As open source gains backers, its security is becoming more
robust.
You may have heard of a Scandinavian developer called Linus
Torvalds. I remember a party with people tittering, "Do you know he
invented a better operating system than Windows, then gave it away?
Look at how rich Bill Gates is. This guy must be mad."
Why do open source developers give their code away free? Are
programmers such as Torvalds genuine altruists? Or are they so
deeply entrenched in the pizzas-and-programming world of the
serious coder that they have forgotten the real worth of their
work?
Neither is quite correct. They have motivations like the rest of
us, and "open source" does not precisely mean "free".
It is true that open source code is freely downloadable and usable.
Typically, the license under which this code is distributed -
usually the general public licence (GPL), or GNU public license -
even permits you to use the software for commercial applications.
In simple terms, a license fee only applies if you want to
redistribute the software in a way that does not fit within the
GPL.
So with open source software, the word "free" is meant more in the
sense of "freedom to use and modify", rather than zero-cost. Open
source developers still hold the rights to their code, but make
their systems pay in different ways from authors of proprietory
code.
Understanding the economics behind open source means getting your
head around a different business model from the "keep it secret"
principle of proprietory program code.
The open source model recognises that IT systems have more to them
than just double-clickable programs on your desktop. There may be
support, installation work, training, customisation, consultancy,
hardware sales, online services, and more, which together
constitute the whole solution.
It is a common misconception that open source means just Linux.
This is like saying all cars are Fords. Linux is just the operating
system that has captured the imagination and made open source
famous. There are many open source resources, such as Apache (the
world's most popular web server), Perl and PHP (programming
languages) and MySQL, a database which is claimed to rival Oracle.
Swedish company MySQL allows the free download and use of its
database, but charges a license fee to developers that package and
distribute it as part of another application. This revenue model is
seductive and MySQL appears to be on the road to significant
commercial success.
Another example is Sun Microsystems' Openoffice, a product which
aims to be an alternative to Microsoft's Office suite. Sun's aims
are to facilitate the sales of hardware, and to move the market
from a software-purchase to a services-driven business model.
The effect of big names behind open source products is helping the
general acceptance of open source software in the corporate arena.
These firms understandably want the reassurance that they are
dealing with real companies, not just a sandaled, bespectacled
techie from internet-land.
So, is open source software is safe to use? If other developers can
look for weaknesses in the code, will this expose you to
vulnerabilities if you use it?
Many developers and users will try to break the code, and look for
security flaws and bugs. But there are more people interested in
that code being made secure, resilient and fast than there are
people interested in exploiting loopholes in others' systems.
This means that once weaknesses are identified, they quickly become
public knowledge, and as soon as word gets back to the developers,
it can be fixed. It is in the authors' interests to fix their code
if they value their reputation. Open source bugs are therefore
usually exposed quite early on in a product lifecycle.
Contrast this with proprietory software in which bugs they can lie
dormant until the whole world has bought into the same system. It
is up to a small number of privileged coders to foresee and fix
vulnerabilities in the code.
I hardly need to name the viruses infecting the largely identical
systems of the world in epidemic proportions, simply because
vulnerabilities were identified too late.
Tony Butcher, is managing director of web site design company
Tribal Internet,
www.tribalinternet.co.uk