok的代码为1500万行。为了简化这种复杂性,而且由于我在Qt工作,我假设我们的模型应用程序使用双授权(商业支持和开源)中可用的Qt框架基本开源库。Qt Framework Essentials软件库通常用于高性能移动应用程序、桌面应用程序和嵌入式设备。Qt 6.3版本的Qt框架要素(qtbase和qtdeclarative repositories)包括2.936.523行代码(LOC),根据SLOCCount的衡量标准。

Qt Framework Essentials libraries include some 3 million lines of code

Qt Framework Essentials库包含大约300万行代码

Finally, we need to estimate of average cost of a software developer day. I will use the average salary of a Software Developer in the US in 2022 based on, which is 555 USD / Day. Adding a 1.25 multiplier for indirect employee costs (using the same ratio used for EU funding programs), we get 688 USD costs for an average software developer day. I’ll spread the number of expected bugs over a 10-year period, which is a typical time for the software to be refactored or redone. So, if one would maintain the Qt Framework Essentials open-source libraries oneself, that would mean:

最后,我们需要估算软件开发人员一天的平均成本。我将使用基于glassdoor.com的2022年美国软件开发人员的平均工资,即555美元/天。将间接员工成本乘以1.25(使用与欧盟资助项目相同的比率),我们平均软件开发日的成本为688美元。我将在10年内传播预期的bug数量,这是软件重构或重做的典型时间。因此,如果要自己维护Qt Framework Essentials开源库,这意味着:

3.000.000 LOC

/                 10 YEARS

x                 20 BUGS

/           1.000 LOC

x                0,5 DAYS

x               688 USD
     2.064.000 USD

One could expect the open-source community to fix most bugs, but even if one assumes that one would need to fix only 1% of all those bugs, that would still mean a cost of 20.640 USD each year.


2) Implementing Open Source Obligations

2) 履行开源义务

The use of open-source software comes with both mandatory and voluntary obligations. The range of mandatory responsibilities depends on which type of license terms and conditions has been attributed to the code. While there is a multitude of open-source license types hiding behind abbreviations such as GPL, MIT, and BSD, typical responsibilities of the open-source software user are:


  • You need to develop a user interface (UI) in your product that displays which open-source software has been utilized. If you create software with multiple pieces of open-source software, then the effort of developing this UI is shared among each open-source component.
  • 您需要在产品中开发一个用户界面(UI),显示使用了哪些开源软件。如果您使用多个开源软件创建软件,那么开发此UI的工作将在每个开源组件之间共享。

    Image: UI listing all open source components and their license terms in Nokia X20 smartphone

  • 图:列出诺基亚X20智能手机中所有开源组件及其许可条款的用户界面

    As a rule of thumb, the more open source you use, the more time you need to put all the content together. The initial development of this UI in a software product takes between 5 to 10 developer days based on two backlog refinement meetings I’ve been part of. I would estimate the maintenance of the content to take one developer day per year.

  • 根据经验,你使用的开源软件越多,你需要的时间就越多。基于我参加过的两次积压优化会议,在软件产品中初步开发这个UI需要5到10天的开发时间。我估计内容的维护每年需要开发者一天的时间。
  • 2) You need to make the source code available either with the product or separately, which means you need to manage a repository where people can inspect and download the open-source code, depending on the open-source license sometimes even your own code. It would be best to create a workflow allowing people to request the open-source software, create and maintain a software repository where the relevant source code is available, and assign somebody responsible for this.
  • 2) 您需要将源代码与产品一起提供或单独提供,这意味着您需要管理一个存储库,人们可以在其中检查和下载开放源代码,这取决于开放源代码许可证,有时甚至是您自己的代码。最好是创建一个工作流,允许人们请求开源软件,创建并维护一个软件存储库,其中包含相关的源代码,并指定负责人。

    Image: UI displaying guideline on how to get open source code in Nokia X20 smartphone

  • 图:关于如何在诺基亚X20智能手机中获取开放源代码的UI显示指南
    The development of the corresponding UI takes some 2 to 3 developer days. Setting up the workflow takes another two developer days. Creating and maintaining the software repository maybe requires one-day using existing infrastructures such as Github.
  • 开发相应的UI需要大约2到3天的开发时间。设置工作流需要另外两天的时间。创建和维护软件存储库可能需要一天时间使用现有的基础设施,如Github。
  • You want to manage an internal document listing all open-source software licenses and their license terms for potential requests by customers or prospects, especially if you are building business software. Maintaining this document is not rocket science, but I would put aside one developer day for creating it initially and another per year to manage this list (which might be in the raw format the same as the one posted in the UI).
  • 您需要管理一个内部文档,列出所有开源软件许可证及其许可条款,以满足客户或潜在客户的潜在请求,尤其是在您正在构建业务软件的情况下。维护这个文档不是火箭科学,但我会留出一天的时间来创建它,每年留出一天时间来管理这个列表(可能是原始格式,与UI中发布的格式相同)。
  • Users of your product need to be able to modify an open-source library on the device. If you are building a hardware product, then this means that you need to provide means to flash the device software. You probably need anyway a flashing interface for service purposes but providing the toolchain for users including the documentation can take quite some effort. I’ll allocate 5 developer days for creating and maintaining the toolchain, but that number is probably way too little to get the job done, at least initially.
  • 产品的用户需要能够修改设备上的开源库。如果您正在构建硬件产品,那么这意味着您需要提供闪存设备软件的方法。无论如何,出于服务目的,您可能需要一个弹出的界面,但为用户提供包括文档在内的工具链可能需要相当多的努力。我将为创建和维护工具链分配5个开发人员工作日,但这个数字可能太少,无法完成工作,至少在最初是这样。

If we sum up the cost of the mandatory responsibilities, then we get the following costs:


One-Time Expenses:










11.008 USD

Annual Expenses:


              1 DEVELOPER DAY (OSS UI Update)






1.720 USD

'The voluntary activities to the open-source community include the contribution of bug fixes, sharing of feature enhancements to the original code, participation in and sponsorship of open-source community events, and taking a more proactive role such as approver or maintainer of open-source components. I will not include any costs related to voluntary activities in this guide because everybody can choose which of them to take up. However, it’s good to remember that an open-source community is a form of society, and it only works when most benefactors contribute back to the project.


3) Legal Checks  for Open-Source Software

3) 开源软件的法律检查

Most companies will run a legal check whenever new open-source software is added to the product. The legal assessment serves mainly to verify that the current open-source policies are adhered to. Since there is only a finite number of open-source license types, such a legal check shouldn't take much time. Should a change of open-source licensing policy be necessary, such a legal check will consume a significant amount of time. Many such lawyers act as gatekeepers, and related costs are mainly incurred only once.


In my opinion, lawyers should be more active on an ongoing basis in monitoring the use of open-source licenses regarding risk management, compliance downstream towards users, compliance to industry patents and IPR owned by other parties and protection of own IPR. Some of these activities one cannot quantify easily, and some are such that they may create a risk to jeopardize the whole business.


However, the reality in most companies is different, and legal checks are performed only once. A legal check, confirming the license terms and conditions online and doing some research on whether the risk is worthwhile taking, might not take more than a day, I would expect that one of these checks needs to be done each year.



x   1.038 USD*

1.038 USD

* Average Annual Salary of Senior Attorney in the US according to 148.000 USD. Indirect costs: 207.000 USD, Daily rate: 1.038 USD


4) Compliance Management for Open-Source Software

4) 开源软件的法规遵从性管理

Compliancy Management includes all activities in the enterprise verifying that


  • the companies’ products contain only open-source software in line with the internal IPR and open-source policies
  • 这些公司的产品只包含符合内部知识产权和开源政策的开源软件
  • the company complies with the open-source obligations
  • 公司遵守开源义务

85% of the audited codebases contained license compliance issues, according to a 2019 whitepaper from Synopsys. Compliancy should be preferably achieved proactively through establishing clarity of the open-source policies and training of the software developers. The previously mentioned legal checks are also a part of achieving compliance. In addition, many companies are applying post-development compliance practices such as automatic software scanning and license management tools.

​Synopsys 2019年发布的白皮书显示,85%的经审计代码库包含许可证合规性问题。最好通过明确开源政策和培训软件开发人员来主动实现合规性。上述法律检查也是实现合规性的一部分。此外,许多公司正在应用开发后的法规遵从性实践,如自动软件扫描和许可证管理工具。

Automated software scanning products such as Snyk or Debricked are often cloud solutions with per-developer pricing. The prices per developer range from 25 USD to 139 USD per month (at least when it comes to publicly visible pricing). I will assume that five software developers need a license for this capability. These products help identifying whether one's product contains open-source software that might not comply with the companies' policies, such as GPL3-licensed code. Since applications nowadays include millions of lines of code, automated scanning might be an effective practice to avoid compliance issues.



x        25 USD / Month

x        12 Months

1.500 USD

The cost for Compliance Checking Tools should be allocated partially in accordance to the different OSS components in the product.


Total Cost of Ownership of Using Open-Source Software


The Total Cost of Ownership (TCO) of open-source software can be compared to getting a car. A car has a specific acquisition cost. However, in addition to the price you pay the car dealership, you will need to account for any additional expenses such as registration, insurance, and support costs. While the acquisition cost of open-source software is zero, there are other costs over the lifetime of a product that one needs to be aware of.


For this guide, I will calculate the TCO in a five-year timeframe, probably the minimum of the lifetime of commercial software. I will split the TCO into initial costs and annual recurring expenses. As mentioned before, I will be excluding unlikely or voluntary expenses such as litigation fees or community contribution expenses to keep things simple.


One-Time Expenses:




Annual Expenses:


FIXING BUGS (3M LOC / 20 BUG / LOC / 10 YEARS x 0,5 DEV DAYS x 688 USD x OWN 1%) = 20.640 USD

修复漏洞(3M LOC/20 BUG/LOC/10年x 0.5开发日x 688美元x自有1%)=20.640美元






合规性扫描(5个开发者x 25美元/月x 12个月):1500美元

24.898 USD

x            5 YEARS


124.490 USD

+ 11.008 USD


135.498 USD



In the grand scheme of things, 135.000 USD isn't much when developing your software product. An alternative to the open-source cost is the cost of commercially supported software, which often comes in a SaaS-subscription model.


On purpose, I’ve been cautious about recommending which way to go: open-source or commercial software. The decision always depends on many factors. The TCO is one of them. Personally, and I'm biased since I work for the Qt Company, I would recommend doing both: use commercially supported software based on open-source and contribute upstream to open-source projects. Why? While the acquisition cost of open-source is very attractive and many of the related costs can be shared among several open-source components, it takes a single critical bug escalated by a key customer of yours that you find hard to fix and you would have loved to have somebody to back you up. The benefits of open-source and contributing back to it lie in the better quality of the software. Hence, my recommendation is to be active in the community, which helps everybody ultimately.


Did you find this guide useful? Check out Qt's guides on software development, such as the Smarter Products Need Smarter Development guide from Forrester commissioned by the Qt Company.



  1. 成本管理--总体拥有成本和投资回报率

    今天的IT部门必须行使更多的业务职能,这使得把技术视为"黑盒子"的观念在逐渐淡化.也就是说,不仅仅因为在市场上它是最好的或是发展的潮流才使用它,而是,现在的企业或组织机构为了满足特 ...

  2. 氮化镓 服务器电源管理系统报价,基于氮化镓的电源解决方案总体拥有成本评估...

    引言 近年来,电信市场正在朝云计算的方向转变,这导致超大规模数据中心空前快速的增长,而每个机架需要处理的功能也越来越多. 反过来,这种趋势也意味着对功率的需求快速增加,而重点则是采用消耗更少电力的更高 ...

  3. AUP2敏捷统一过程之一:序言及降低过程的总体拥有成本

    这是敏捷统一过程系列的第一篇.(前篇,之一序言,栏目总目录) 敏捷统一过程的全称是AUP(Agile Unified Process),不过为了能区别已经被提过一次的AUP(就是RUP),这里称之为A ...

  4. 独家 | 建立软件的经济学分析框架,浅议开源软件的经济学特性(附图解)

    人类社会正在加速数字化.一个显而易见的事实是,人们生活.工作的方方面面都离不开各种各样的软件.不久以前,人们还不知道什么是软件:从今往后,软件正在吞噬整个世界[ ...

  5. 干货 :建立软件的经济学分析框架,浅议开源软件的经济学特性(附图解)

    人类社会正在加速数字化.一个显而易见的事实是,人们生活.工作的方方面面都离不开各种各样的软件.不久以前,人们还不知道什么是软件:从今往后,软件正在吞噬整个世界[ ...

  6. IT出路:跳出TCO,着眼TVO(总体拥有价值)

    当您在申请IT预算,要求投资新的应用开发,或是选择IT服务提供商时,能够仔细深入地权衡IT的价值和投资回报吗?是否仍深陷TCO(IT总体拥有成本)泥潭而不能自拔?您想过IT的总体拥有价值(TVO)吗? ...

  7. 阿里开源软件替换指南

    阿里作为一家技术公司,一举一动牵动业界的发展.2013年,阿里搞出去ioe的概念,旨在消除对他人的依赖.而现在,它自己却通过变卖开源产品,绑架企业,充当了类似ioe的角色. 相比较一些国际知名的开源软 ...

  8. 阿里云原生开源大家族加入中科院软件所开源软件供应链点亮计 - 暑期 2021

    来源 | 阿里巴巴云原生公众号 2021 年,由中国开源软件推进联盟 COPU 牵头发布了<2021 中国开源发展蓝皮书>,涵盖当今全球开源的总体情况分析.开发者分析.项目分析.领域案例, ...

  9. 开源公司黄页 关于/ 阿里巴巴的50款开源软件[大部分为Java语言]

    服务框架 Dubbo Dubbo 是阿里巴巴公司开源的一个高性能优秀的服务框架,使得应用可通过高性能的 RPC 实现服务的输出和输入功能,可以和 Spring框架无缝集成. 主要核心部件: Remot ...


  1. ref与out的区别
  2. 编程之美-数字哑谜和回文方法整理
  3. 实现JavaScript匿名透明递归
  4. linux的用户管理与权限学习总结
  5. 计算机网络技术通识试题,超星计算机网络技术章节答案
  6. Oracle迁移索引
  7. pdf.js 利用HTML5技术显示pdf内容
  8. 哥斯拉Webshell
  9. linux桌面天气,Ubuntu 14.10中安装和配置天气应用
  10. git学习(四):理解git暂存区(stage)
  11. golang延时,在golang中使用延迟
  12. 开源数据库学习资料汇总
  13. Matlab画图颜色设置
  14. 走进波分 -- 03.光纤传输系统关键参数
  15. 美团服务器不稳定号码保护,美团外卖怎么开启号码保护 隐藏自己手机号这么设置...
  16. 2017华为软件精英挑战赛决赛思路分享
  17. 计算机网络的对学生的利弊英语作文,网络的利与弊英语作文范文
  18. 鸿蒙系统能超过ios多少年,未来3年,鸿蒙系统能与iOS系统媲美吗,能否超越iOS系统?...
  19. 【中文】【吴恩达课后编程作业】Course 4 - 卷积神经网络 - 第二周作业
  20. 利用P2P软件(Murder)大规模分发大文件


  1. 单细胞测序分析及单细胞转录组
  2. cosolog打印带样式的文字及图片
  3. Python 学习笔记 -- pickle模块,如何腌制泡菜(入门级)
  4. 内科大和内农大计算机,内蒙古八大高校排名,“内大”第一实至名归,“内财”垫底上榜...
  5. 无人机开发-图传技术浅析
  6. python重启路由器_Python实现路由器的重启和查看实时流量
  7. Win8.1重装win7或win10中途无法安装
  8. android 获取视频长度,android中如何获取视频时长
  9. python水印检测_使用Python检测照片中的特定水印(无SciPy)
  10. 无穷积分的符号计算及其MATLAB程序