Over the last decade, the perception of open source software has improved drastically. Proprietary software is increasingly seen as limiting due to concerns regarding both future flexibility and vendor lock-in. Today the open source model is much better understood, and organizations from Facebook to Google and countless others are recognizing open source as vital to the future of digital business and government services. And most organizations are already leveraging it in some aspect of their IT operations. Commercial open source in particular provides a platform for technology that’s customer-ready – and ready to be productized. Yet despite growing acceptance of open source, organizations are still concerned about indemnities and security. We’ll take some time to debunk the myths about open source lacking security.
Open Source Community Provides Platform for Secure Innovation
Open source communities collaboratively develop new innovations with a global network of developers, architects, and subject-matter experts. Increasingly, these communities are widely recognized as a vibrant resource, providing professional feedback from industry experts—feedback that can help organizations develop more robust code, faster fixes, and even innovations and improvements that enable new services. In a proprietary model, the software is only as good as the small set of developers focused on it. Organizations that lean on third-party vendors for their proprietary software may feel more secure, but that security is an illusion: in the name of proprietary IP, vendors can easily shield enterprise customers from finding out if their code has security holes or not—until hackers start exploiting those holes.
Featured Download: Social media access at work. Do your employees know the rules?
Although some enterprises have hesitations concerning security, the large global network of contributors in the open source community does extremely high-quality work, and they are very protective of their reputations. Because the entire community can see their work, their professional credibility is on the line every time they release code. People therefore have an incentive to not release code until they’ve thoroughly vetted it. Once they overcome these security fears, enterprises begin to realize there are stable new releases that can maximize the quality, efficiency, and overall value of the software. As a result, enterprises are now free to focus on the value of building new and innovative services rather than on the technical underpinnings that make these services possible.
Commercial Open Source – The Best of Both Worlds
Organizations that leverage commercial open source software benefit from the best of open source and proprietary models. Enterprises desire a development model that fosters ongoing innovation. In the open source development model, organizations can contribute code tailored to their needs back to the project. With commercial open source, any new code is put through a rigorous quality assurance (QA) process to protect the security of enterprise customers and their end users. Modifications that have value for the wider base of enterprise customers are vetted and then accepted into the code base by the community. Maximizing the value of open source requires a strong relationship with a commercial open source vendor that encourages community creativity and contributions. Enterprises are also able to contribute code to support their businesses. Commercial open source vendors provide the support and rigorous product development process, including testing against databases, containers, and QA, that are typically provided when developing proprietary software.
Open Source Critical to Future of Digital Business and Citizen Services
The market is being massively disrupted as enterprises and government organizations steadily move toward a fully-personalized, omni-channel and integrated digital experience built upon mobile, cloud, the Internet of Things (IoT) and social media technologies. Existing technologies struggle to keep pace in breadth and depth of capability. Utilizing open source can be a critical enabler for accelerating rate of change for the new customer-centric digital experience. Open source development models provide the flexible open architectures and limitless scalability that are essential to building innovative, agile, and robust solutions with ease and speed.
Measuring Value of Open Source with High Levels of Security and Innovation
If an organization isn’t already using open source, they may be behind the times. The success of open source should be determined by its ability to provide a high level of security and innovation. Gartner predicts that by 2016, 99 percent of the Global 2000 will use open source. Andrea Di Maio, a Gartner analyst, noted open source is becoming increasingly popular with governments as they look for ways to reduce spending and increase efficiency. This wouldn’t happen if open source wasn’t secure. Open source provides security validation through its transparency—something proprietary software cannot do.
Truly innovative organizations are focusing on increasing strengths that enable them to execute better and faster, and more importantly, to improve customer engagement. In today’s world of ever-growing digital businesses and services, commercial open source provides an ideal platform for organizations to focus on providing value to customers and increasing revenue streams.
By Daniel Raskin, Vice President of Marketing, ForgeRock
About ForgeRock
The frontman of the open identity stack, ForgeRock — backed by Accel Partners, Foundation Capital, and Meritech Capital — powers the world’s largest companies and government organizations with the most disruptive identity solutions. Our goal is simple: to deliver the best open source identity stack for securing anything, anywhere, on any device. – See more at: http://forgerock.com/about-forgerock/how-we-started/#sthash.s46IKbQd.dpuf
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.