As a recent graduate looking for all things affordable and free, I, along with many others, enjoy the use of Open Source Software. We are always on the search for products like LibreOffice, the same idea as Microsoft Office Suite. However, LibreOffice is Open Source (read: free) and the other is Proprietary (read: fees!). So what’s actually the difference between Open Source and Proprietary Software? FOSS, Free and Open Source, is freely licensed to be used, copied, and studied. FOSS software engineers change the software in some way, shape, or form, as the source code is openly shared and people are encouraged to design, change and improve the software. Proprietary or Closed Sources, on the other hand, are softwares where the developers or distributors reserve all restrictive rights and freedoms and provide no source code.
Open Source Basement Dweller
There is a stereotype that exists with open-source cloud computing that these products and services are being created by “basement dwelling amateur developers” who lack the skills to build enterprise-grade security into the software they are developing. However, open-source cloud computing products are designed from the onset with security in mind.The basement dweller developer stereotype doesn’t ring true when you consider that heavyweight vendors like IBM and Microsoft––which built empires based on proprietary software––constitute some of the biggest contributors in money and development resources to widely used open-source projects, like the Linux OS. In turn, Red Hat has built a nearly billion-dollar business based on open source, but the question remains: Can too many chefs in the kitchen be bad for the creation and improvement of open source software?
Dr. Ian Levy, the technical director with the CESG, a department of the UK’s GCHQ intelligence agency that advises UK government on IT security, poses an interesting question when it comes to challenges in patching. As Levy notes, the same question over provenance of the code can be raised when it comes to receiving patches for open source software. “If I go to Windows Update I know it’s signed, and I have a process that works inside Microsoft. What do I know about Red Hat? A lot, and it’s broadly equivalent. What do I know about ‘Ian’s Honest HTTP Server’ software? You’re going to have to do the work to assure yourself those patches are sensibly controlled.”
2. Team breakdown
Change of personality can have a much bigger effect in an open source product than it can in a commercial product. A commercial product has a brand value, an open source product is driven by a bunch of people. You’d hope they are all broadly aligned but there have been there’s been spats in open source projects where they’ve massively changed direction.
3. Lack of development standard and common security infrastructure
Dr. Levy gives the perfect quote explaining a lack of standards and infrastructure in open source software. “I can audit a company and say ‘You have these standards and apply them and yes you have incidents but you manage them well’. How do I do that for a diverse set of developers on their own hardware?”
Whether we make lists of the pros and cons, or looking at the past development of both open and proprietary software and its security, we know nothing is perfect. However, the technology world profits from the knowledge that developers uncover from working on open and proprietary softwares. Further, the more systematic technological advancements we see daily, the more chefs allow for more creation, and the more steps in different directions we can take to improve our imaginations for the creation and improvement of the software. All we can do as users is learn to work within the parameters we understand, while also being knowledgeable of the products and services we use to ensure all updates and security patches are well reviewed so that we can proceed from there. For now, we wait.
About Jitesh Chauhan
A student of life with a passion for people, communications and privacy.