While there’s little doubt about the possibilities of open source software, the key to realising its value is finding the right open source flavour to suit your unique requirements.
“One thing about open source is that even the failures contribute to the next thing that comes up. Unlike a company that could spend a million dollars in two years and fail and there’s nothing really to show for it, if you spend a million dollars on open source, you probably have something amazing that other people can build on.”
This quote is from Matthew Mullenweg, an American entrepreneur and web developer from Houston. Mullenweg is best known for founding WordPress, the hugely popular – and free – open source platform that has been used to build around 810 million websites since it launched 20 years ago.
With the industry constantly looking for ways to work more efficiently and, importantly, curb costs, open source software (OSS) serves as a welcome alternative to proprietary solutions. Open source represents a shift away from an industry where no one was willing to share their ideas or intellectual property, to one where everyone appreciates the value that can be realised when developers from around the world are given the opportunity to collaborate.
But it's not just about the tech – it's also about nurturing a diverse and creative developer community.Rory Preddy, Microsoft SA
This shift, says Hennie Ferreira, CEO of online digital accounting firm Osidon, is probably the most significant technological marvel that the world has experienced in a very long time. “We live in an open source world,” he says. He’s not wrong. A whopping 97% of applications leverage open source code and around 90% of companies are applying or using it in some way. Open source tools play an integral role in how most technologies function and they essentially run the internet as we know it today, he says. One of the major benefits of OSS is that it has made the industry more accessible and consistently delivers improved outcomes because there are people with bright minds and bold ideas constantly working to make the solution better, says Ferreira.
A question of security
This opportunity for continuous improvement and growth is one of the major benefits of open source, says Muggie van Staden, CEO at Obsidian Systems. Open source enables us to solve modern-day problems and because this software is constantly evolving and getting better, it always keeps up withthe rapid pace of the changing technology landscape.
But as is the case with any technology investment, it will only bear fruit if you choose the solution to suit your specific needs, says Sarthak Rohal, VP of IT services at In2IT Technologies. “Choosing the right open source flavour or variant can be daunting, but by following a systematic approach, you can make an informed decision.” He believes business leaders should start by defining their specific use case and requirements, considering factors such as functionality and scalability. Then, it’s important to conduct research to explore the options, paying attention to community involvement and stability. The next step entails evaluating the features and reviewing documentation, as well as assessing community support, maintenance and available resources. And, says Rohal, it’s essential to conduct hands-on testing and consider the ecosystem and licensing considerations. If needed, seek expert advice to ensure you make the best choice.
“By following these steps, you can navigate the open source landscape and select the most suitable variant for your needs.”
Is open source software more secure than proprietary software? While it’s hard to answer this question conclusively, the industry insiders I spoke to all agree that the development model should be more secure because so many eyes go over the code. On the converse, since anyone can contribute to and/or modify the code in the public domain, bad actors could quite easily alter code and circulate something malicious.
The fact that an entire community can rapidly respond to problems is a major drawcard of the open source development model, says Van Staden. If a vulnerability or issue exists, it should be picked up and addressed quickly. Ferreira agrees. With open source, there are thousands and thousands of passionate people scrutinising the code on a daily basis, he says. If you wanted a similar amount of attention and scrutiny on a commercial level, you’d need a very big budget to be able to afford to pay all of these people. The chances of your tech team of 100 missing something are far greater than if 40 000 people from different industries and environments – and with different levels of experience and expertise – are all looking at something and trying to come up with ways to make it better and more secure.
But there’s also a very real risk of purposeful tampering by hackers, who target applications and operating systems that are not properly evaluated, says Johannes Briel, senior IT security specialist at Galix. As such, it’s critical that businesses do their homework when picking an open source solution. Strict policies are necessary, especially for major enterprises, to ensure that the source code has been thoroughly examined, vetted, checked and tested for vulnerabilities.
Rohal says it’s crucial to address potential security challenges before getting started with open source. These include anything from vulnerabilities in dependencies, delays in security patches and weaker code review processes to malicious code insertion, misconfigurations, supply-chain attacks, lack of vendor support and insufficient security awareness. To mitigate these risks, organisations must regularly update dependencies, stay informed about security advisories and prioritise projects with strong code review practices. They should also verify project integrity, follow best practices for configuration and implementation, validate package authenticity, seek community support and prioritise security education and awareness. “By taking these measures, organisations can enhance the security of their open-source software implementations and protect their environments from potential threats.”
The reality is that all code will have errors and exploits that need to be fixed; the decision to go open source will only change how these problems are remedied – be it inhouse, via a community or by a vendor.
A question of security
By embracing OSS in its product line-up, Microsoft is tapping into the power of community innovation, says Rory Preddy, principal cloud advocate at Microsoft SA. A prime example of this is its Azure OpenAI Service, which integrates ChatGPT and GPT-4 models. This service also employs OpenAI’s open plugin standard, which allows developers to craft plugins compatible with various platforms. This, says Preddy, shows how OSS can level-up AI services. “But it’s not just about the tech – it’s also about nurturing a diverse and creative developer community.” Something like GitHub Copilot, an AI “pair programmer”, shows how OSS can help with complex tasks and enhances the developer experience and bring a whole new level of interoperability and flexibility to the Microsoft ecosystem, adds Preddy.
We live in an open source world.Hennie Ferreira, Osidon
He says Microsoft places a high value on a satisfied and engaged development community. Why? Because it leads to innovative and robust solutions.
“An active community can quickly spot and fix bugs, whip up new features and tailor software to fit their needs. This ultimately boosts the quality of our products, tools and technology.” Today, 28 million developers collaborate on GitHub and it is home to more than 85 million code repositories used by everyone, from the largest corporations to the smallest startups in nearly every country across the globe, says Preddy. When one considers these numbers, the impact and reach of open source is enormous. Just ask Matthew Mullenweg who has a net worth of around $400 million thanks to his open source endeavours. But he wasn’t always an open source evangelist. “When I first got into technology, I didn’t really understand what open source was,” he told TechCrunch back in 2013. “But once I started writing software, I realised how important it would be.”
* Article first published on brainstorm.itweb.co.za