The Biggest Risks You Take With Open Source Software

Open source software (OSS) is currently a hot item, but there are many good reasons to do some research before jumping right in.  OSS differs from proprietary software in many important ways, and to be successful you will need to thoroughly investigate how your business model might benefit from switching to OSS. 

The major proprietary brands offer a reputation and a degree of comfort that most do not recognize in OSS.  Here are two key issues that make many people nervous.

Is My System Secure?

According to a 2008 study by Fortify Software, 10 out of 11 popular OSS packages failed to measure up to minimum security best practices.  A major complaint was the fact that many open source communities are forced to report discovered bugs and vulnerabilities to a general forum.  This means that the bug is made public before a solution to it has been implemented, giving potential attackers a free lunch.  There must be a way to communicate privately with a security team before notifying the public.

Obviously, you must research the security posture of any open source provider you consider working with.  Drupal, for instance, clearly describes how they deal with threats – they keep it confidential, work on the problem, and then alert the community when they have action to take. 

Overall, things have gotten better since 2008 – a more recent 2011 study reported that OSS is preferable to proprietary software when it comes to healthcare IT, a field with the highest of security standards.

Do I Own My Software, Or Do We?

The 'open' in open source software means that the source code of projects created with that software is shared freely amongst users of that software.  This concept, known as 'copyleft', is truly a double edged sword in that you can benefit from being able to see the code of others, but you may also lose out if you are forced to share some bit of competitive code you developed.

Depending on the terms of the license agreement, this 'forced sharing' could apply to proprietary software that is developed in conjunction with OSS, practically giving away your hard work.  You will need to examine the terms and obligations included in any OSS license, ensuring that the benefits outweigh the risks and your overall business goals are being satisfied.

It is clear that when it comes to OSS, you cannot simply go with a big name-brand provider and trust that everything will be fine.  Instead, you must work for the benefits of open source, thoroughly researching any products and licenses you consider.  You may not have the same comfort in security and you may end up giving away some valuable code, but this is the nature of open source; it functions on the principle that if we all share, we all prosper.