Does being open source bring any good to security?

A quick introduction before we get into the details. Open source application basically is the category of application where the source code is available publicly. If you are some programming geek, you can modify or enhance the application anyhow you like. Closed source application on the other half means the developer only release the application and will never ever reveal the source code, not even part of it.

A common misconception about being open source to many people is:

Your source code is open to everyone and the bad guys can just take and study each line to do some harm to your application.

Indeed that is quite true because you can just compare with iOS and Android. Among them, who has the most Malware threats so far? But then again, we can’t just simply jump to the conclusion because of that.

I had seen an even worse example where open source here is better than closed source. The example which I am talking about is the Windows Operating System and the Linux Operating System. Windows is so vulnerable until we have more than 20 types of antivirus brands in the market just for Windows users.

To me, it is not about being open or close source when your application has plenty of vulnerabilities. The advantage of being closed source here is you can have vulnerabilities in your application and just do nothing about it simply because no one knows about it. So, what about open source?

The advantages of being open source

1. Improve the developer’s programming skill. When your source is out publicly, you will have the pressure to produce a better code writing. Simply, it is because you will have many eye balls out there to evaluate your code. All the typical habits of hard coding techniques or poorly written looping algorithm will be thought twice before publishing the source code out.

2. Gain external human resources. While Google has thousands of talented engineers there, you have a handful of talented programmers in the open source community as well. I could had just gave a bad example but my point here is, you will have other people to help you out instead of your team or yourself and you could even do some recruitment from the community if you find someone really passionate about your open source application.

3. Your application will be more robust. With so many eyeball looking at your source code, they can easily point out the area where your application can be vulnerable to certain threat. They don’t have to be a source code contributor here. They can just be someone happen to view part of your source and inform you about the area which has potential to be vulnerable.

4. Try before buy. Traditional marketing strategy of arranging an appointment with your potential customers, buying them a cup of coffee, buy them some great meals and begin all your marketing stuff to promote your products might not be the best strategy anymore. People like free stuff and being open source, you will give away your application for them to try for free and have a deep evaluation. If they really like your product, I am sure they will be willing to pay for whatever tech support or customization to make your existing open source application suits your customers’ requirement.

5. Because the Expert say so. Bruce Schneier, a cryptography and computer security expert says that:

As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols, and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.

Bruce Schneier

I might sound like open source is superior over closed source but that is not true because the idea of open source will fail if the community failed to contribute and your product is not unique enough to attract people to try.

Here are some examples of a good open source application:

  • EJBCA – open source certificate authority
  • ModSecurity – open source firewall
  • KeePass – open source password manager
  • OTRS – open source ticketing system
  • and of course WordPress – open source blogging platform

There are so many of them and you can get even more from wikipedia list.

So what do you have in mind right now? I’m an open source supporter with all these advantages but what do you have in mind? Let us know below 😉

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Zeus is Up For Sale?
  2. Good Hackers Do Exists
  3. How Safe Is Your PC from the Latest Norton Security Hack?
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. Tammy Guise says:

    Thanks Alan for listing out the benefits of open source software. I always used to wonder what benefit people get by open source applications as I am not from a technical field. Your blog post has cleared my doubts.

  2. galgatboy says:

    Thanks for the information. I learned quite a bit from your article.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)