\ ‘ō-pən-’sors \, adj.
Having source code freely available for modification and redistribution.
At first encounter, open source sounds like something an avid yogi might achieve en route to nirvana. In reality, it’s a reaction to a particular kind of tech-induced headache and essentially a fancy word for “sharing.” In 1991, early hackers built the open-source Linux operating system in response to the sometimes maddeningly-closed systems of Apple and Microsoft. Software like WordPress and Drupal have followed suit, making source code freely available to the public to encourage infinite customization and, in theory, improvements.
Open source was birthed because closed systems stunted innovation with their cost to access. But while free, open source solutions opened up engineering opportunities by reducing barriers to development and improving accessibility, other problems arose. Security was easy to compromise, making the software an easy target for ill-intentioned hackers.
“Because everyone can see the software and how it’s built, it makes it easier for people to break in,” says George Usi, CEO of SACTECH, which specializes in cybersecurity compliance. “You know what you’re trying to rip apart because you can see under the covers,” he adds.
If the idea of transparency in software strikes fear in your heart, good luck trying to avoid it. The State of Open Source Security 2017 cited that 80-90 percent of all commercial software developers use open source components within their applications. Usi says that a lot of the products on the market today — such as ARRIS, a common cable modem — use open source modules within their programs to some degree, even those with products labeled as proprietary. Also consider the Equifax breach of 2017, which resulted in millions of sensitive records being exposed through the exploitation of a vulnerability in an open source component of the company’s database.
“The bad mojo with open source comes from the thinking that ‘If it’s open, it must be dangerous,’” Usi says.