Just like proprietary software, Open Source has plenty of plus and minus. To begin with, let us define Free Software:
In the field of computing and computers, with the term open source software (English: Open Source Software, OSS) is meant software whose source code is available to a third party to examine it. At times, several different licenses have been developed to accompany open source software. Some of these allow users to modify the code or even use it in other applications. (WikiPedia)
"Free Software" or Open Source is a matter of freedom, not of cost. To understand this, you should think of the word "free" as "free speech" rather than "free beer."
So "Free software" or "Open Source" does not mean "non-commercial". A free program should be available for commercial use, commercial development or commercial distribution. Commercial development of free software is not uncommon. On the contrary, it is very important to have this kind of free software. gnu.org
Critics of open source software often report that its broad base of development and open source code are dangerous to security. But this assessment is not fair, according to Dr Ian Levy, CESG Technical Director, a part of the United Kingdom's GCHQ, which advises the UK government on IT security.
Open source is no worse or better than proprietary software when it comes to security, according to Levy, who dismissed some open source security myths and spoke in detail about the real security challenges at the Open Source Open Standards conference. previously held in London.
Let's see Myths
Open source software is more or less secure than proprietary
"I have done a lot of work on this, and there is no objective indication. "On average, good open source is about as good as good proprietary code, or bad is as bad as bad proprietary code," Levy said.
The question of whether software is safe is a very broad one, according to Levy. A better approach, he added, is the question "what security is one looking for in a software" and then comes the next question "what software does it offer?"
Many eyes make the code secure
The idea that because the code is open to anyone who can read it, its security to make more valuable controls is questionable, Levy said.
Ask anyone who has downloaded a Linux Kernel: "Who thinks they have the power to judge the security of the Linux kernel?"
If you download 21 million lines of Linux code and say "I have the code and I looked at it", so I can convince myself that it is safe, it is nonsense.
Malicious users can read the source code, and so are less secure
"Another nonsense. If we see that malicious users are breaking the software, we will notice that they are not using the source code. All bugs in closed source products are discovered by crackers that do not have the source. They have an IDA Pro, or an OllyDbg (just Olly) and work on open and closed executable files. ”
Everyone can contribute to the code and this is ugly
This claim may apply to some open source projects, but most do not apply. To compensate for this risk, learn about the open source project and its history and you will be able to judge, Levy said.
Open source software means it's open for your organization to use it
Just because it is open source does not mean that it is free and has no restrictions. The GPL license imposes restrictions and the BSD somewhat less. They may be relevant to you but there are limitations. ”
"Even if licensing does not seem to be a problem, organizations can still have copyright issues."
Levy gave the Hadoop storage software example, referred to as an Open Source project.
"It's a patented algorithm. Forget the application. The application may be IP-free, but the algorithm is patented. Do you think that you can use it? ”
Edited Wednesday 30 November 9: 05 PM to add to the Open Source definition