Perhaps you may have never heard of it. Perhaps you have heard of it. The point of this article is to discuss the differences and benefits between open source software, and closed source software. Open source software, for those that are still in the dark, is software that is released with the code behind it that makes it work, or at least that code is available somewhere, usually for free.
What’s the big deal about open source software? Well, there are plenty of opinions, good and bad, regarding open source software and it’s closed counterpart. For example, the popular web browser Firefox is available open source. That means that you can get the code, or at least the relevant portions of the code, that make the software work. Another example, any flavor of a Microsoft Windows operating system (eg. Windows XP, Windows Vista, and lest we forget, Windows ME), is considered closed source, meaning the goons at Redmond do not want you to see the code that makes it run. What makes open source software good? Well, take this example: if you look for “Mozilla firefox addons” on Google, you’ll get well over a million results. Google for internet explorer (another one of Microsoft’s closed source applications) add-ons, and…well the number is less impressive. Point being, open source software allows developers to write their own code to make the software better, more functional, and generally easier to use.
There are a lot of arguments from anti-open source folks out there that say releasing the full source code to ANY application, whether it is a software application that you run on your computer such as internet explorer or firefox, or a web application, such as osCommerce, a popular eCommerce engine, opens up a huge security breach. I beg to differ. Why? I’ll tell you why. For every 1 person that finds something in the source code of an open source program that could be used to breach the security of that particular application, there are 10 people that have already found it and figured out how to patch it up. Sure, you’ll need to download an update, but isn’t that better than allowing access to all 2,500 of your customers’ sensitive data? I’d say it is. Now lets take the example of Microsoft, who seemingly releases a new patch every day or so. Their code is closed to the public, so it should be pretty hard for somebody with bad intentions to get in there and figure out how to write a new virus or worm to exploit a security vulnerability in some seemingly obscure piece of code, right? Well, no, not quite. You see, every windows update you download is because somebody DID in fact find a way to do it, and they have already done it, and in most cases, have been doing so for quite a while. Once Microsoft finally realizes this happened, their team of programmers have to take the time to figure out how it happened, how to fix it, and then deploy the patch to the millions of Windows customers out there. Within that time span, a countless number of machines could have been compromised, as is often the case. Had Windows been open source, such as any flavor of Linux (another operating system similar to Windows), this could be prevented, or at the very least would have affected a much, much smaller number of consumers.
Speaking of Linux, for any of those tech gurus out there, or anybody that follows the news in general, how often do you hear of a new worm, trojan, virus, or any combination of the 3, being used against a Linux machine? Rarely. Why? Because they release the full source for it, and as I said above, there are 10 people fixing it at the same time as the one guy trying to exploit it. That, coupled with the fact that most “black hat” programmers, meaning, those that wish to write code to do bad things, simply just don’t bother writing virii, worms, etc, for Linux machines. Why? Because they know its generally a useless waste of time for them. It will be fixed within days. That’s not to say that open source software such as Linux does not get compromised ever, but it certainly happens a lot less often than closed source software such as Windows.
With that being said, which would you prefer? Using an open source eCommerce software such as osCommerce and having bugs and vulnerabilities patched within days of their discovery, or using a closed source solution which may take weeks or months to patch? Think about it this way, the vulnerability may be something as simple as a user being able to spam your store with fake orders. Or, they could do much worse, such as stealing all 2,500 of your customers’ sensitive data, like credit card numbers, etc. That would be a fun couple of days, wouldn’t it? Explaining to your customers why they were charged $800 to a bank in Nairobi on the same card they just used at your store. You would seem like a professional and top-of-the-line business, wouldn’t you? Oh, did I mention that most open source software is completely free of charge?