Oss on Janik von Rotz

Open Source Software = More Security

Mon, 07 Mar 2022 10:53:32 +0100

This post has been translated from Mint System - Open Source Software = Sicherheit.

Why is open source software more secure than closed source software?

Again and again we are confronted with the argument that open source software (OSS) cannot be secure because it is free. The “there is no free lunch” idiom is also often used. We will explain here why this argument is wrong.

First of all, it is important to know that software code is not comparable to tangible products. Software code has a special feature - it can be duplicated without considerable effort. This is rather difficult with a car, for example. Each production of a car costs the same. Code, on the other hand, is written once. So if you want to sell software, you can only do so through licensing. You sell the intellectual property, so to speak, but not the program lines.

Software code has a special feature - it can be duplicated without effort.

This raises the question: What is the value of software code if it can be easily duplicated? Our answer is simple. The value of software code is reflected in the number of systems / users that use and execute the code.

The value of software code is in the number of executions.

Therefore, the value of code increases with the number of systems / users that execute it. And that is exactly why most code is on collaboration platforms like GitHub or GitLab. You can find the code for millions of software systems there, for example the code for the Linux operating system, which made it to Mars.

These platforms are used by security researchers to find security holes in the code. An ecosystem has emerged where developers are paid to find and close security holes (see for example hackerone). Disclosing the code therefore creates more security.

Transparency creates security.

The opposite is called “security through obscurity”. This approach is no longer recommended by security researchers.

In summary, the following conclusions can be drawn:

The value of software code lies in the number of executions.
The number of executions increases when the code is on open platforms.
There are incentives to search the code on these platforms for security vulnerabilities and to close them.
Open source code is more secure than closed source code.

Open Source Software is not free

Fri, 07 Aug 2020 11:10:04 +0200

Open Source Software (OSS) is free to access. Everybody can download the code, change it and build something new. This requires expertise. Expertise that is hard to find on the market. Therefore open source software is not free.

Can you follow my argument? This thought originated from the claim people made about OSS. “If something is for free, it cannot be good”, many claimed. This is true in economics, but hardly applicable to OSS. Using OSS requires knowledge and competence. There is nobody to blame if it does not work. Even if you file an issue on GitHub describing your problem, it might simply be ignored.

Now the question arises: “Why should I acquire the experise of using OSS if I can pay someone to handle software for me?” Yea! Why the heck should I - in the digital age where the richest companies are IT companies - invest in digital know-how?
I obviously do not have to answer this question.

digital transformation

Oh boy, how I despise the term “digital transformation”. Everybody talks about it, but nobody knows about it. Is it about diversifying your investment portfolio across the IT sector? Is it about the paperless office? Is it about e-government? Is it about modifying the body with computer chips? Is it about talking with my fridge?

No no no and no, it is definitely not about these things. The digital transformation, to me at least, is about admitting that IT matters to your business model and therefore not treating it simply as a cost account in your financial reports. Software matters more than ever. If your company wants to persist, it has to see how software can be of help.

Using OSS fosters competencies and know-how for the digital age.

the new management model

Did you have business administration in high school and seen this picture:

The “The New St. Gallen Management Model” is a systemic management reference framework. This model is well known and accepted all over the world.
The IT process is often placed in the support process section. Most companies treat IT as cost account. In my opinion it must be treated as a core-process. Only then a company can truly utilize the advantages of software.

Make software your competence, find new ways to elevate your business model and never talk about digital transformation again.