Friday, May 28, 2021
By Fuel HQ
Open source software has come a long way from its early days. But that doesn’t mean misconceptions and myths no longer exist. We spoke with members of the Fuel Editorial Advisory Committee (EAC), who serve across different industries, to get their perspectives on open source and help us do a little myth busting.
Below is a rundown of our contributors and the sectors they serve. Dive into each misconception to get their takes on it.
Charles Buege (CB): Works for an industrial internet of things (IIoT) company that specializes in the telematics/fleet management field
Terry Newton (TN): Works for a small, rural public school (K-12)
Laura Penhallow (LP): Works for a proprietary trading firm in London
Misconception No. 1: It is difficult/impossible to get support for a product.
CB: We’ve found this to be the opposite. In the past, if you worked with a commercial product that was a framework, application language, etc., and you needed assistance, you paid for support and development help. This meant someone had to understand your code, what you were working on and took time to get back to you.
While this exists to a degree in the open source community, there isn’t as much explaining to do. If you’re working with a particular framework and can’t figure out a function within it, even after looking in the documentation (which tends to be extensive in open source products), posting your question out to a support forum tends to get a response within a matter of hours instead of days. In most cases, the answer is not only exactly what you are looking for, but you tend to get several different answers for your singular question, giving you options.
TN: Before I began working at my school, they did not use open source solutions. They wanted to use brand name products, because if there was a problem they could go back to the company and complain. With open source solutions, they were also afraid of holes in security that might allow data from the students or school to be released.
Another misconception is the licensing and because several programs are free to use, there is no support. However, with open source, there is a large group of people that have probably seen the problem and can come up with an answer or have several ways of getting a better product. Sometimes open source can provide more support than brand name products.
LP: This isn’t as much the case in the firm I’m at now, but in finance there is a general fear of being able to hold someone responsible if software goes wrong, has a vulnerability, etc. When working on SOX certification for my last firm, the auditors were thrilled to get all the company names of the products we used. However, looking at this objectively, if you were breached due to an exploited vulnerability in software you were running at your firm, how would pointing the finger at Company XYZ help you?
Open source software is written by people, in many cases the same people that work for commercial firms. The fear is subsiding, but I think that finance — especially heavily regulated finance where there are natural person entities or payments involved — will be among the last to the party.
Misconception No. 2: Open source software is insecure/vulnerable.
CB: Software is only as vulnerable as you allow it to be. In my experience, today’s open source projects are more secure than a lot of commercial products out there. They rarely ever allow you to run http — requiring https, in the case of web server-based software packages. Their code is secure six ways from Sunday, and there is almost no way for a malicious actor to inject infected code into a product that gets released because it is checked by so many eyes, automated systems and security applications before “going out the door.”
TN: All software, open source or proprietary, can be insecure. With a group of people working on the software, there is the ability to get multiple views because they are coming from multiple fields. With open source, everyone working on it can contribute to a more stable and secure platform.
LP: Open source is written by that guy in the hoodie right? He wants all our stuff.
In the days before massive repository sites like GitHub were organized, this was a little true. But now, open source in some cases might be more secure than larger commercial products. Bug fixes and patches can get quickly written, tested and made available to users to deploy in their organizations. This level of agility can be difficult for a commercial software company to achieve.
Is open source more vulnerable than commercial software? That’s hard to say. How many bugs does Microsoft patch every month? (Hint: North of 50 almost every time!) At the end of the day, it’s software written by humans, and we make mistakes wherever we work.
Misconception No. 3: Open source software is unstable/buggy.
CB: This used to be true, but the more I’ve worked with open source projects, the more the opposite is true. Nearly every open source project I work with, the team strives to prove themselves to be as good as, if not better than, commercial software companies. They realize that those companies and everyday users who utilize their software need their products to run as stable as possible from day zero as they can. They also realize that, in the instances where this is true, if their open source product is something that is a precursor to a commercial product or is in competition with another commercial product, they need to step up their game and get as good of a product out there as possible to be competitive.
TN: In my experience, I’ve been using an open source project and it has worked well in reimaging desktop computers in the district. They are updating the software as needed but probably less than some of the major brands that update on a daily basis.
How does your industry feel with regards to open source software? Does it allow the software, discourage the software or somewhere in between?
CB: For our company, we live and die by open source. There are so many open source-based frameworks and components that we build into our application that, without it, we wouldn’t exist. Open source is the only viable way to get some of these frameworks to thrive. If it wasn’t for the large community of users and developers contributing, updating, expanding functionality or debugging, the tools that we use for our application would need to be developed in-house and would take longer to write.
TN: Prior to my joining the district, they only used brand name software. I have been using Fog Project to image desktops. This has been a lifesaver to make sure I had images of the master, then be able to redeploy if necessary. In a lab where students are using them when there is a problem with the desktop, instead of taking it down and having multiple USBs or disks to install all software, I was able to image it with just a few clicks in Fog. If I can find the open source software to do a job, there is no problem.
LP: My organization thrives on open source software. We even encourage our tech teams to “give back” and contribute to open source projects that we’ve benefitted from. However, I have worked for different financial services companies that were regulated differently and open source software was approached with a little more caution.
Click here to view part 2 of the Open Source series.
More to Explore
Check out these Fuel blog posts for further reading: