Open Source Software = More Security

This post has been translated from Mint System - Open Source Software = Sicherheit.

Why is open source software more secure than closed source software?

Again and again we are confronted with the argument that open source software (OSS) cannot be secure because it is free. The “there is no free lunch” idiom is also often used. We will explain here why this argument is wrong.

First of all, it is important to know that software code is not comparable to tangible products. Software code has a special feature - it can be duplicated without considerable effort. This is rather difficult with a car, for example. Each production of a car costs the same. Code, on the other hand, is written once. So if you want to sell software, you can only do so through licensing. You sell the intellectual property, so to speak, but not the program lines.

Software code has a special feature - it can be duplicated without effort.

This raises the question: What is the value of software code if it can be easily duplicated? Our answer is simple. The value of software code is reflected in the number of systems / users that use and execute the code.

The value of software code is in the number of executions.

Therefore, the value of code increases with the number of systems / users that execute it. And that is exactly why most code is on collaboration platforms like GitHub or GitLab. You can find the code for millions of software systems there, for example the code for the Linux operating system, which made it to Mars.

These platforms are used by security researchers to find security holes in the code. An ecosystem has emerged where developers are paid to find and close security holes (see for example hackerone). Disclosing the code therefore creates more security.

Transparency creates security.

The opposite is called “security through obscurity”. This approach is no longer recommended by security researchers.

In summary, the following conclusions can be drawn:

• The value of software code lies in the number of executions.
• The number of executions increases when the code is on open platforms.
• There are incentives to search the code on these platforms for security vulnerabilities and to close them.
• Open source code is more secure than closed source code.