"Open-source is free" is the most expensive sentence in school IT procurement. Open-source school management software like Fedena, Gibbon, and OpenSIS has no license fee — but you take on hosting, security patching, backups, integrations, and upgrades yourself. SaaS tools like Borderset and PowerSchool fold all of that into a subscription. The right answer depends on your school's capacity, not on the sticker price.
This piece is written by people who have run both kinds of implementations. We will be fair to open-source — there are real cases where it wins — and we will be honest about where it does not.
Where open-source genuinely wins
Open-source is the right choice when three conditions are all true: you have a competent in-house developer (not a part-time contractor), you have an unusual workflow that no SaaS will support, and you have a security review process that can take responsibility for patching, backups, and incident response. Some research-led schools, university lab schools, and nonprofits with strong tech volunteers fit this profile. So do schools in regions where local data residency demands self-hosting.
In those cases, Gibbon, Fedena Community, or OpenSIS can be shaped to almost anything. The community is real, the code is auditable, and you are not beholden to a vendor roadmap.
Where SaaS like Borderset fits better
Most K-12 schools do not have a full-time developer dedicated to their SIS, and they should not pretend they do. SaaS means someone else patches the database, rotates TLS certificates, runs penetration tests, and ships upgrades on a predictable schedule. Borderset bundles student tracking, teacher tracking, scheduling, and exam management into one platform you can launch in weeks.
The hidden multiplier for SaaS is operational simplicity at scale. A multi-campus group running an open-source instance per site discovers very quickly that the "free" software is the cheapest part of the equation.
Side-by-side
| Dimension | Open-source (Fedena, Gibbon, OpenSIS) | SaaS (Borderset, PowerSchool) |
|---|---|---|
| License cost | Zero | Per-seat subscription |
| Hosting & ops | You own it | Vendor managed |
| Security responsibility | School / IT | Vendor (with SOC-style controls) |
| Customization | Unlimited (you have the code) | Configurable within product |
| Integrations | Build / community modules | Vendor-supported |
| Time to live | Months | Weeks |
| Best fit | Very small or very unusual schools with strong IT | Most K-12 schools and multi-campus groups |
The TCO conversation no one likes having
When schools price out an open-source SIS honestly, the numbers include: server hosting, backups and offsite replication, security patching cycles, annual penetration testing, integration engineering for accounting and communication tools, and the salary load of a person who can do all of the above. By the time you total it, the "free" option often costs more than a Borderset subscription — and it carries more risk because no single vendor is on the hook when something breaks. Background reading: why one SIS beats spreadsheets and what to expect integrating your SIS.
Security: who carries the pager
K-12 security incidents in 2024 and 2025 made one thing clear: schools are targets, and recovery is brutal. With an open-source SIS, the school is the security operations team. That means tracking CVEs in the framework you self-host, applying patches without breaking custom modules, hardening the database, monitoring access logs, and responding to incidents in the middle of the night. Few schools have the staff to do this convincingly.
A SaaS vendor's reputation is its security posture. Patches, audits, and intrusion detection are continuous work done by people whose only job is to do them. That is not a marketing claim; it is the structural difference between buying a service and running one.
Integrations are where open-source ages fastest
An SIS is rarely the only system a school runs. Accounting, communication, learning platforms, and authentication all need to talk to it. Community modules for open-source tools age unpredictably — what worked in 2023 may not work after a Google or Microsoft API change in 2026. SaaS integrations are part of the product roadmap; community integrations are a volunteer project until someone gets paid to maintain them. For multi-campus groups especially, that drift is not survivable.
How to choose
Choose open-source only if you have full-time engineering capacity, an unusual workflow that genuinely cannot be served by SaaS defaults, and a security posture you can audit yourself. Otherwise, choose SaaS — and pick the one whose defaults match your school's shape. For the broader market, see the best school management system 2026 roundup. Borderset's tiers are on the pricing page, larger groups can review enterprise plans, and you can book a demo.