Is Open Source Still Lacking Security?

Open Source

Over the last decade, the perception of open source software has improved drastically. Proprietary software is increasingly seen as limiting due to concerns regarding both future flexibility and vendor lock-in. Today the open source model is much better understood, and organisations from Facebook to Google and countless others are recognising open source as vital to the future of digital business. And most organisations are already leveraging it in some aspect of their IT operations.

Commercial open source in particular provides a platform for technology that’s customer-ready – and ready to be productised. Yet despite growing acceptance of open source, organisations are still concerned about indemnities and security. We’ll take some time to debunk the myths about open source lacking security.

Open Source Community Provides Platform For Secure Innovation

Open source communities collaboratively develop new innovations with a global network of developers, architects, and subject-matter experts. Increasingly, these communities are widely recognised as a vibrant resource, providing professional feedback from industry experts—feedback that can help organisations develop more robust code, faster fixes, and even innovations and improvements that enable new services.

In a proprietary model, the software is only as good as the small set of developers focused on it. Organisations that lean on third-party vendors for their proprietary software may feel more secure, but that security is an illusion: in the name of proprietary IP, vendors can easily shield enterprise customers from finding out if their code has security holes or not— until hackers start exploiting those holes.

Although some enterprises have hesitations concerning security, the large global network of contributors in the open source community does extremely high-quality work, and they are very protective of their reputations. Because the entire community can see their work, their professional credibility is on the line every time they release code—so they will not release code with their name on it until they’ve thoroughly vetted it.

Once they overcome these security fears, enterprises begin to realise there are stable new releases that can maximise the quality, efficiency and overall value of the software. As a result, enterprises are now free to focus on the value of building new and innovative services rather than on the technical underpinnings that make these services possible.

Commercial Open Source: The Best Of Both Worlds

Organisations that leverage commercial open source software benefit from the best of open source and proprietary models. Enterprises desire a development model that fosters ongoing innovation. In the open source development model, organisations can contribute code tailored to their needs back to the project. With commercial open source, any new code is put through a rigorous quality assurance (QA) process to protect the security of enterprise customers and their end users.

Modifications that have value for the wider base of enterprise customers are vetted and then accepted into the code base by the community. Maximising the value of open source requires a strong relationship with a commercial open source vendor that encourages community creativity and contributions. Enterprises are also able to contribute code to support their businesses. Commercial open source vendors provide the support and rigorous product development process, including testing against databases, containers, and QA, that are typically provided when developing proprietary software.

Open Source Critical To Future Of Digital Business & Citizen Services

Massive market disruption is occurring, as enterprises and government organisations steadily move toward a fully-personalised, omni-channel and integrated digital experience built upon mobile, cloud, the Internet of Things (IoT) and social media technologies. Existing technologies struggle to keep pace or fall behind in breadth and depth of capability. Utilising open source can be a critical enabler for accelerating rate of change for the new customer-centric digital experience. Open source development models provide the flexible open architectures and limitless scalability that are essential to building innovative, agile, and robust solutions with ease and speed.

Measuring Value Of Open Source With High Levels Of Security & Innovation

If an organisation isn’t already using open source, they may be behind the times. The success of open source should be determined by its ability to provide a high level of security and innovation. Gartner predicts that by 2016, 99 percent of the Global 2000 will use open source. Andrea Di Maio, a Gartner analyst, noted open source is becoming increasingly popular with governments as they look for ways to reduce spending and increase efficiency. This wouldn’t happen if open source wasn’t secure. Open source provides security validation through its transparency, something proprietary software cannot do.

Truly innovative organisations are focusing on increasing strengths that enable them to execute better and faster, and more importantly, to improve customer engagement. In today’s world of ever-growing digital businesses and services, commercial open source provides an ideal platform for organisations to focus on providing value to customers and increasing revenue streams.

Neil Chapman

Neil has been selling mission-critical enterprise technology solutions across the globe for nearly 20 years. He has worked with financial services giants like Enron and Credit Suisse and headed sales and business development at a variety of enterprise solution vendors. A veteran of several startups and mid-stage growth technology companies, Neil brings an entrepreneurial, commercial-driven focus to ForgeRock’s growth strategy. Neil is passionate about open source, good science, mountains and the written word.