Here’s the scenario: you’re writing a green field web application. This application will be used to power more than one e-commerce site, which means that it must be easily tailored. You can use any toolset you like, and the requirements are fairly standard (e.g. exporting data to CSV, modern UI, payment gateway, etc.). What do you choose?

1. Off-the-shelf e-commerce engine
2. Open-source e-commerce engine
3. Build your own

So, it seems you’ve got three options (anyone think of a 4th?). Of course within each of these options there are any number of competing solutions, especially in “build your own”, where you could potentially use any language, web server, etc.

I think with any software developer, the preference is to build one’s own. That way you get ultimate flexibility and intimate understanding of the code, which makes it easier to expand and customise. The downside is that you have more work up-front in order to get running.

Off-the-shelf (i.e. commercial) software tends to have a lot of features that your accountant and fulfillment department would like, and often gives you the ability to customise using one of a few popular languages or their own pseudo-language. The real advantage is that you can have a store quickly, or so you might think. Often, shoe-horning your data into their proprietary and closed-source format makes this option longer and more expensive than building it yourself.

All of which leaves open-source engines. You can be up and running quickly (like with commercial apps) but you have access to the source code if you decide you need to change things the way you want them. Potential downsides are lack of support and lack of particular features you might need (e.g. a particular payment gateway).

So, which would you choose?

Like anyone who has had the same e-mail address for 10 years, I get a lot of spam. Most of it gets filtered, by one mechanism or another. Occasionally the odd bit gets through. Unlike most people, I like to do something about it. For example, when I see Adobe CS3 for $99, I forward it to piracy@adobe.com.

This morning I received a phishing attempt for a Merrill Lynch trading account - ironic considering I work for one of their competitors (in my day job). So I clicked on it and it brought me here. If you’re using Firefox 2.0, the screen will go dark and you’ll get a big message warning you this is a phishing site. That didn’t happen this morning, so I reported it (which is horribly simple: while at the site go to the Help menu and select “Report Web Forgery …”. I set ReloadEvery to work, and within about an hour the site was now tagged.

The downside of this is that the people who report these sites use Firefox and know what a phishing site looks like anyway, but the people who need the phishing protection use that other browser.