UPDATED 16:11 EST / JULY 04 2022

APPS

Three ways to patch your thinking about open-source software security

What comes to mind when you hear “open source?”

Is it a community? Better-quality software? A technology advantage that helps companies scale quickly? If so, congratulations. You understand the value developing with open-source software can bring to a business — despite a lot of noise to the contrary.

Recent headlines about OSS vulnerabilities paint open-source tools as risky and caution against serious consequences. According to Google, it could take years for the Log4j vulnerabilities discovered in 2021 to be fixed across the entire ecosystem as problems persist.

In January, security concerns gained enough traction to make it to the White House, where a summit on the security of OSS was held. And thanks to an uptick in global hacks such as SolarWinds, many organizations now want to take the most conservative approach possible when it comes to security.

I get it. Risk is scary. But it’s hardly unique to open source. As someone who is part of the growing open-source community, I can’t keep quiet as recent events like these cast doubt on the technology and promise of open source. So, if you see open source only through the narrow lens of security, I want to open your eyes to the opportunities you might be missing.

Patching outdated thinking about open-source security

Dismissing OSS as vulnerable or risky isn’t just wrong. It can be expensive. Open-source development can give businesses a big advantage by speeding up deployments and making collaboration easier. And given how large and supportive the open-source community has grown, the risk landscape has gotten much tamer. But if you’re still hesitant, here are three reasons to rethink your outlook on open source:

  • A strong community helps keep OSS secure. Open source is risky because anyone can see the code, right? Yes, and that’s true for the good guys and the bad guys. If I’ve learned one thing from attending numerous meetups in the open-source community, it’s that the passion and dedication of its members often counteracts the intentions of even the greediest hackers. We tend to think that security should rely on secrecy, when history shows us the opposite is true. Open source levels the playing field and allows for more brains to examine the problem at once.
  • Transparency and customizability are driving a new generation of talent. There are nearly 3 billion Android devices in the world — each one of them an open system that allows for far greater customizability than their Apple counterparts. Android’s open-source system allows users to make phones mimic their personalities with themes, but can also become power tools with the pocket-sized computing power they offer. Just as the Myspace generation learned to code through the social network, open-source Android devices in the pockets and backpacks of today’s students might be the inspiration for a new generation of tech talent.
  • Open source is the future of cross-company collaboration. In business-to-business markets and among enterprises, open source is becoming the standard for cross-company collaboration. Giants such as Microsoft Corp. and Oracle Corp., with long traditions of proprietary development cycles, are embracing this approach. Oracle even consolidates and showcases the efforts of its developers in the open source in a distinct section of its website. This helps legitimize the open source ecosystem, but also builds the foundation of the official and de facto standards that will ensure open source has a permanent place in even the largest development ecosystems.

Despite recent headlines and growing pains, open-source software presents a valuable opportunity for growth and innovation. Its growing influence of is hard to deny, and with a passionate community behind it, hard to doubt.

Angel Borroy is a developer evangelist at Hyland Software Inc., which provides enterprise content management software solutions. He wrote this article for SiliconANGLE.

Image: Elchinator/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU