The real cost of software on your site

As I was noticing the phpBB critical update of the week, I thought that the real cost of having cool stuff like forums and guestbooks for your site’s users, or content management systems in the background is probably not so much related to the purchase price of the product as it is the cost of maintenance. Even if I am wrong about how big a portion of the total cost of ownership, maintenance is still a significant component of the cost over time.
The hosting company I work for ( offers phpBB and several other scripts as a part of our hosting plans. It is pretty easy for customers to just turn them on and presto! They have forums on their site.
And when they wake up the next morning they check their site and it is defaced; filled with links to porno sites and heaven only knows what else. The culprit could be a feature in the software, or it could be a bug; which it is will not be really important when your web site is gone.
They could have avoided it all if they had updated to the most recent version of phpBB. Ah… but there’s one cost of this free software. You have to read the announcements from the vendor.
You did sign up for the announcements list didn’t you? Oh … you can’t because they don’t have mailing lists; you would have to subscribe to their forums, which were hacked along with the server they run on. If you were on their forums, now you are in spam lists. … but that is another post. They claim the rooting (root is well defined in this PC World article from 2001) was because of a flaw in another script they didn’t update.
You’re starting to get the picture about updating the software on your public web site, aren’t you?
After you somehow find out the software has been updated, then you have to act on the information, and that usually takes some time. You have to get the software, and you have to install and test it. If everything goes well, this can cost you less than half an hour. If you have customized your version of the software, you will have to apply the customizations to the new version. That will take a bit longer. Your milage may vary even more if you run into any snags; I once gave up in frustration and reinitialized some forums that had to be updated after only a couple days on-line.
When you are doing a small web site project before you use any complicated scripts, you should know what return you will get on you investment. Plan for on-going maintanence; I usually look at the bugtraq list to see how many times software is mentioned there as an indication of how frequent upgrades are likely to be. Put all of the factors together and get a realistic view of the real costs over time. Then decide if it is worth it.

