Thought Leadership

Using open source vs. commercial Linux

By jeffreyhancock

Using Linux in your medical device has plenty of advantages. A successful migration to embedded Linux can bring numerous advantages to an organization, including reduced licensing costs and greater control over features and maintainability. However, not all Linux distributions are created equal. Using open source vs. commercial Linux can be two vastly different experiences.

Protecting Your Proprietary IP from Open Source 

It’s always a good idea to consult with your legal team when considering a move to open-source software (OSS). Your legal team might be surprised to learn that not everything you’re planning to build is going to be your company’s IP. There are different classifications of open-source licenses–permissive and restrictive. Restrictive licenses require that when you make changes or enhancements to something that’s licensed under one of these agreements you are required to share these changes with the open-source community. Each license is different so you and your legal team will be interested in what they required. While it’s possible that certain licenses might be more restrictive than you’ll be comfortable with, the Linux kernel and major open-source packages such as OpenSSL and TensorFlow have licenses that allow you to use this software without requiring you to disclose your proprietary IP.

Supporting your Linux OS for the full life cycle of the product. 

Once you customize your Linux distribution, you will also need to maintain it for the life of your product.  If you’re going to do this yourself, businesses typically discover that using open source tools that are freely available are in practice not truly free. Maintaining Linux involves managing millions of lines of code, development tools, toolchains, and more, which will require staffing a dedicated team (with its associated costs) whose responsibility is to manage all this “free” technology. 

Community Support 

It’s important to realize that if you find an issue with an open-source package, you might get community support, but not always. If the community decides that what you’ve found has far reaching implications (especially if they impact security), they are likely to help fix any bugs or problems. But if your issue is not aligned with the core direction of the OSS technology as determined by the project maintainer, or if the version of the module is more than a few years old, you may not get a lot of help from the community. The Yocto Project community will typically support a release and kernel for one to two years. You might get 2 years of defect fixes and 4 years of CVE support from Debian. After that, you’re pretty much on your own. 

In contrast, commercial offerings typically include tools, documentation, and support. Support often includes software updates, security patches, “how-to” help, and answers to general or specific usage questions.

Open-source software is often perceived to be free, but if you’re not careful unintended costs can quickly add up. Using commercial Linux offerings isn’t mandatory but the alternative requires careful consideration and planning along with continuous support for any fixes and solutions developed down the line. The Linux community is an invaluable resource to developers, but developers must understand what the community can and cannot do. While there are also costs associated with a commercial Linux distribution, once you total up the costs of maintaining your own Linux distributions you may discover that a commercial distribution is cheaper, higher quality, more up to date with security updates and easier to use.

Siemens Embedded offers industry-leading commercial embedded Linux® solutions based on the Yocto Project and on Debian, with rich graphics, secure IoT and cloud enablement, and comprehensive development tools. Both solutions are portable across leading hardware architectures and offer commercial maintenance, security vulnerability monitoring and patches, and customization services. 

Sokol Flex OS highlights: 

• Yocto™ Project-based platform 

• Broad hardware support: Arm®, AMD x86, Intel x86, and RISC-V • Multicore enabled 

• Cloud enabled 

• Machine Learning enabled 

• Development tools included 

• Industry leading quality infrastructure and process 

• Security team and update process to address critical security defects 

• Long term support

To learn more visit:



Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at