An organization that lacks source code access to mission critical software exposes itself to unnecessary risks. Here are two scenarios that illustrate some of the risks. Firstly, when a bug is uncovered in a critical piece of software, who is responsible for fixing it, and when will the fix occur? Only the vendor can do this and it will fix the bug depending on how valuable it perceives the fix not how valuable you perceive it to be. Secondly, what happens if the software supplier discontinues it's product or goes out of business? Now bugs will never be fixed and the software will never receive new functionality, leaving the your company to find another solution, often with little warning[24].
Because OSS projects use public source code repositories, bug fixes are often made available the day they are located. With these repositories, users can download new cutting-edge versions of the code, or just the single bug fix they need. Furthermore, OSS projects are often maintained by a group and if the current lead maintainer stops, she will quickly be replaced by another. Also, a number of large organizations have indicated that support for OSS projects is often substantially better than for commercial products with million dollar support contracts[24,25]. Finally, OSS enables you to hire any programmers you wish to customize the code for your own use, so even if all maintainers for a project disappear, you are free to continue developing the project.