I feel like I just discovered that my favourite old-time movie star became a broken, shambling, drink-soaked and bitter old person. It’s a time for remembering them as they were in their prime and for regretting that they never always shone as brightly as they once did.
I run a software consultancy and my broken, shambling old movie star is an open source software application called SugarCRM Community Edition. There was a period when it was one of the most used Customer Relationship Management applications globally. For about half a dozen years my company (SalesAgility), were one of the most active SugarCRM Community Edition consultancies in the world. We loved it and the love was reciprocated. We were active in the community support forums (in a community of half a million people, we were one of the five most active posters globally).
We wrote some great solutions for some great customers. We formed friendships with customers that endure to this day. We contributed code, bug fixes, time, ideas and passion to the project. We had customers from the startup to the enterprise and all points between. We travelled the world. We grew. It was hard work but it was open source and the possibilities were seemingly endless.
Then, in October 2013, SugarCRM announced that they were abandoning open source and Community Edition. Support would continue until an undefined date but there would be no more functional updates. They have now announced that date and it’s April 2017.
Today, some three years and a couple of months since that original announcement, SugarCRM Community Edition, even in it's most up-to-date version, has multiple vulnerabilities. Vulnerability and static code analysis scans suggest that users should be very concerned. It’s going to get worse. As the software languishes, more vulnerabilities will emerge. Today, a smart attacker can compromise either the application, the server it’s running on, or both. Tomorrow, it will probably be easier to attack.
I have some stark advice for users of SugarCRM Community Edition and I’m not going to mince my words:
“SugarCRM Community Edition users need to migrate to an alternative platform as soon as possible. The number of current vulnerabilities in Community Edition is worrying. There will be no more support for Community Edition after April 2017 and the vulnerabilities will increase as the software ages. Simply put, if you're running SugarCRM Community Edition, you're becoming a soft target.”
Fortunately, there is a happy ending to this story. Before our broken old movie star stumbled into the gutter for the last time, they were redeemed, rescued, restored and have now been nominated for an Oscar.
OK. I might be pushing the analogy too hard. But Community Edition has also been rescued, redeemed, restored, rebuilt, security tested and security hardened. It’s been hugely extended to the point where it competes with Microsoft and Salesforce’s Enterprise Editions. It’s won two awards for the world’s best open source CRM. It’s completely open source and free to acquire and it’s very easy migrate to from SugarCRM Community Edition.
It’s also been renamed. It’s now called SuiteCRM. The company that rescued it is my company - SalesAgility. That seven years of passion, enthusiasm and commitment was not wasted.
SuiteCRM has gained rapid market acceptance and is now being used by some of the world's largest enterprises for deeply strategic, global projects. It's validated, it's fully featured, it’s growing fast and it's free and open source.
Users of Community Edition are not condemned to a life of uncertainty. They have a home to come to with SuiteCRM. It’s a home that will be familiar in many ways and it’s a home where they will be made very welcome.
Don’t you love a happy ending?