If you see the immense success that Linux, Firefox, Android and other software have achieved over the years, it’s all thanks to the power of open source. What makes open-source software so great is that it is a result of selfless work of thousands of developers from around the world, who, in their free time, volunteer to create or help build their favorite applications.
Open-source software gives developers and users alike the ability to browse, modify, and redistribute the source code thus leading to more transparency. So, if a person X creates a particular software and he or she couldn’t manage to fix a bug, then someone from halfway round the world might spot that bug and help this developer. This is why a lot of people think that going the open-source way makes the software more reliable and secure. Here are some of the main reasons why we think open source software is better than proprietary ones in terms of security:
1. A vulnerability is a vulnerability, even if the source is closed
Suppose a company have a closed-source application and one of the developers spot vulnerability in it. Now, depending on the severity of the problem, the developer may or may not decide to fix it. The company that owns the software might even overlook that bug in favor of pushing a new feature out giving the excuse that the bug doesn’t affect a majority of people. In open-source on the other hand, the bug will be reported in public, everyone involved with the project will be able to see it, and there will be more than a dozen people from around the world who’ve faced the same error. Turns out, there will also be a few developers seeing that problem who are willing to fix that issue thus making the project much better by being more stable.
2. Open-source means transparency
While we all know that in open-source anyone from around the world can browse the source code. However, one may ask the question, how does that ensure security? Well, the answer is simple: transparency. In open-source, we can rest assured that the software we are using is free from any tracking software or malware that is often included in many closed-source software. For example, in a proprietary software, the developer may add a tracking option allowing him or her to gather data about users so as to make the product better. This, on the other hand, can rarely happen in the world of open-source. And, even if it does, someone or the other will spot it soon enough, and will notify the users about it.
Also, if we come to trust, Ken Thomson made a brilliant statement about this topic. In his Reflections on Trusting Trust speech, he said that trust is relative. Also, you cannot trust code that you didn’t totally create yourself and that no amount of source-level verification or scrutiny will protect you from using untrusted code. So, what this means is that even though both open-source and closed-source aren’t supposed to be trusted 100%, you can, however rest assured that the software you’re using is relatively more secure than a closed-source one.
3. Closed-source software is more prone to attacks than open-source software
How many open-source projects have you seen getting hacked? Think like a hacker for a moment, what would be more fun to hack? Something that is closed or something that is accessible to everyone?
If you see most of the attacks that have happened, they have been against closed-source software. Cracks are released, vulnerabilities are found, making things harder for the developers. Plus, there is a general consensus that many of these hackers have a pro-open source mentality. They are always out there challenging the establishment, trying to overthrow the big brother and what not. They are always on the lookout for some cause to rebel against, and closed-source software is a great playing area for them.
Written by: Abhishek, a regular TechSource contributor and a long-time FOSS advocate.