What is Open-Source software? Does it mean that it’s free? That is the most common perception of what software means to be open-source. While this is sometimes true, open-source software is so much more than that. The largest differences between open-source software and normal commercial software are their source code availability and how exactly it is developed. Open-source software’s code is open to the public and thus developmental suggestions can be made by the public. On the other hand, commercial software code is kept by a company and developed only by this entity. There are advantages and disadvantages to each of these and their use depends wildly on circumstance.
When speaking about open-source software we must have a deeper understanding on how it is developed. As previously mentioned open-source software code is open to the public. This means that the source code of the entire program is posted in a repository online somewhere. It is posted publicly specifically for others to suggest changes to improve or patch the program. The argument in favor for this kind of software is that with so many eyes, and of varying backgrounds, you can get a better developed product. With so many individual developers reviewing the source code comes the improved ability to recognize and patch bugs and vulnerabilities.
This is in opposition to commercially developed software that is often only viewed by the developer team present at the products respective company. Since the software is commercialized the efficiency of its function is often its major selling point. In order so competition does not steal their business they keep much of their source code within their teams. This means that only a single team or group of teams operating within the bounds of a company will be the only ones reviewing, revising, and patching their software. This means it could take much longer from the point of discovering a vulnerability or bug to when it will finally be rolled out and patched. The delay between discovery and roll out could very well leave machines open to attacks through this software.
Though there are some serious advantages of open-source to commercial software there are also some major drawbacks. Due to open-source code being open to the public it is much easier for malicious entities to find vulnerabilities within a program. Also due to its developmental process it can be possible to “poison the well” so to speak. There is of course a sort of review process for these changes but malicious code being inserted into said program is still more than possible. Even with so many people reviewing the code any amount of time with malicious code in it can be a serious security problem. This is not a problem that a commercially developed software could have since the development team is the only one with the ability or access to patch its software.
Another thing I would like to touch on is the perception that all open-source software is free. While most of it is free to use there are a few exceptions that have unique payment options. An example of this is a popular Intrusion Prevention System (IPS), Snort. While Snort is open-source and available for free download they offer a community rule set and a premium one. These rule sets are literally detection rules for the IPS. The community one is literally what it means, that its community built and driven. The premium one, called the “Snort Subscriber Ruleset” is professionally built and developed and has a price tag attached. This type of pay method is not uncommon and other open-source programs do something similar to this.
Open-Source and commercially developed software have their advantages and disadvantages compared to one another. One is a mostly free, community developed product while the other is a commercially available and developed as such. They each have their own kinds of security risks inherently present in their nature. I cannot say that one is better than the other as this is mostly a case-by-case issue. As of right now our networked world is a better place that it has both options available.