For years, network automation has been propped up by the same familiar tools and the same familiar story:
a clever mix of Python, Netmiko, NAPALM, Bash, cron jobs, Oxidized, RANCID, and whatever else an engineer could glue together on a Friday evening.

And honestly? It worked.
It was brilliant for its time.
It kept networks alive when there were no vendor APIs, no proper automation platforms, and no commercial NCM tools worth paying for.

But here’s the truth nobody wants to say too loudly:

That era is over.
Not because engineers suddenly lost their talent, or because scripting stopped being useful — but because the regulatory world has completely changed the rules.

This is no longer a conversation about taste in automation.
It’s about governance.
It’s about legal obligation.
It’s about business risk.
And it’s about the unavoidable fact that patch-work scripting and unsupported legacy tooling can no longer be justified in any serious production environment.

The Script Era Was Never Enterprise-Ready — We Just Pretended It Was

Let’s be honest with ourselves: businesses have been relying on fragile, side-of-desk automation for years simply because there wasn’t a better option.
But Python scripts, half-maintained Git repos, unpatched Oxidized servers, and RANCID boxes running under someone’s desk were never enterprise systems.

They worked only because of the heroic efforts of a tiny number of engineers who understood how everything fit together.

Take those engineers away — and the “automation” collapses.

The harsh reality is that these setups rely on:

• undocumented personal knowledge

• tooling with no authentication

• systems with no governance

• environments held together by trust, not control

• code that nobody outside one or two people understands

This isn’t safety.
It isn’t resilience.
It isn’t compliance.

It’s technical debt in disguise.

And in 2025, it’s dangerous.

Why Businesses Shouldn’t Bet Their Future on Patch-Work Automation

My honest view is simple:
Production businesses should not — and must not — rely on unsupported, insecure, home-grown scripting as their network configuration management platform.

Not because scripting is bad.
But because scripting is personal, not organisational.
It is fast, but not sustainable.
It is powerful, but not governed.

Even in R&D labs — where anything goes — the world has changed.
Labs hold sensitive data.
Labs influence production decisions.
Labs are connected to real infrastructure.

The idea that “anything is fine because it’s not prod” died the moment regulators and insurers started treating every connected environment as a risk surface.

In other words:
even experimentation now requires grown-up tooling.

Unsupported Open Source Isn’t the Enemy — It Just Isn’t Enough Anymore

Open source is fantastic.
It drives innovation.
It creates community.
It gives us visibility and control.

But open source must be anchored by vendor support if it’s going to sit at the heart of a business-critical security control.

Oxidized and RANCID were never designed for modern expectations.
They were community tools from a different generation — and they look like it:

No authentication.
No RBAC.
No formal audit trail.
No compliance story.
No structured maintainership.
No defensible security model.

This isn’t negligence.
It’s simply the architectural reality of software written long before NIS2, DORA, and zero-trust were even concepts.

These tools were “good enough” when the stakes were low.
But the stakes aren’t low anymore.

Regulation Changed the Entire Landscape Overnight

The biggest shift — and the reason this debate is now effectively over — is regulation.

NIS2 demands secure configuration processes, identity enforcement, traceable changes, and provable governance.
DORA requires configuration integrity, attribution, resilience, and recovery evidence.
Cyber insurers are demanding MFA, vendor support, patch management, and clear security ownership.
Auditors want logs, identity, and verification.
Boards want assurance.
CISOs want to eliminate silent risks.

None of these stakeholders will accept:

• a Git repo full of unreviewed scripts

• a cron job running critical device backups

• an Oxidized instance with no authentication

• a RANCID box nobody has touched in 8 years

You could argue all day about engineering elegance — but none of that matters anymore.

Not to auditors.
Not to regulators.
Not to insurers.
Not to the board.

Compliance ended the debate, not engineers.

Why “Grassroots Automation” Lost Ground

For over a decade, the industry romanticised grassroots, hacker-style automation:

“Just script it.”
“Put it in Git.”
“Learn Python.”
“Automate everything.”
“Build your own tools.”

And while those ideas pushed the industry forward, they also built a false narrative:

that businesses could build enterprise resilience on top of hobbyist tooling.

That might work for a home lab.
It does not work for an organisation with legal responsibility for uptime, safety, data protection, and compliance.

Grassroots has lost ground not because the engineers failed — but because the accountability model changed.

Organisations cannot rely on:

• passion projects

• single-maintainer tools

• fragile automation

• undocumented internal scripts

• unpatched open-source

• “it works, don’t touch it” approaches

Regulators have set the new minimum.
It requires identity, logging, traceability, governance, and support.

That’s not a script.
That’s a system.

The Future Is Vendor-Supported Open Source with Governance Built In

This is exactly why rConfig V8 Core exists.

Not to replace scripting.
Not to stifle innovation.
But to give the industry what it has been missing for 15 years:
an open-source NCM platform that is modern, secure, governed, compliant, and backed by a vendor.

• rConfig V8 Core brings the open-source foundation.

• rConfig Pro expands advanced automation.

• rConfig Enterprise introduces SSO/SAML2/OIDC, HA, compliance, and governance.

• rConfig Vector gives MSPs and operators a fully distributed NCM fabric.

This is the right future:
not scripts pretending to be systems,
but systems that still allow engineers to innovate.

This is open source growing up — without losing its soul.

Conclusion: Compliance Finished the Fight — Not Me

I’m not anti-script.
I’m not anti-open source.
I’m not anti-community.

I’m anti-risk.
Anti-exposure.
Anti-insecure infrastructure.

The script era taught us everything.
It carried us further than anyone expected.
But it can’t carry us into a regulated future.

Compliance has spoken.
Auditors have spoken.
Insurers have spoken.
Boards have spoken.
The industry must now speak honestly too.

It’s time for serious, secure, supported, compliant network configuration management.

The script era is over.
Now the systems era begins.