3 Common Myths About Open Source Software

Featured article by Robert Cordray, Independent Technology Author

One of the buzzwords that has been floating around tech circles for the past several years is “open source.” Open source software has been around for quite a while, now, but there are still several misconceptions about it. Many people aren’t even quite sure what it means. Is it just freeware? Is it copyrighted material? How secure is it? Is it just cheap, low-quality junk that you use because you don’t want to shell out the money for a real program?

In the late ‘90s, several programmers, business professionals, and publishers banded together to found the Open Source Initiative to encourage tech workers to publicly release their source code. The idea behind the practice emphasizes the belief that by sharing source code and collaborating on it with other members of the tech community, professionals and companies could reap significant business rewards. This has led to widely-used products such as the Apache HTTP Server, Mozilla Firefox, and free alternatives to office suites such as OpenOffice and LibreOffice.

As open source initiatives have become more prevalent over the years, a wide range of misconceptions have grown up around them. Hopefully, we can help to dispel just a few of them below.

Open Source Software Security is Inherently Better/Worse Than Proprietary Software

It’s always confusing when different sources state something definitively and others claim the exact opposite. Some people believe that open source is inherently less secure than proprietary code that has been released by private companies. After all, they have money and resources to put behind it. They’re spending money and putting the company’s reputation on the line, and so they’re going to be most interested in making sure it’s free of vulnerabilities and has all the right safeguards in place. Meanwhile, open source is written by hobbyists and college kids with nothing better to do… right?

Meanwhile, others believe that open source is actually more secure. After all, with open source, you have a large community of people checking and double-checking each other, making sure that no vulnerability is missed. Many eyes on the code means the code will be more secure… right?

To put it bluntly, there’s no solid evidence either way. Open source code is not just written by amateurs and enthusiasts—in fact, one study found that almost half of those taking part in open source projects were IT professionals, including IT managers, sysadmins, and other higher-ups. Some people writing open source code are actually paid by tech giants like IBM and Sun Microsystems. As for open source being more secure, well, that’s not true, either. Whether the application you’re using is open source or commercial, it’s always wise to implement your own safeguards.

Because Cybercriminals Can View Open Source Code, It Is More Vulnerable

If anyone can just look at open source code, then that means that just anyone can find and exploit any vulnerabilities it might have, doesn’t it? And if anyone can do that, it’s vulnerable, right?

Not really, no. Just because someone can dig into the source code, that’s thousands upon thousands of lines, searching for a single vulnerable piece. That’s really not how it works. According to experts, the people who break software and exploit vulnerabilities aren’t going through, line-by-line, looking for errors. They use software tools that work on both open and closed source code and finds different ways to break it.

While I mentioned that making software open for anyone to view doesn’t automatically make it more secure, it does provide an opportunity for more people to find and fix errors that have slipped in.

“Open Source” Means Zero Cost

A lot of people equate the term “open source” with “free.” After all, if anyone can look at it, then anyone can use it, right? Well, that’s a pretty complicated question, so make sure you consider all angles before you implement an open source program into your workflow. Several of these programs still require support, and that support generally comes with a subscription cost. Depending on the algorithms that have been included, those algorithms may have been patented and require licensing as well. Open source is not just code for “free,” so look into the programs you want to use before making a final decision.

Open source software development is an important part of the tech industry. Because of that, it’s important to know what you’re dealing with. Rather than just assuming that the “common wisdom” is accurate, look into it and study how it can benefit your company. Make sure you have the proper security protocols in place, and hopefully, you’ll be able to implement it safely and efficiently to make your IT systems that much better.