3 Reasons Your Understanding of Open-Source Security is Outdated

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Angel Borroy of Hyland examines three ways to tell your understanding of open-source security is outdated. It’s time to patch your thinking. 

What comes to mind when you hear “open-source?” Is it a community? Better quality software? A technology advantage that helps companies scale quickly? If so, congratulations. You understand the value developing with open-source software (OSS) can bring to a business, despite a lot of noise to the contrary. Recent headlines about OSS vulnerabilities paint open-source tools as risky and caution against serious consequences. According to Google, it could take years for the log4j vulnerabilities discovered in 2021 to be fixed across the entire ecosystem as problems persist. In January, security concerns gained enough traction to make it to the White House, where a summit on the security of OSS was held. And thanks to an uptick in global hacks, many organizations now want to take the most conservative approach possible when it comes to security.

I get it. Risk is scary. But it’s hardly unique to open-source. As someone who is part of the growing open-source community, I can’t keep quiet as recent events like these cast doubt on the technology and promise of open-source. So, if you see open-source only through the narrow lens of security, I want to open your eyes to the opportunities you might be missing.

Patching Outdated Thinking About Open-Source Security

Dismissing OSS as vulnerable or risky isn’t just wrong; it can be expensive. Open-source development can give businesses a significant advantage by speeding up deployments and making collaboration easier. And given how large and supportive the open-source community has grown, the risk landscape has gotten much tamer. But if you’re still hesitant, here are three reasons to rethink your outlook on open-source.

A Strong Community Helps Keep OSS Secure

Open-source is risky because anyone can see the code, right? Yes, and that’s true for the good guys and the bad guys. If I’ve learned one thing from attending numerous meetups in the open-source community, it’s that the passion and dedication of its members often counteract the intentions of even the greediest hackers. We tend to think that security should rely on secrecy, when history shows us the opposite is true. Open-source levels the playing field and allows for more brains to examine the problem at once.

Transparency and Customizability are Driving a New Generation of Talent

There are nearly three billion Android devices in the world— each one of them an open system that allows for far greater customizability than their Apple counterparts. Android’s open-source system enables users to make phones mimic their personalities with themes but can also become power tools with their pocket-sized computing power. Just as the Myspace generation learned to code through the social network, open-source Android devices in the pockets and backpacks of today’s students might be the inspiration for a new generation of tech talent.

Open Source is the Future of Cross-Company Collaboration

In B2B and among enterprises, open-source is becoming the standard for cross-company collaboration. With long traditions of proprietary development cycles, giants like Microsoft and Oracle are learning to embrace this approach. Oracle even consolidates and showcases the efforts of its developers in the open-source space in a distinct section of its website. This helps legitimize the open-source ecosystem and builds the foundation of the official and “de facto” standards that will ensure open-source has a permanent place in even the most extensive development ecosystems.

Despite recent headlines and growing pains, OSS presents a valuable opportunity for growth and innovation. The growing influence of OSS is hard to deny. And with a passionate community behind it, hard to doubt.