[thelist] CMS: opensource or hand-roll?

[Martin Burns]

On 17 Sep 2008, at 21:57, Christie Mason wrote:

> There's also the issues of security and support. A couple of years  
> ago I
> deeply and widely explored OTS systems, both fee/free, both PHP  
> and .Net,
> for a couple of months and I found an appalling lack of attention to
> security, spaghetti code and sites that were more focused on  
> marketing than
> support.

Some worse than others to be sure.  And over the last few years, the  
industry's awareness of security has dramatically improved, from  
Microsoft on down.

Incidentally, there's no a-priori reason to assume that any group of  
coders (including yours) will produce anything better. And the benefit  
of OTS SW is that where improvements are made, you don't have to fund  
the development cost. You can concentrate on the value-add  
customisation pieces.

Of course, with OSS sw, if you *can* provide improvements to core  
stuff, then this is to the benefit of all.

> During the past few years I've either had to custom build or figure  
> out how
> to add custom modules to OTS systems.  Client TCO, so far,  has been  
> less
> for custom build because of the extra charges to recustomize for  
> version
> changes and open source software tends to have a lot of version  
> changes.


FWIW, this is still an OTS that you're standing on the shoulders of.  
OTS+customise will nearly *always* be better than customise from  
scratch. Or do you really want to be writing a login module from new  
for each client? (and does each client want to pay for that? and with  
a given non-zero defect density, the probability is pretty high that  
it'll be you providing a non-secure system at some point)

Cheers
Martin
--
 > Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter
 > http://dspam.nuclearelephant.com/