These days there are quite a few buzz words that you will hear over and over again. In the computer world, people love a new buzz word. As soon as it is whispered it becomes the most popular thing at the moment. And the people tend to think that whatever the new buzz word represents will solve any problem that is out there. Throw out the old way because we have a new buzz word. These days, the new buzz word is open source software.
While open source software itself is not new, there are many people and companies who are now starting to see the advantage of open source and all of the wonders that it can do. And for the most part they are right; open source software really is a good thing. There are many advantages to using software that is considered open sourced.
But there are some pitfalls that you must be aware of as well. Some of these pitfalls lie in the security realm of the software. Open source software is not a magic bullet and there are some bad things about it as well. In this article, I will take a look at some of the good and the bad things when it comes to open source software. After that, you can determine if open source software suits your project’s security needs at this time.
When it comes to security, what are some of the bad points with open source software?
There are several faults that I can point out when it comes to open source software that will leave your project unsafe if you are not aware of them. The first thing that I will look at is the source code itself. When it comes to projects with many lines of code, it is hard to tell if it is being well maintained or not. That means are the security holes that are found by other people being patched up? If not, and you start to add that code to your own project, then you can be in trouble. That leads us to another problem with the source code. It is open so everyone is able to see it. This is a good and bad thing and I will discuss the good parts of this later on in the article. Right now let’s discuss why this is a bad thing. If a bad guy knows that you are running a certain piece of open source software then they can look at the code for themselves and plan out an attack towards that. They do not have to wade through a ton of disassembled assembly code to be able to see a weakness in your project. They can just download the source code that you used and go from there. This is a pretty big security hole that you must think about but as I will point out later on in the article, it is not one that cannot be overcome.
So what are the good things when it comes to the security of open source software?
While I have labelled many of the bad things that can happen with open sourced software, I will now take a look at some of the good things, as far as security, that can happen as well. The first point that we should make is to show the good side of the situation that we talked about before. As I said, the bad guys are able to see the weakness of any open source code that you used. On the flip side of that, you or someone else who is working on the project is also able to see the weakness as well. And as soon as you see it, you are able to issue a patch to that project. If the project is not maintained any more then you can just create your own copy and patch it yourself.
Another good thing when it comes to the security of an open source project is the fact that for bigger projects, you have a whole community of people working on them. That way for any security holes that you do not see, they will be able to pick it up. When you work in a community such as this, you have a better chance of catching a bug than when you are working alone. When it comes to large bases of source code, two eyes are better than one.
When it comes to the relative security of an open source project, or a project that uses open source code as part of it, there are still risks that you must be aware of. Some people tend to think of open source code as being 100% safe. That is just not the case. It is safer than its counter parts in most areas but again, not 100%.