Open source software (OSS) is software that is distributed with its source code, making it available for use, modification, and distribution with its original rights. Source code is the part of software that most computer users don’t ever see; it’s the code computer programmers manipulate to control how a program or application behaves. Programmers who have access to source code can change a program by adding to it, changing it, or fixing parts of it that aren’t working properly. OSS typically includes a license that allows programmers to modify the software to best fit their needs and control how the software can be distributed.
What is the history of OSS?
The idea of making source code freely available originated in 1983 from an ideological movement informally founded by Richard Stallman, a programmer at MIT. Stallman believed that software should be accessible to programmers so they could modify it as they wished, with the goal of understanding it, learning about it, and improving it.i Stallman began releasing free code under his own license, called the GNU Public License. This new approach and ideology surrounding software creation took hold and eventually led to the formation of the Open Source Initiative in 1998.i
What is the Open Source Initiative?
The Open Source Initiative (OSI) was created to promote and protect open source software and communities.ii In short, the OSI acts as a central informational and governing repository of open source software. It provides rules and guidelines for how to use and interact with OSS, as well as providing code licensing information, support, definitions, and general community collaboration to help make the use and treatment of open source understandable and ethical.ii
How does OSS work?
Open source code is usually stored in a public repository and shared publicly. Anyone can access the repository to use the code independently or contribute improvements to the design and functionality of the overall project.
OSS usually comes with a distribution license. This license includes terms that define how developers can use, study, modify, and most importantly, distribute the software.iii According to the Synopsys Black Duck® KnowledgeBase, five of the most popular licenses are:
- MIT License
- GNU General Public License (GPL) 2.0—this is more restrictive and requires that copies of modified code are made available for public use
- Apache License 2.0
- GNU General Public License (GPL) 3.0
- BSD License 2.0 (3-clause, New or Revised)—this is less restrictiveiv
When source code is changed, OSS must include what was altered as well as the methods involved. Depending on the license terms, the software resulting from these modifications may or may not be required to be made available for free.iii
What are some examples of OSS?
- Mozilla Firefox
- VLC media player
- Apache web server
Is OSS bug-free?
The short answer is no. With multiple parties making modifications and improvements, it’s inevitable that open source software will contain quality, performance, and security flaws. However, the broad base of code contributors can also mean that bugs are identified and fixed faster.
No matter the type of software—open source or commercial—code flaws will exist. The main difference is who is responsible for fixing the bugs; for commercial software, vendors are responsible, whereas the consumer is responsible for open source software. With a robust set of AppSec tools and practices in place, OSS can be easily secured.
What are the differences between open source and closed source software?
|Factors||Open source||Closed source|
|Price||Available for nominal or zero licensing and usage charges.||Cost varies based upon the scale of the software.|
|Freedom to customize||Completely customizable but it depends on the open source license. Requires in-house expertise.||Change requests must be made to the company selling the software. This includes bug fixes, features, and enhancements.|
|User-friendliness||Typically less user-friendly, but it can depend on the goals of the project and those maintaining it.||Typically more user-friendly. As a for-profit product, adoptability and user experience are often key considerations.|
|After-sales support||Some very popular pieces of open source software (e.g., OSS distributed by Red Hat or SUSE) have plenty of support. Otherwise, users can find help through user forums and mailing lists.||Dedicated support teams are in place. The level of service available depends on the service-level agreement (SLA).|
|Security||Source code is open for review by anyone and everyone. There is a widespread theory that more eyes on the code makes it harder for bugs to survive. However, security bugs and flaws may still exist and pose significant risk.||The company distributing the software (i.e., software owner) guarantees a certain level of support, depending on the terms of the SLA. Because the source code is closed for review, there can be security issues. If issues are found, the software distributor is responsible for fixing them.|
|Vendor lock-in||No vendor lock-in due to the associated cost. Integration into systems may create technical dependency.||In most cases, large investments are made in proprietary software. Switching to a different vendor or to an open source solution can be costly.|
|Stability||This will depend on the current user base, the parties maintaining the software, and the number of years in the market.||Older, market-based solutions are more stable. New products have similar challenges as open source products. If a distributor discontinues an application, the customer may be out of luck.|
|Popularity||Some open source solutions are very popular and are even market leaders (e.g., Linux, Apache).||In some industries, proprietary software is more popular, especially if it has been in the market for many years.|
|Total cost of ownership (TCO)||TCO is lower and upfront due to minimal or no usage cost, and depends on the level of maintenance required.||TCO is much higher and depends on the size of the user base.|
|Community participation||The community participating in development, review, critique, and enhancement of the software is the essence of open source.||Closed community.|
|Interoperability with other open source software||This will depend on the level of maintenance and goals of the group, but it is typically better than closed source software.||This will depend on the development standards.|
|Tax calculation||Difficult due to undefined monetary value.||Definite.|
|Enhancements or new features||Can be developed by the user if needed.||Request must be made to the software owner.|
|Suitability for production environment||OSS might not be technically well-designed or tested in a large-scale production environment.||Most proprietary software goes through multiple rounds of testing. However, things can still go wrong when deployed in a production environment.|
|Financial institution considerations||The financial industry tends to avoid open source solutions. If used, a vetting process must take place.||Financial institutions prefer proprietary software.|
|Warranty||No warranty available.||Best for companies with security policies requiring a warranty and liability indemnity.|
What are the advantages and disadvantages of open source software?
- Open source software is free.
- Open source is flexible; developers can examine how the code works and freely make changes to dysfunctional or problematic aspects of the application to better fit their unique needs.
- Open source is stable; the source code is publicly distributed, so users can depend on it for their long-term projects since they know that the code’s creators cannot simply discontinue the project or let it fall into disrepair.
- Open source fosters ingenuity; programmers can use pre-existing code to improve the software and even come up with their own innovations.
- Open source comes with a built-in community that continuously modifies and improves the source code.
- Open source provides great learning opportunities for new programmers.v
- Open source can be harder to use and adopt due to difficulty setting it up and the lack of friendly user interfaces.
- Open source can pose compatibility issues. When attempting to program proprietary hardware with OSS, there is often a need for specialized drivers that are typically only available from the hardware manufacturer.
- Open source software can pose liability issues. Unlike commercial software, which is fully controlled by the vendor, open source rarely contains any warranty, liability, or infringement indemnity protection. This leaves the consumer of the OSS responsible for maintaining compliance with legal obligations.
- Open source can incur unexpected costs in training users, importing data, and setting up required hardware.vi