Open Source has triumphed, but is it safe?

If you’re a regular reader of Business Standard you’ll be familiar with open source software. And if you're not familiar with open source, welcome! You’re using open source software right now. 

Between the Linux operating system, the Apache web server and a host of other applications, anytime we’re online, whether sending emails, playing games, watching a movie - or catching up on business news - all that content is connected and routed to our devices by open source software.

By the end of the 1980s, two operating systems, Windows and Mac OS X, appeared to have the computing market sewn up. Then along came Linus Torvalds. Torvalds had been messing around with an operating system he’d been writing and in 1991 he posted it on a message board to see what people thought of it. Almost thirty years later, Linux sits under everything, from Facebook Likes, to Google searches, to a call on your Android phone. It also runs your digital camera, your car, the internet of things, and every supercomputer.

The key was that Torvalds licensed his code under the GNU General Public License, which meant that anyone could access it, use it, and modify it, but any modifications had to be shared back to the community. Growth was exponential.

Open sesame

Consumers have long embraced open source applications like Android, Firefox, VLC media player, and WordPress. And in recent years companies from tech and beyond have started to recognise the benefits.AirBnB, Netflix, Walmart, and Capital One among many others have open sourced the proprietary platforms they developed to run their businesses. 

Open sourcing formerly proprietary platforms into the community offers not just the increased pace of open source development, working with the community also allows them to advocate for their customers needs and shape the project as it develops. And as a nice side-effect, smaller players in those sectors can benefit from those platforms.

For all the current excitement about open source, it’s a lot more established than you might think. This year is the 27th anniversary of the release of Red Hat Enterprise Linux, which runs over a third of the world’s paid enterprise operation system environments. 

"That commitment to openness will see Red Hat collaborate with Business Standard to open up its paywall this November 5th so everyone has open access to the site and the information it contains."

From community to the enterprise

But despite all the accepted benefits of open source, there is still one question that pops up repeatedly - if everyone can access the code, is it safe? 

Think of it like this. A group of Harry Potter fans decide they haven’t had their fill of Hogwarts and they get together to collaborate on a new instalment of the saga. Once they’ve decided on their finished version of Book 8, it’s printed and delivered to your home. Now those Potter fans may decide to continue editing and improving the version they’ve been working on, but the printed, hardback edition now sitting safely on your bookshelf won’t change. 

Enterprise versions of open source software work the same way. Open source companies like Red Hat support the development of the ‘community’ version of the software, and Red Hat developers are active participants in that community. When the code is ready to become the Enterprise version, they test, secure, and stabilise the code, and add an extra layer of security (they call it the ‘Red Hat Wrapper’) so their customers know they have both the speed and innovation of open development, with a secure version they can trust to run their businesses on.

And the cycle continues. The developers continue working with the upstream project, and when new modifications are ready, they are added to the enterprise version Red Hat customers subscribe to.

This is why open source is finding its way into those institutions for whom security is their number one priority. BSE (formerly the Bombay Stock Exchange) rebuilt its trading platform on a variety of open source technologies (and in the process increased its trading volume from 10 million orders a day, to 400 million, making it the fastest platform in the world).

For governments, open source doesn’t just mean open development, it also means open access. The British Army trusts open source software because they can take a peek under the hood and make sure nothing malicious is hiding in the code.

But if you’re still worried about security, it’s worth considering that Linux also runs the Hadron Collider, and we didn’t disappear into a black hole when we plugged that in.

Proprietary software is limited in its ability to identify security issues by the number of engineers it employs. Open source communities can number in the tens of thousands, and if you have that many umpires on the pitch, one of them’s going to spot any unfair play.