Why Open Source Is a Safe Choice for Government Agencies

Eddie Garcia | GCN | October 14, 2015

Already prevalent in big data applications and many other software solutions regularly employed by agencies, open-source technologies are a natural fit for the public sector. Their ability to combine distributed peer review and transparency drives software innovation at an accelerated pace and at a significantly lower cost. However, as the use of open-source technologies has increased -- particularly within large enterprises and federal agencies -- concerns have shifted dramatically from who owns or has access to open-source code to the potential security risks.

Open-source software isn’t necessarily less secure than proprietary products. In fact, the communities that support some of the better-managed projects are at times more responsive to security threats than vendors of strictly proprietary systems. Let’s explore two misconceptions about open-source security.

Misconception: Open-source code is readily available to hackers who are taking advantage of vulnerabilities before they can be fixed.

Truth: Thousands of security engineers, cryptographers and developers in the open-source community are regularly searching for vulnerabilities and, more often than not, fix them before anyone else notices.

Vulnerabilities are always present in software, but because of the sheer number of community-oriented contributors and the speed of innovation within open-source projects, they are often noticed and fixed more quickly than those in their proprietary counterparts. Often, proprietary software vulnerabilities are not noticed until they are hacked...