Zug, Switzerland, 8 February 2021 – Open source has become an indispensable part of many companies, yet some stubborn prejudices about the supposed insecurity of open source solutions persist. VNC, a leading developer of open source-based enterprise applications, is putting an end to this.
Open source is a success story and is used in countless small and large companies. Even a large software company like Microsoft, whose former boss Steve Ballmer once compared the Linux operating system to a “cancerous tumour”, is now involved in many open source projects and uses open source software components in its applications and services. Nevertheless, some doubts about the security of open source persist – be it because skeptics are not familiar enough with the development processes in the community or because the key players who earn their money primarily with proprietary software continue to nurse long-outdated resentments. Yet many companies choose open source precisely because of its high security. VNC lists the most common misconceptions about the security of open source and explains why they are unfounded:
- Vulnerabilities are visible to everyone: This is true – and on closer inspection, a big plus in terms of security. Not only can cyber criminals search the freely available code for points of attack, but all other interested developers and companies can as well. In the end, there are far more eyes watching over the quality of the code than with closed source, so that possible vulnerabilities are quickly discovered. In addition, the community deals transparently with all security leaks, whereas with proprietary applications it is often unknown what vulnerabilities lie dormant in them.
- No one checks all the code: Wrong. Companies and authorities with high security requirements carry out targeted audits or call in specialists who check the code for bugs and vulnerabilities in extensive testing processes. With proprietary applications, this is usually not possible, and if it is, then only under certain conditions and with considerable restrictions. Many companies that play a decisive role in driving the further development of applications regularly commission independent auditors to closely examine the code. Openness is not just a façade – it really is used intensively.
- Anyone can introduce bugs and backdoors: Theoretically, this is possible, but open source projects have a very controlled development process. All changes to the code are documented and meticulously checked and tested by the community so that problematic lines of code can be identified and sorted out. Only changes and features that have successfully passed this code review find their way into the final stable program. This process not only minimises the risk of security gaps, but also of stability and compatibility problems. With closed source, the risk of security and data protection breaches is far greater because no one can control the code. This is also shown by the speculations that repeatedly arise about possible backdoors in non-open firmwares and operating systems.
- Nobody cares about bugs and leaks: Open source projects are not a collection of hobby developers working together in an unorganised way. Behind many open-source applications is a large community of committed developers and companies, in which there are fixed procedures and roadmaps. The resources are often more extensive than those of proprietary software providers, so that bugs and errors are often fixed much more quickly. In addition, the community usually maintains its applications for much longer: even old programme versions are provided with security updates and other improvements for several years.
- There is no professional support: Some companies are concerned that they will not receive professional support for open source software. However, the companies involved in open source development usually offer highly professional support – this is an important part of their business model. Numerous service providers have even specialised in the support of open source applications. They help companies set up and operate the software securely, take care of problems and, if necessary, make individual adjustments that are usually not possible with proprietary programs.
“The decisive advantage of open source in security matters is transparency: users do not have to rely on the assurances of a manufacturer that a software fulfills certain security and data protection requirements. They can count on the watchful eye of a large community and carry out their own checks at any time,” emphasises Andrea Wörrlein, Managing Director of VNC in Berlin, Germany, and member of the Board of VNC AG in Zug, Switzerland. “This does not mean that open source is automatically safe, but a committed community and a controlled development process ensure reliable, safe and trustworthy software.
VNC – Virtual Network Consult AG, based in Switzerland, Germany and India, is a leading developer of open source-based enterprise applications and positions itself as an open and secure alternative to the established software giants. With VNClagoon, the organization with its global open source developer community has created an integrated product suite for enterprises, characterized by high security, state-of-the-art technology and low TCO. VNC’s customers include system integrators and telcos as well as large enterprises and institutions. Further information: https://vnclagoon.com
VNC – Virtual Network Consult AG
Phone: +41 (41) 727 52 00