Custom work, I think, is often appropriate if you can't buy exactly
what you need. For example, you may want a CMS different from
what you can buy or get for free. In that case, it may make sense
to build what you want. Very often, you can save time (which is money)
by starting with a free open source system and adding on to it. The
point here here is that you build it because you can't buy it, not to
save money. For example:


Quote Originally Posted by Lee View Post
have to say, the costs saved on this one script alone are simply amazing.
...
It cost $2000 in total to create and it has the ability to be used on an unlimited amount of sites, hold an unlimited amount of content and can be added to with an unlimited amount of features in the future if we need them.
You could buy a nice, mature CMS for $800, instead you spent $2,000
building one that still suffers from it's early version growing pains. So it cost
you $1200 more to get a buggier system. As you notice the kinds of problems
which commercial and open source CMS systems have already solved, you'll
probably spend another $1,000 on fixes and changes. I'm not sure how that "saves" a lot of money. In fact it costs you $2,200 more. Your custom CMS
may be just what you want, so it may be good to spend the extra $2,200
in this case, but only because the CMS you buy for $800 wasn't what you
were looking for.


The next thing i think we're going to be working on is a basic system similar to StrongBox to use on our sites which should also save thousands of dollars over the lifespan of our business.
Strongbox development has cost around $160,000 so far. That's OK, because
it's installed on tens of thousands of web sites. Each webmaster, by buying
Strongbox, contributes a tiny portion of the development cost. Even assuming
you violated our patents and generally ripped off our unique ideas, you might
be able to build something which works about half as well for $8,000. Or you
could just buy it for $150. Build it for $8000, or buy it $150. Which saves tons
of money? The software you can buy has been well tested
on huge sites like Girls Gone Wild. Your software you'd spend
$8000 on would be totally untested and may have huge security holes.
$1550 for something known to be very good, or $8000 for something
that will have problems. That's not a hard decision.


This question of when to build and when to buy is of course central to IT
management, so it's one which gets discussed a LOT in technical circles.
Over the years, some pretty well accepted guidelines have been developed,
including some popular phrasing and ways of presenting the ideas:

You may have to build it if no one sells what you need.
You may NOT need to build it if you can modify an existing system to
do what you need.

Don't write you own security, unless you're a security company, because
hackers are smarter than you are.

If it's the core of your business, and doing it better will put you way ahead
of the competition, you might should build it. (Example - Google would build
their own search software).
If it's not a core business function, just buy something that is known to
work well. (Google wouldn't write their own payroll system.)

Don't write you own security because your "looks pretty good"
security WILL get hacked.

If you personally have tons of time but no money, build it personally.
If you have the money and want it done soon, buy it.

Don't write you own security!


Webmasters here are in the business of presenting content, so a CMS
may be a core business function, and having a better CMS may be a
real competitive advantage. That's another reason that a custom CMS
may make sense, besides that there may be no CMS for sale which meets
your needs. On the other hand, webmasters here wouldn't want to spend
tens of thousands having a custom email client written - Outlook, Balsa,
Eudora, etc. do the job well. It's much better to share that development
cost with other businesses when possible.

By the way, the repeated emphasis on "don't do your own security" thing
isn't something I added - the repetition regarding security is common when
IT professionals talk about which software should be written versus purchased.

One wonderful example of why is I notice that you guys haven't updated this
board to take care of the well known security holes, so I can log
in as Lee if I want to. (I demonstrated this on Netpond, logging in as Meat).
That's OK - you're not in the security business and you don't
have any security people working for you. But remember that. If your
business is such that you can't even USE the security fixes that other
people give you, you sure as hell have no business DESIGNING security
systems.