Thursday, 21 February 2019 12:00

Is open source secure?

Access to source code

If you want to find out exactly what open source is, read the article "Open source - what is it and what do you need to know about open code?" and blog post about costs of open source apps.

Full access to the source code allows you to see what is stored in it and the producer cannot hide anything from you. You are also able to verify your own security and if you find vulnerabilities - react quickly enough.

This is a significant advantage of open source applications over closed applications. Producers of closed software may delay the publication of patches, and users are forced to wait for updates. During this time, the company’s data is constantly exposed to possible hacker attacks. It is worth emphasizing that in 2016 more than 6 million attempts of cyber-attacks on Polish users were made, and this number is still growing.

Open source community

Possible flaws in the code are verified not only by system users and the producer. There are communities gathered around open source projects and members, among other things, participate in the code development and verify its security. The largest community of developers can be found on GitHub. Thanks to them, security flaws are found much faster and then more efficiently fixed. Open source enthusiasts write and share lines of code with others for free, which is especially important in the case of quick response to attack threats.

Audits and standardization of apps

Code security is guaranteed not only thanks to its continuous analysis by users and developers, but also thanks to external audits and standards. OWASP ASVS is one of the most demanding standards that guarantee security and it has been implemented in the YetiForce CRM system. Verify whether your application has implemented similar standards to ensure that your data will be properly secured.

Popular tools used to control the code quality and security are SymfonyInsight and Code Climate. They pinpoint errors and security gaps, so it helps to verify the security of data stored in the application.

The use of adequate safeguards guarantees that open source applications have at least the same level of security as their closed source counterparts. However, code verification by many external developers means that the security level is often even higher.

Read 1080 times