San Luis Valley IT

Websites and IT for Southern Colorado

What is open source and who cares?

softwaresysadmin

Most applications on your phone and computer are executable files (aka binary files). They were written in code by software developers, but once that code has been converted into an executable, it can't be converted back into code. Most software is installed like this, which means the user can not change it.

Open source licenses

When developers release the source code along with (or instead of) executable files, it's called open-source software. There are actually several open-source licenses that can more or less restrict usage of the software. Any creative work (not just software) can be released under an range of licenses:

Advantages

Open Source Software (OSS) is free, which is an advantage by axiom. But OSS shines in other ways too.

Many OSS projects were created by companies and individuals that had a need for a program or feature that wasn't widely available. Since these needs are often shared, other companies and individuals may start using the project. Some of them will have the know-how to detect security flaws, make bug fixes, and add features to the project. Users of commercial software are dependent on the vendor for this work, whereas OSS users rely on other users. For large projects, this army of users and contributors can outperform the work of a large company in supporting their software.

The result of all this is better software quality and higher security. More eyes are on the project, which is naturally also available to security researchers, students, and white-hat hackers. This provides a notable defense against supply chain attacks like the Solar Winds hacks[2].


[1] Wikipedia: Open Source: "Licenses which only permit non-commercial redistribution or modification of the source code for personal use only are generally not considered as open-source licenses." (Retrieved: 2021-10-01)

[2] U.S. Senate: The SolarWinds Cyberattack "It is an example of a digital supply chain attack, in which hackers insert malicious code into trusted third-party software, thus infecting potentially all of the hacked company’s customers."


< Back to all posts