Open source software has never been more popular. Companies now regularly turn to these solutions for a huge range of purposes, and see major benefits as a result. Open source has the potential to be more cost-effective, flexible and reliable than licensed software.
But if there's one issue holding back greater open source adoption, it's security. Many business leaders harbor fears regarding the integrity of open source solutions – concerns that were greatly exacerbated by the discovery of the Heartbleed vulnerability in the OpenSSL encryption library. While this was undoubtedly a major eye-opener in the realm of open source security, the fact of the matter is that open source solutions can be just as secure, or even more secure, than licensed software. This security can only be achieved when pursued with the proper tools and strategies.
One of the reasons why open source software can deliver superior security relative to traditional solutions is its verification capabilities. As Network World contributor Rob Howard recently asserted, software security in the enterprise used to rely heavily on brand trust. Now, though, such an arrangement is no longer so practical. The rise of cloud computing means that large amounts of corporate data are stored off-site by a range of third-party service providers. With such high stakes, relying solely on trust is not acceptable.
Open source avoids this issue by offering far greater transparency, Howard explained. End-users are able to actually verify the security of the services they utilize by examining the code being used. With propriety software, this isn't possible.
Of course, this is only a benefit when businesses take advantage of the opportunity. To ensure that a given piece of open source code is truly secure, firms need to apply high-quality security tools to these offerings. Specifically, businesses should utilize governance solutions that can identify potential problems and ensure dependability.
Open source software can also deliver superior security, along with better performance, thanks to the code selection process. As The Huffington Post contributor Vala Afshar highlighted, a recent Future of Open Source survey from North Bridge Venture Partners found that 80 percent of open source software users have gone this route thanks to the better quality of available code. He pointed out that open source, by its nature, removes boundaries, allowing developers from beyond any single company to "participate, debate, compromise and inspire each other" as they create open source code.
The result of these collaborative efforts is a superior product than can usually be developed by any one organization. The code produced can not only deliver better performance, but it can also be more reliable and secure. The popular expression that "with enough eyes, all bugs are shallow" is proven true with these projects.
All that being said, there's no doubt that software developers leveraging open source solutions need to be vigilant to ensure the security of their code.
Writing for Sys-Con, Lacy Thoms recently emphasized the importance of exercising caution when adopting open source solutions. In particular, she offered three best practices for minimizing the risk of vulnerabilities causing problems in an open source environment.
First, Thoms asserted that developers should always research a given open source project prior to deployment. Any reports of previously discovered vulnerabilities need to be taken into account.
Next, developers should always strive to use the most recent and actively maintained open source projects available.
Finally, the writer recommended that developers limit their open source usage to reputable sources, including trustworthy code repositories.
By following these steps and utilizing top-grade open source security tools, firms can fully take advantage of these solutions without any undue risk.
• Learn how to use comprehensive open source policies and tools to minimize OSS risks by watching this webinar
• Build a bulletproof OSS policy by understanding these important considerations