On the Back of Open Source

Much of today’s Internet runs on innovations created and maintained by developers worldwide working for free. Some of the most popular web servers and browsers, database servers and clients, and network security protocols run entirely or in part on code contributed by communities of people who write code for love of the game. Open-source code is used in non-commercial and commercial products alike, free but essential components for both zero-cost and pay-to-use software packages.

It is difficult to think of another industry that makes such extensive use of free labor. Imagine if medical services were provided for free, or legal advice were freely dispensed, or if we never had to pay to watch movies or listen to music because the artists created their works simply to express themselves and share their passions. And yet, that’s how it is with much of the software we use every day.

For nearly three decades, software developers have reviewed and contributed new code and bug fixes to open-source software projects. Advocates for open-source development argue convincingly that with so many expert eyes focused on the project, all bugs become easy to spot and to fix. That doesn’t mean open-source software is perfect, as the Heartbleed bug’s assault on OpenSSL since 2014 and other vulnerabilities demonstrate. Programmers are human, after all, and the attention of the group can sometimes be as distracted as that of an individual. The security of an application depends on the attentiveness of the developers committed to it. With more developers working on a project, the chance that at least some of them are scrutinizing the code closely enough is greater than if fewer people work on it.

The problem, however, is that some critical open-source projects are stretched rather thin. Despite decades of success, some extremely important projects, such as OpenSSL, have just a few core developers. This raises concerns over the sustainability of open source software development as a way to meet the ever-increasing demands of the Internet and its users. With millions of people depending on code open-source developers write, is it fair to place so much burden on tiny teams of people working for free or for just a fraction of what they could make as part of a for-profit software team? And, of course, is it wise to entrust so much power and authority to them?

Commercial users of open-source software components should fund open-source projects more generously. Microsoft, Google, Facebook, and other tech giants rely heavily on the contributions open-source developers have made to software projects and services over many years, and they thus have a vested interested in making sure these project remain stable, secure, and compatible with the latest technologies. Without adequate funding from the companies who benefit from open-source technology, key open-source projects will continue to be understaffed and, as a result, remain at greater risk for having bugs sneak past overworked review teams. Companies will then have to take on the software development task completely in-house. This will increase their costs and, worse, lead to greater fragmentation in the industry, weakening standards and creating incompatibilities that make the Internet far less convenient for people to use.

Supporting open-source software is not only the fair and wise thing to do; it is good business. The open-source movement is one of passion and openness. Let’s show it a little more love.

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *