Open source software development is a powerful way to build and modify applications. In this guide, we’ll give you a brief history of the open-source movement, take you through the main types of open-source licenses, and even show you how to use an article from one of our sister sites, as well as an example of code from one of our members.
Open source code is computer software with its source code made available, usually under a freely-distributable license, allowing users to obtain the original or modified versions of the software. The idea is that when enough people make additions to the code, and everyone benefits from them. Open source creates an economy of shared knowledge and innovation. There are many reasons for sharing computer code: a programmer may want recognition for writing useful software, or may want other programmers to contribute improvements to their project. Additionally, sharing helps programmers learn from each other; it may also help others avoid bugs in independently-written code.
Using Open Source Code in Proprietary Software
You can use open source code in proprietary software. But you should be aware of what open source licensing applies. For instance, some licenses allow you to sell your software. But your code must be open sourced under the same license.
In fact, many development teams use open source projects as building blocks for proprietary software. In fact, a 2018 report found that 96% of applications have open source components. And the average percentage of codebases that are open source in applications grew from 36% in 2017 to 57% in 2018.
Git Is Open Source — And Lacks Security
Git lacks security. This invites bad behavior. Unless you do something about it. In our white paper, we share tips for locking down Git for good.
If you’re considering leveraging open source, you should carefully consider the pros and cons.
There are some significant pros to using open source code in proprietary software development.
The biggest pro by far is to speed up development while adding little to no cost.
For example, you need a source code editor inside your own project. You could build a basic one yourself. Or you could use one of the best editors available today — the Microsoft Visual Studio Code open source project. It’s supported by hundreds of contributors. Using it would make your own project that much better.
There are other pros, too. If you leverage open source as the building blocks for your project, it enables innovation for your developers. Instead of reinventing the wheel, they can think outside the box — and focus on the features that will set your product apart from competitors.
A great way to leverage open source in your project is to use the right version control. Helix Core, for instance, lets you bring open source Git code into your pipeline via Helix4Git. More on Helix4Git >>
There are also some cons to using open source code for commercial projects.
Open source has strings attached. Most open source software falls into two licensing categories:
- Permissive (with few terms and conditions).
- Copyleft (with strict terms and conditions).
Downloading The Source Code
Downloading a repository from GitHub takes just two clicks.
At the top of each repository, beneath the row displaying the total number of commits, branches, packages, releases, and contributors, you’ll see a green button labeled Clone or download. Click on it and select Download ZIP.
By default, this will begin downloading the current repository’s master branch as a ZIP file. When complete, all you need to do is extract the archive to a local folder on your computer. Then, using a text editor, you can open any of the repository’s files in a much quicker way that doesn’t require a browser.
If you aren’t an experienced coder, GitHub can be a little confusing at first. If you just think of it as an open directory of source code, with a readme at the top level, it’s not too intimidating. Viewing source code using GitHub is simple, both locally and through its web interface.
The Security Issues
Using open-source components in large software projects reduces development costs, shortens the end-to-end development time, and—it has been argued—promotes innovation. Because it frees your development staff from the mundane, it allows them to focus on the unique and market-attractive aspects of your product.
There are some open-source products that have a commercial entity behind them. The organization releases their product under a dual-licensing scheme. A commercial version will have an official, professional, support channel, and may contain other benefits like proprietary extras that are bundled with the product. They also release a community-supported version that will benefit from the coding efforts of the commercial team as well as from the contributions from its own community. Significant community contributions will also make their way back into the commercial version.
However, the majority of open -source projects are completely community-driven. They may have the backing of commercial entities, but that backing is donations and sponsorship, not code contributions.ADVERTISEMENT
Regardless of their provenance, the open-source components that are chosen to be included in new development projects tend to be well-established and reputable projects in their own right. They have earned a high degree of trust. But that isn’t always the case. Sometimes the functionality you need is available, but it is contained in a new and somewhat unproven project. But you’ve got the source code, right? You can do a code review of it.
From a security viewpoint, open source is neither more, nor less secure than proprietary home-grown code. It’s all human-written code after all. Advocates of open source point to Eric S. Raymond’s law that he named in honor of Linus Torvalds, which states that “given enough eyeballs, all bugs are shallow.” With enough people reviewing the code and beta-testing it, issues should be identified, characterized, and fixed quickly.
That’s true as far as it goes. But security issues are not necessarily bugs. A vulnerability can be a circumstance that arises as a side effect of complex logic in a project of many source code modules amounting to millions of lines of code. The product does what it is supposed to, and so it is seen to be working as intended. And so it passes code review, product verification, field testing, and gets a clean bill of health.
Outside of blind luck and happenstance, that review, test, trial, and release loop won’t unearth security vulnerabilities.
Open source software benefits the economy, even small businesses. Businesses can reduce software costs with open source code that’s free or low cost.