The World Is Less Safe Than Ever for Open Source Software

While open source has made huge inroads, there are several factors (internal and external to the open source community) working against it.

Christopher Tozzi, Technology analyst

June 27, 2019

5 Min Read
The World Is Less Safe Than Ever for Open Source Software

Microsoft announced recently that it is adding a Linux kernel to Windows. To most folks, the move is the latest proof-positive sign that the open source community has won out over the company that once deemed Linux a threat, and whose former CEO called Linux a “cancer.” But I’m not so sure. Yes, Microsoft now loves Linux, and companies everywhere now rely heavily on open source. Yet I don’t think this means that the battle fought between open source advocates and closed-source software companies like Microsoft was actually won by the open source camp.

The Success of Open Source

There is no denying that open source software programs and platforms have made enormous gains in terms of market share and mindshare during the past two decades. A majority of the world’s smartphones run an operating system, Android, that has an open source core. Visit any website, and, likelier than not, it’s hosted using NGINX, Apache or another open source Web server. And Microsoft, once the arch-enemy of open source, has steadily announced a slew of open source initiatives in the past five years, from support for Microsoft SQL Server on Linux to the open-sourcing of Windows calculator.

Microsoft is not the only proprietary software company to join the open source bandwagon, by the way. Lots of other major companies not traditionally known as supporters of open source--such as Amazon, SAP and Intel--also contribute tremendously to open source development.

Against this backdrop, it’s easy to conclude that the open source community won handily in its battle against Microsoft and other companies that once viewed Linux and open source as a grave threat not just to their business, but also to intellectual property rights and innovation (at least, that was the argument that these companies once used against open source).

Open Source's Failures

But I’m more of a pessimist when it comes to the state of open source software. I don’t see the pervasiveness of open source code as confirmation that open source has actually “won.”

On the contrary, I believe that, in many ways, times have never been tougher for people who endorse the core ideas behind the free software movement: That software works is better for everyone (developers, users and partners) when source code is transparent and can be freely shared.

Consider the following ways in which the principles, if not the product, of the open source software movement remain under threat today:

  • Open source “cores.” If you look at the way that many companies are using open source today, you’ll notice a trend wherein they open source only part of their products. For example, Android and Google Chrome are both based on open source codebases, but the products that reach end users are not fully open source. The companies that use these platforms get free code contributions from the open source community, but they wrap their products in closed-source shells that deprive end users of the ability to inspect or modify the products’ source code.

  • Software as a Service (SaaS). As folks like Richard Stallman have pointed out, the cloud-based, SaaS delivery model makes software fundamentally non-transparent and unmodifiable due to its architecture. It doesn’t matter if your cloud-based app is open source because you, the end user, never touch the program itself; you simply interact with it over the Internet.

  • Poor security reputation. From the Equifax breach (which targeted an open source framework) to the Heartbleed bug (which involved a vulnerability in an open source encryption library), the open source community has suffered a string of setbacks on the IT security front. Open source advocates would point out that the open source development model is more secure than the “security by obscurity” strategy inherent in closed-source code; still, recent open source security issues have created a poor reputation for open source software among many IT professionals.

Open Source as Virtue Signaling

In light of these trends, I tend to think that when many companies announce the open-sourcing of a codebase, or new support for an open source platform, what they are really doing is “virtue signaling.” In other words, they are using open source to bolster their own images as companies committed to transparency and cooperation with the community.

If companies that have positioned themselves as pro-open source believed fully in the open source philosophy, they would open source their products completely, not deliver platforms whose “core” is the only open part. They would embrace novel licensing strategies designed to limit the co-opting of open source projects by SaaS providers, such as the one Confluent announced late last year. And they would take a firmer stance on the open source security issue, siding with open source fans who believe that security is ultimately better when anyone can inspect source code and find vulnerabilities.

It’s great that Microsoft Windows will now include a Linux kernel, and that Facebook sponsors some open source projects (which many non-Facebook employees help to develop) to support its SaaS platform. But I don’t think this is what true success for the open source software movement looks like.

About the Author

Christopher Tozzi

Technology analyst, Fixate.IO

Christopher Tozzi is a technology analyst with subject matter expertise in cloud computing, application development, open source software, virtualization, containers and more. He also lectures at a major university in the Albany, New York, area. His book, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” was published by MIT Press.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like