Use this when the team is deciding whether to build a capability in-house, buy a commercial product, or adopt an open-source solution. Covers total cost of ownership, strategic alignment, team capability, and long-term maintainability.
Related skills: Use
/decision-brieffor the options-and-tradeoffs format. Use/vendor-security-assessmentfor evaluating vendor security. Use/vendor-evaluationfor structured vendor comparison. Use/adr-generatefor documenting the decision. Use/technology-roadmapfor portfolio context.
Process
Step 1: Gather inputs
Collect from the decision maker:
- Capability needed -- specific requirements, not just a category (not "we need an email service" but "we need transactional email with template management, delivery tracking, and 99.9% SLA for 500K sends/month")
- Current team skills and capacity -- who would build/integrate this, and what else are they working on
- Timeline pressure -- when does this capability need to be in production
- Strategic importance -- is this a core differentiator or commodity infrastructure
- Integration requirements -- what existing systems must this connect to
- Compliance/security constraints -- data residency, encryption, audit requirements
- Budget -- available budget for licensing, infrastructure, and engineering time
Step 2: Define evaluation criteria
Use these standard criteria. Ask the user to adjust weights based on their priorities (weights must sum to 100):
| Criterion | Default weight | Description |
|---|---|---|
| Initial implementation cost | 15 | Engineering effort to get to production |
| Ongoing cost (3-year TCO) | 20 | Total cost over 3 years including maintenance |
| Time to value | 15 | How quickly the capability is usable |
| Customizability/flexibility | 10 | Ability to adapt to specific needs |
| Team expertise required | 10 | Skills needed to build and maintain |
| Vendor lock-in risk | 10 | Cost and difficulty of switching later |
| Security/compliance | 10 | Meeting regulatory and security requirements |
| Maintenance burden | 5 | Ongoing engineering attention required |
| Scalability | 5 | Ability to grow with the business |
Step 3: Evaluate Option A -- Build
Estimate honestly (engineers chronically underestimate build costs):
- Engineering effort: {{X}} team-months to initial production
- Ongoing maintenance: {{15-25}}% of build cost per year (this is the number teams always forget)
- Time to production: {{X}} months
- 3-year TCO: Build cost + (3 x annual maintenance) + infrastructure
- Risks: Timeline slippage, talent dependency (what if the builder leaves), scope creep, opportunity cost (what else could the team be building)
- Advantages: Full control over functionality, exact fit for requirements, no vendor dependency, deep institutional knowledge
Step 4: Evaluate Option B -- Buy
Estimate the real cost, not just the license fee:
- Licensing cost (3-year TCO): Year 1 + Year 2 + Year 3 (account for price escalation)
- Implementation/integration effort: {{X}} team-months
- Ongoing integration maintenance: {{X}} team-months/year
- Vendor evaluation: Reference
/vendor-evaluationfor structured comparison if multiple vendors - 3-year TCO: Licensing + implementation + (3 x integration maintenance) + infrastructure delta
- Risks: Vendor lock-in, feature gaps requiring workarounds, pricing changes at renewal, vendor viability, data migration complexity if switching
- Advantages: Faster time to value, maintained and updated by vendor, proven at scale, support available
Step 5: Evaluate Option C -- Adopt open-source
Estimate the real cost (open-source is free like a puppy is free):
- Integration effort: {{X}} team-months to production
- Internal maintenance/contribution cost: {{X}} team-months/year
- Community health: Contributors (active count), release cadence, governance model, corporate backing
- 3-year TCO: Integration + (3 x maintenance) + infrastructure + internal expertise development
- Risks: Project abandonment, security vulnerabilities without commercial support, breaking changes in major versions, support gaps for edge cases
- Advantages: No licensing cost, full source transparency, customizable, community ecosystem
Step 6: Generate scored comparison matrix
# Build vs Buy vs Adopt -- {{capability_name}}
## Evaluation date: {{date}}
## Decision maker: {{name/role}}
| Criterion | Weight | Build | Buy | Adopt (OSS) |
|---|---|---|---|---|
| Initial implementation cost | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Ongoing cost (3-year TCO) | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Time to value | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Customizability | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Team expertise required | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Vendor lock-in risk | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Security/compliance | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Maintenance burden | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| Scalability | {{w}} | {{score}}/5 | {{score}}/5 | {{score}}/5 |
| **Weighted total** | | **{{total}}** | **{{total}}** | **{{total}}** |
## 3-Year TCO comparison
| | Build | Buy | Adopt |
|---|---|---|---|
| Year 1 | {{$}} | {{$}} | {{$}} |
| Year 2 | {{$}} | {{$}} | {{$}} |
| Year 3 | {{$}} | {{$}} | {{$}} |
| **Total** | **{{$}}** | **{{$}}** | **{{$}}** |
## Key differentiators
{{What makes each option stand out, positive and negative}}
Step 7: Produce recommendation
## Recommendation
**Recommended option:** {{Build / Buy / Adopt}}
**Rationale:** {{2-3 sentences explaining why this option wins}}
**Honest tradeoffs:** {{What you're giving up by choosing this option}}
**Key risk to watch:** {{The single biggest risk with this choice}}
**Revisit triggers:** Re-evaluate this decision if:
- {{Condition 1, e.g., "team grows beyond 20 engineers"}}
- {{Condition 2, e.g., "vendor raises prices more than 20% at renewal"}}
- {{Condition 3, e.g., "the OSS project loses its primary maintainer"}}
**Cost of switching later:** {{What it would take to reverse this decision}}
Step 8: Review
Before finalizing, ask:
- Are the cost estimates realistic, or are we being optimistic about build timelines and pessimistic about vendor pricing (or vice versa)?
- Is the team being honest about maintenance burden? (Build maintenance is always higher than estimated.)
- Are there strategic factors that override the scorecard? (Sometimes you build a commodity because it's your competitive moat.)
- Does this decision need an ADR? (Usually yes -- use
/adr-generate.) - Who else needs to weigh in before this is final?
Output location
Save to deliverables/build-vs-buy-{{capability_name}}-{{date}}.md. If an ADR is generated, link to it from the recommendation.
Example Output
Input
- Capability needed: Real-time fraud scoring for payment transactions — sub-100ms latency, ML model inference, rules engine overlay, explainability output for dispute teams, and 99.95% uptime SLA at 8,000 transactions/minute peak
- Company context: Meridian Payments, a Series C fintech (~180 engineers); 3 ML engineers and a 6-person platform team would own this; platform team is currently 60% allocated to a core ledger migration
- Timeline pressure: Regulatory audit in 7 months requires demonstrable fraud controls; current rule-based system flagged as insufficient by external auditors
- Strategic importance: Fraud loss rate is a direct P&L line and a key metric for their upcoming Series D; leadership considers fraud decisioning a competitive differentiator
- Integration requirements: Must connect to Kafka event stream, Postgres transaction history, and internal case management tool (Retool-based); REST or gRPC only
- Compliance constraints: PCI-DSS Level 1, SOC 2 Type II required; transaction data cannot leave US-East AWS region
- Budget: $800K available over 3 years (capex + opex combined)
Output (abbreviated)
Build vs Buy vs Adopt — Real-Time Fraud Scoring
Evaluation date: 2024-11-14
Decision maker: VP Engineering, Meridian Payments
Evaluation criteria (adjusted weights)
| Criterion | Weight | Rationale for adjustment |
|---|---|---|
| Initial implementation cost | 10 | Slightly downweighted — budget exists |
| Ongoing cost (3-year TCO) | 20 | Unchanged |
| Time to value | 20 | Increased — 7-month audit deadline is hard |
| Customizability/flexibility | 15 | Increased — differentiation matters for Series D |
| Team expertise required | 5 | Decreased — team is strong but constrained |
| Vendor lock-in risk | 10 | Unchanged |
| Security/compliance | 10 | Unchanged — PCI-DSS non-negotiable |
| Maintenance burden | 5 | Unchanged |
| Scalability | 5 | Unchanged |
Scored comparison matrix
| Criterion | Weight | Build | Buy (Sardine / Sift) | Adopt (Featureform + custom) |
|---|---|---|---|---|
| Initial implementation cost | 10 | 2/5 | 4/5 | 3/5 |
| Ongoing cost (3-year TCO) | 20 | 3/5 | 2/5 | 4/5 |
| Time to value | 20 | 1/5 | 5/5 | 2/5 |
| Customizability | 15 | 5/5 | 3/5 | 4/5 |
| Team expertise required | 5 | 2/5 | 4/5 | 3/5 |
| Vendor lock-in risk | 10 | 5/5 | 2/5 | 4/5 |
| Security/compliance | 10 | 4/5 | 4/5 | 3/5 |
| Maintenance burden | 5 | 2/5 | 4/5 | 3/5 |
| Scalability | 5 | 3/5 | 5/5 | 3/5 |
| Weighted total | 2.85 | 3.55 | 3.30 |
Scoring note: Build scores 1/5 on time to value because honest estimate is 10–12 months to production-grade ML inference with the team's current capacity constraints — 3 months past the audit deadline.
3-Year TCO comparison
| Build | Buy (Sardine) | Adopt (OSS) | |
|---|---|---|---|
| Year 1 | $390,000 | $310,000 | $240,000 |
| Year 2 | $120,000 | $195,000 | $110,000 |
| Year 3 | $120,000 | $215,000 | $115,000 |
| Total | $630,000 | $720,000 | $465,000 |
Build assumptions: 4 team-months at $65K loaded cost each for initial build; 20% annual maintenance on $260K build cost; $18K/yr AWS inference infrastructure.
Buy assumptions: $240K Year 1 (implementation + license); 8–10% annual price escalation at renewal (Sardine's standard contract structure); 0.5 team-months/year integration maintenance.
OSS assumptions: 3 team-months integration (Featureform feature store + MLflow + custom scoring service); 1.5 team-months/year maintenance; $22K/yr infrastructure. Does not include cost of expertise ramp or incident response gaps.
Key differentiators
Build
- ✅ Exact model architecture control; full explainability customization for dispute team workflows
- ✅ No vendor dependency on a critical P&L system
- ❌ Cannot meet the 7-month deadline — team is at 60% capacity on ledger migration; realistic timeline is Q3 2025
- ❌ If either ML engineer leaves, institutional knowledge risk is severe
Buy (Sardine)
- ✅ Production-ready in 6–10 weeks; audit deadline is achievable
- ✅ Pre-built PCI-DSS and SOC 2 compliance documentation; reduces audit prep by ~4 weeks
- ✅ Network effects — Sardine's consortium fraud signals across 200+ fintechs improve detection rates out of the box
- ❌ $720K is 10% over stated budget; needs negotiation or scope reduction
- ❌ Model explanations are black-box by default; requires add-on for dispute team use case
- ❌ Significant switching cost if Meridian outgrows the platform or pricing escalates post-Series D
Adopt (OSS)
- ✅ Lowest 3-year cost; most flexibility long-term
- ✅ No data leaves Meridian's AWS environment — cleanest PCI posture
- ❌ 8–10 month realistic timeline; misses audit deadline
- ❌ "Free" obscures real cost — Featureform requires deep Kafka/Redis expertise the team does not currently have
- ❌ OSS fraud tooling community is fragmented; no single project has strong governance backing
Recommendation
Recommended option: Buy (Sardine), with a contractual exit ramp
Rationale: The 7-month audit deadline is a hard constraint that eliminates both Build and OSS as viable primary options given the platform team's current capacity. Sardine's consortium signals also provide immediate detection quality that a net-new internal model cannot match in the first 12–18 months. The TCO premium over Build ($90K over 3 years) is justified by the audit risk and Series D narrative value of demonstrably improving fraud loss rates quickly.
Honest tradeoffs: Meridian is paying for speed and transferring control of a system leadership considers a differentiator. The "differentiator" value is real — but it won't be realized through proprietary model architecture in Year 1 regardless of which option is chosen. Buy gets Meridian to a defensible position now; customization can be layered later.
Key risk to watch: Sardine pricing at Year 2 renewal. Series C fintechs frequently see 25–40% price increases once they're operationally dependent. Negotiate a 3-year price cap in the initial contract or this $720K estimate becomes $850K+.
Revisit triggers: Re-evaluate this decision if:
- Meridian's ML team grows to 6+ engineers and ledger migration completes (Build becomes viable)
- Sardine raises renewal pricing more than 15% or is acquired (evaluate exit)
- Fraud loss rate fails to improve by at least 20% within 6 months of go-live (evaluate model quality)
- A strategic acquirer or partner requires proprietary model IP (Build immediately becomes necessary)
Cost of switching later: Moderate-to-high. Transaction history and model training labels will accumulate inside Sardine's platform. A future migration to internal infrastructure requires 3–4 months of data export, retraining, and shadow-mode validation before cutover. Negotiate full data