Data and AI Learning Group

Security Tips When Working on Open-Source Projects

  • 1.  Security Tips When Working on Open-Source Projects

    Posted Mon November 22, 2021 02:14 AM
    Edited by Justin Doebele Sun November 28, 2021 06:28 PM

    When weighing up the access to your project, one of the first and most important steps is to decide whether this will be proprietary software or whether it will be open source. The differences are simple, yet very important. Proprietary software is designed for a single purpose and is sold to a consumer as a compiled program, think of programs like Adobe Photoshop. As it is compiled, there is no way for a consumer to access the source code and so no way to change any of it. This is great if you want to sell something that many people will purchase but don’t want to lose, as selling your product will come with a licence to protect your property, brilliant for game developers, for example. However, open-source software proves to rise up in areas where proprietary software falls down, as bugs can be found in proprietary software that a user must wait for the developers to fix until they can use the system unheeded. Luckily, with the use of shift left testing, bugs are becoming less and less of an issue as they’ve noticed earlier on the development cycle.

    Open source allows the user access to the source code, to change it at will and make it their own. This means that users are able to amend the code according to their specific needs, letting people focus on customising the code to the project that they use it in. Most people also package their code with an open-source license, allowing people to distribute with credit, or simply use it as they wish. Examples of open-source software include Linux, the operating system that allows users to customise every part of their running system.

    Does This Make Code Insecure?

    It’s up to a wide interpretation as to whether or not open source software is more or less secure than proprietary software, as there are many arguments both for and against in that area. On the one hand, as users can look at the inner workings of the source code, those with malicious intent could look for exploitable weaknesses within the system and find ways of exploiting this weakness within the system. On the other hand, many say that open source is more secure due to the fact that people can look inside the code, and that it may be more resistant to bugs and errors as all of these can be found and reported to the developers, allowing for fast bug fixes and patches to improve the security. In fact, a user doesn’t even have to wait for the developer to fix a bug as if they are handy with the coding language used they can simply look under the hood and fix it themselves.
    If you find yourself using a program or software that relies upon open-source software, the best way to stay safe is to make sure you regularly check for and update said system. This way, you can catch any bug fixes as soon as they come in.