Open-source e-commerce: The next wave of value for the enterprise

Open-source e-commerce: The next wave of value for the enterprise

Customers of a large advanced-electronics manufacturing business were having trouble finding and ordering products on the company’s website. The solution? Customer service told them to email their orders to their sales reps, who would then enter them into the site themselves. The email orders were inevitably unclear, leading sales reps to spend endless hours searching for products, clarifying the orders, and inputting the wrong information. Not only that, but top sales reps were spending their time doing basic fulfillment, not selling.





The manufacturer knew this wasn’t sustainable, so it decided to upgrade its e-commerce portal. A systems integrator (SI) vendor recommended a packaged solution that would take two years to build, with a minimum viable product (MVP) of the front-end portal available in eight to ten months. That was just too long. So executives turned to open source for the front end of the company’s e-commerce solution. They established a team of ten people, including five developers, who were dedicated to the project and worked in agile ways, using open source to develop a product inventory, integrations into the enterprise resource planning (ERP) system, digital-marketing integrations, and product pages with full ordering capabilities. In about eight weeks, they launched the MVP e-commerce site with page load times of 1.5 seconds—more than five times faster than the company’s existing version.

The frustrations of working with complex legacy architecture is hardly an anomaly in the corporate world, but turning to open source as a solution for e-commerce is. Many large companies have been using open source for years now, though often in isolated areas deeper in the stack. But open-source software (OSS) has evolved to the point where it can provide a broad range of benefits in e-commerce, such as speed, low total cost of ownership, flexibility, and access to talent, to name a few.

While cost savings are an important benefit, the real value of using open source is in acquiring key talent, helping build up an open architecture, and accelerating the culture of speed and flexibility that’s needed to be competitive in a digital world. Being serious about being digital means being serious about open source.

However, to borrow a well-worn phrase, “With great power comes great responsibility,” going the OSS route requires a greater commitment and more accountability from the enterprise. It is not a silver bullet and requires thoughtful discussions about trade-offs and priorities. The benefits of OSS can be claimed only when companies invest in finding and retaining top engineering talent, reduce complexity through better processes, and institute effective security and governance practices.

A closer look at open source





While the benefits of open source are generally understood by many executives, concerns about its applicability in a large corporate setting and an incomplete understanding of the true trade-offs persist (see sidebar, “A look under the hood: Building an OSS product”). For this reason, open source is often dismissed as “something small companies do.” However, open source for e-commerce is an increasingly viable option for large companies, especially for those that have the requisite engineering talent and regard e-commerce as an important strategic consideration (exhibit). This is even more the case for those companies committed to an open architecture where elements are loosely coupled.


For certain e-commerce features where speed and flexibility are important, OSS is a good alternative.



We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com



OSS talent and skills are too hard and expensive to build up

Companies are often concerned about finding talent that understands OSS technologies. However, they may not realize that due to the open architecture of OSS and the ability to tap into large global communities of collaborators, in-house teams can be much smaller. At one telecom company, for example, a team of 30 developers, architects, back-end developers, and digital marketers needed ten months to build a customer-funnel experience. Another company, in contrast, leveraged open-source solutions to build a similarly scoped digital sales channel in only three months with a team of ten.

A popular OSS design choice is adopting JavaScript as a programming language across the front end and back end of e-commerce applications. The benefits of this choice include the following:

  • Increasing development speed. Full-stack developers can own feature development end to end instead of dispersing accountability through multiple handoffs.
  • Simplifying recruitment. Since JavaScript is the base code across the e-commerce ecosystem in this case, fewer coders can cover more tasks.
  • Making the business more desirable for top talent. The JavaScript OSS ecosystem is large, robust, and increasingly high quality. Companies that contribute to these OSS projects have visibility with developers who contribute in their spare time—the sort of passionate talent that enjoys technology challenges and continuous learning.
  • Finding top talent more easily. JavaScript developers are widely available due to the language’s popularity and its freely available, high-quality training materials. According to Developer Economics, 12.4 million software developers were using JavaScript in Q3 2020, making it the most popular programming language in the world.

OSS solutions do not scale

Some proprietary solutions, particularly storefronts, can help get an e-commerce capability in place quickly, but they can be difficult to scale. One international retailer, for example, turned to a proprietary storefront solution, allowing it to deploy an e-commerce capability rapidly. It proved so successful that the retailer rolled it out to different countries. But as it became more experienced with e-commerce, it found that making changes, such as tailoring offers to consumers in specific countries and releasing new features, was nearly impossible.

Open source in and of itself doesn’t provide for better scaling. However, it can enable scale when the IT system is based on an open architecture—for example, by using microservices to scale horizontally, decoupling front and back ends to scale individual components, and scaling for load as well as regions. Some of the larger installations of Apache, PL/pgSQL, Kafka, and Linux rely on an open-source stack for scalability. Capturing these scaling benefits, however, requires investing in talent to build and manage the code, as well as developing middleware and microservices in order to call on data needed from legacy systems.

Open source isn’t secure enough

OSS may not be more secure than proprietary software, but it is not inherently less secure either. The key difference is that, with the right talent and processes in place, companies using OSS have more control over how they address security issues. In addition, they have access to the open-source community, which is made up of tens of thousands of people who are constantly finding and fixing bugs. Most open-source code is also hosted in GitHub, which has metrics showing the number of open versus closed bugs in a given code, code followers (the number of people actively working with it), ratings, activity on the project, and so on. These indicators allow businesses to get a good sense of how much risk there is with a given open-source package.

In addition, tools exist that can scan all open-source package dependencies and identify any vulnerabilities. Some platforms managing open-source JavaScript code, for example, have built-in audits that companies can use to check known vulnerabilities. Tying that to a third-party tool and regular cyber checks has proven effective at managing risk. Additional momentum has come from the Linux Foundation, Google, Microsoft, and the Open Source Security Foundation, which have all recently announced commitments to support open-source security.

There is no dedicated support

The myth of OSS is that, while there is a large community of developers who are constantly reviewing and improving the software, companies are largely on their own. The reality is more nuanced and reassuring for enterprise leaders. There are many flavors of support for open source, with vendors and boutiques specializing in OSS partnerships. Each has its own community standards, governance, and licensing models that businesses need to assess. In practice, for large e-commerce systems, there are a handful of anchor companies that can offer extensive support.

At the same time, digitally advanced companies are investing tens of millions of dollars in OSS and support tools. Walmart, for example, has a Node.js framework called hapi, which is proven code that others can take and use. GitHub also offers OSS apps that it has used and can support.

Prerequisites for success

Companies that have decided open source can help deliver on their strategies succeed by adopting a number of important best practices:

  • Go all out to get the talent and build an OSS culture. The open-source approach cannot work without top talent. For this reason, companies need to make top developers with deep experience their number-one priority. Companies should focus on finding not only those with OSS coding skills (particularly JavaScript for front-end work; JavaScript, Java, or C# for back-end work, depending on the organization’s architectural choices; and Python for data science and analytics work) but also developers who are hands-on problem solvers, can navigate ambiguity, and have an innovative mindset. While there is a very real war for this kind of talent, incumbents can win it. Leading companies have evangelists who frequently blog about their OSS programs, contribute code to the open-source community, and engage in active discussions with them. This activity helps to change brand perceptions and has proven successful in attracting top OSS talent.

    Supporting this more focused talent outreach is the need to cultivate a culture where developers are encouraged to contribute and participate in the open-source community. Developers who work in open source spend about 40 percent of their time contributing to open source as part of their job.


    Walmart famously began using the open-source Node.js server technology to support Black Friday sales traffic in 2013, and then funded an open-source initiative that made this technology available for anyone to use.

    By using this kind of approach and aggressively targeting top talent, a mining company was able to hire 120 top technologists—data scientists, engineers, data engineers, and experts in Python, JavaScript, and Terraform code—in just eight months. A chemicals business was able to hire a mix of 60 full-time and contract engineers in its first year using a targeted talent approach.

  • Minimize complexity in accessing back-end systems. It has been well established that companies need to decouple their front end from their back-end stacks and that APIs can help enable that. Two issues tend to trip companies up, however, when it comes to building out OSS e-commerce. The first is that developers often create multiple versions of an API, which leads to confusion and delays. Companies need to invest in standards and tools, such as GraphQL, that can help manage API updates to reduce this chaos. The other is that CIOs will often greenlight large programs to “free” vast amounts of data in their ERP, when an e-commerce engine needs only a targeted, relatively small set to function, such as product inventory and prices.
  • Enforce security and working standards through strong governance. The very freedom that open source allows can lead to chaos if not well managed. Top companies centralize key functions, including OSS management and security management. This team, for example, functions as a clearinghouse to support developers and their issues, such as providing policies and processes for OSS use, setting standards for license use and code contribution, and generally being available to answer questions about OSS use. OSS developers should also adopt DevSecOps practices. In addition, top companies invest in automated tools based on clear guidelines and guardrails that can scan open-source components and remediate issues or reject malware before they’re deployed.
  • Build flexibility into working with cloud service providers (CSPs). CSPs offer many open-source solutions, tools, and playbooks for common OSS use cases. But, as with other applications, companies need to be aware of how open source is tied to the CSP’s specific managed solutions and take steps to avoid being locked in. Companies should consider third-party tools that can deploy infrastructure and applications, for example, as well as wrapping their apps in “containers,” both of which can be deployed to any CSP. Where appropriate, companies should also consider using OSS to provide both abstraction and automation to manage cloud.

Going the open-source route requires business leaders to get past the “play it safe” mentality that opts for the large-vendor solution because it’s a defensible choice rather than because it’s the best option. For companies willing to make the necessary investments in people and processes, open-source e-commerce can open doors to a more productive and innovative digital future.