What is open source and who cares?
softwaresysadminMost applications on your phone and computer are executable files (aka binary files). They were written in code by software developers, but once that code has been converted into an executable, it can't be converted back into code. Most software is installed like this, which means the user can not change it.
Open source licenses
When developers release the source code along with (or instead of) executable files, it's called open-source software. There are actually several open-source licenses that can more or less restrict usage of the software. Any creative work (not just software) can be released under an range of licenses:
-
All rights reserved means the creator keeps copyright over the creative work. These works are not considered open source. This is usually designated with a copyright symbol, but doesn't have to be. All creative works default to all rights reserved by the creator unless another license is specified. That is, unless a creator specifies a work as open source, it isn't!
-
Restrictive open source licenses such as GPL, Apache, and some creative commons licenses restrict the use of released works, such as only permitting non-commercial use, or requiring attribution to the original source. Sometimes, non-commercial licenses are not considered open source[1].
-
Nonrestrictive open source licenses such as the MIT or WTFPL licenses have less restrictive clauses. They're only a step above public domain.
-
Public domain means no rights are reserved by anyone. Public domain works are free to use, distribute, sell, etc. They're free to the public. Copyright holders lose their copyright 100 years after their death. At that point, the copyright is said to expire and the work is automatically released into the public domain.
Advantages
Open Source Software (OSS) is free, which is an advantage by axiom. But OSS shines in other ways too.
Many OSS projects were created by companies and individuals that had a need for a program or feature that wasn't widely available. Since these needs are often shared, other companies and individuals may start using the project. Some of them will have the know-how to detect security flaws, make bug fixes, and add features to the project. Users of commercial software are dependent on the vendor for this work, whereas OSS users rely on other users. For large projects, this army of users and contributors can outperform the work of a large company in supporting their software.
The result of all this is better software quality and higher security. More eyes are on the project, which is naturally also available to security researchers, students, and white-hat hackers. This provides a notable defense against supply chain attacks like the Solar Winds hacks[2].
[1] Wikipedia: Open Source: "Licenses which only permit non-commercial redistribution or modification of the source code for personal use only are generally not considered as open-source licenses." (Retrieved: 2021-10-01)
[2] U.S. Senate: The SolarWinds Cyberattack "It is an example of a digital supply chain attack, in which hackers insert malicious code into trusted third-party software, thus infecting potentially all of the hacked company’s customers."