Three Ways to Fix Your Open Source Software Security Thinking


What comes to mind when you hear “open source?”

Is it a community? Better software? A technology advantage that helps businesses scale quickly? If so, congratulations. You understand the value that open source software development can bring to a business, despite many rumors to the contrary.

Recent headlines about OSS vulnerabilities describe open source tools as risky and warn of serious consequences. According to Google, it can take years for Log4j vulnerabilities discovered in 2021 to be patched across the ecosystem the problems persist.

In January, security concerns escalated enough to make it to the White House, where an OSS security summit was held. And thanks to an increase in global hacks such as solar windsmany organizations now want to take the most conservative approach to security possible.

I understand. Risk is scary. But that’s not unique to open source. As a member of the growing open source community, I cannot be silent as recent events like these cast doubt on the technology and the promise of open source. So if you only see open source through the narrow lens of security, I want to open your eyes to the opportunities you might be missing.

Fix outdated ideas about open source security

To dismiss free software as vulnerable or risky is not simply wrong. It can be costly. Open source development can give companies a big advantage by speeding up deployments and making collaboration easier. And given the breadth and support of the open source community, the risk landscape has become much tamer. But if you’re still hesitating, here are three reasons to rethink your outlook on open source:

  • A strong community contributes to the security of the OSS. Open source is risky because anyone can see the code, right? Yes, and that’s true for the good guys and the bad guys. If I’ve learned one thing from attending many encounters in the open source community, it’s that the passion and dedication of its members often thwarts the intentions of even the most avid hackers. We tend to think that security should be based on secrecy, when history shows us otherwise. Open source levels the playing field and allows more brains to examine the problem at the same time.
  • Transparency and personalization are driving a new generation of talent. There are almost 3 billion Android devices around the world – each of which is an open system that allows far greater customization than their Apple counterparts. Android’s open source system allows users to make phones emulate their personality with themes, but can also become powerful tools with the pocket computing power they offer. Just like the Myspace generation learned to code via the social network, the open-source Android devices in the pockets and backpacks of today’s students could be the inspiration for a new generation of tech talent.
  • Open source is the future of cross-enterprise collaboration. In business-to-business and business-to-business markets, open source is becoming the norm for business-to-business collaboration. Giants such as Microsoft Corp. and Oracle Corp., with a long tradition of proprietary development cycles, take this approach. Oracle consolidates and even values ​​the efforts of its developers in open source in a separate section of its website. This helps legitimize the open source ecosystem, but also lays the foundation for official and de facto standards that will ensure that open source has a permanent place in even the largest development ecosystems.

Despite recent headlines and growing pains, open source software presents a valuable opportunity for growth and innovation. Its growing influence is hard to deny, and with a passionate community behind it, hard to doubt.

Angel Borroy is a developer evangelist at Hyland Software Inc., which provides enterprise content management software solutions. He wrote this article for SiliconANGLE.

Image: Elchinator/Pixabay

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.


Comments are closed.