.png)
3 months ago
7
Open-source software is at least as secure as its closed-source counterpart according to 86% of surveyed tech experts. Consumer tech choice and EU competitiveness now depend on transparency, interoperability and good governance.
Open-source software (OSS) allows a community of researchers to scrutinize and enhance the code, fostering a dynamic environment for swift risk detection and mitigation. However, this transparency could potentially expose the platform to malevolent entities.
Conversely, the closed-source counterpart’s (CSS) inherent opacity provides a shield of proprietary protection, making it difficult for malicious actors to understand the software’s functionalities and exploit its vulnerabilities. Yet, this model relies solely on the vendor’s diligence to uncover and address all vulnerabilities.
While reverse engineering in CSS requires significant technical skill, the limited number of code reviewers could initially leave some vulnerabilities undetected.
For these reasons, consumer choice is increasingly viewed as pivotal, especially when it enables consumers to select different services and devices while retaining access to their data.
Key to an open-access environment that allows developers to fairly assess digital tools, fostering cross-industry collaboration.
CODE – Coalition for Open Digital Ecosystems
To help advance this open ecosystem, the Coalition for Open Digital Ecosystems (CODE), an industry initiative launched in late 2023, is championing the cause of open digital ecosystems. Coco Carmona, a CODE representative said that such ecosystems are beneficial for businesses, society, and consumers.
Speaking with Euractiv at CODE’s first Brussels public event, Cristiano Amon, CEO of Qualcomm, echoes this sentiment, stating that open technology democratizes the platform, allowing every company to innovate. He believes that if platforms are closed, innovation becomes dependent on a single company.
Amon argues that the economy is intrinsically digital, and if the platform is not open, small and medium enterprises (SMEs) with great ideas or relevance for a particular market in Europe will not have access to their customers through digital means.
Carmelo Cennamo, a professor at Copenhagen Business School and SDA Bocconi, underscored the importance of openness from a consumer perspective.
Cennamo said he believes that an open market can deliver fair and open competition, while Marisa Jimenez Martin, Director and Deputy Head of EU Affairs at Meta, explained that openness is fundamental to enhancing competitiveness in digital, as it provides choice to consumers and users.
When it comes to enhancing digital competitiveness, KPMG’s ‘Global Tech Report 2023’ concludes that “Lack of coordination is the top hurdle for tech function’s transformation progress.” One of the biggest challenges to digital transformation is collaboration breakdown.
KPMG reports that nearly 50% of firms view inadequate governance in their tech departments as hindering transformation efforts. Over a third have a risk-averse culture, and an equal proportion express concern over skill shortages within their ranks, contributing to significant delays in meaningful transformation.
Open-source as secure as closed-source
A recent report commissioned by Google, which evaluated the opinions of over twenty experts and more than seventy secondary sources, focused on five key questions related to open-source security, collaboration with the security research community, mobile operating system security comparisons between Android and iOS, and engagement with Vulnerability Rewards Programs (VRPs).
The report found that open source is just as secure as closed-source, with each approach presenting distinct trade-offs concerning transparency.
The report highlighted that third-party acquisition sites offer comparable, if not higher, compensation for Android vulnerabilities compared to iOS vulnerabilities, thereby incentivising bug-fix research.
Importantly, the report quotes industry leaders as saying Android security is on par with iOS security, as evidenced by vulnerability quantity and severity.
So, while the push for open digital ecosystems is gaining momentum, with industry leaders and experts recognizing the benefits of openness in driving growth, fostering innovation, and enhancing security, the digital economy continues to evolve, and the role of open digital ecosystems will undoubtedly become increasingly significant.
Developer diligence, and community support
The debate over Android vs. iOS security is largely shaped by one’s definition of security. Factors influencing device security include ecosystem uniformity, vulnerability rates, update regularity, and real-world exploit instances. Given the varying emphasis on these elements in security assessments, opinions can diverge on the relative security of iOS and Android.
In the realm of cybersecurity, the choice between Open-Source Software and Closed-Source Software transcends mere security considerations. Experts largely concur that both offer comparable security levels, with the decisive factor being the interplay of developer diligence, maintainer responsiveness, and community support.
The decision to opt for OSS or CSS extends to licensing, intellectual property, and business model considerations.
As one cyber threat intelligence expert notes, the choice ultimately hinges on customer requirements. This sentiment is echoed across industries and products.
Both OSS and CSS necessitate robust operational support and developer commitment. However, OSS, with its community-driven transparency, requires effective management to reap its benefits.
While OSS may seem cost-free, maintenance incurs expenses.
Unlike CSS, OSS cannot hide vulnerabilities, emphasizing the need for vigilant community oversight for swift vulnerability identification and resolution. This necessitates a governance-like structure, as noted by a senior executive at a Fortune 500 software company.
In the realm of software development, the merits of Open-Source Software are particularly pronounced for fully open projects.
Circumventing potential roadblocks
Joram Wilander, Director of Engineering at Mattermost, underscores that OSS empowers users and developers to contribute directly to the project, circumventing potential roadblocks such as workforce limitations, approval processes, and funding constraints.
Wilander said: “Fully open-source projects even allow users and developers to take things into their own hands and contribute feedback and fixes, should they choose to do so.”
This collaborative approach, he explains, accelerates the pace of security updates compared to Closed Source Software (CSS). A case in point is the swift resolution of the Log4j vulnerability that affected 35,000 Java packages, patched within 15 days before the Common Vulnerabilities and Exposures (CVE) disclosure.
Adam Murray, a content writer for Mend.io, remarks that OSS projects typically exhibit greater resilience against errors and security flaws than their CSS counterparts, with solutions for these issues often released at a faster rate.
Driving innovation, ensuring open markets
CODE and other leading tech firms argue that consumer choice should be the driver of innovation in Europe to ensure market contestability.
They say that consumers want to be able to freely select, use, and seamlessly move, across a range of connected devices and services, and customise their experience including apps, payment systems, or online services.
To make this possible, they say, the entire ecosystem must be empowered and supported to adopt open principles and standards.
However, on the regulatory side, CODE members believe that this can be done by supporting open standards and encouraging design patterns that allow the consumer to make a free choice.
Policymakers recently elected to the European Parliament will likely hear in the coming months, that when it comes to consumer choice, consumers don’t have to give up security to benefit from increased choice.
Paul Cormier, President and CEO at Red Hat argues that: “As new infrastructure is being built out, you can’t leave behind existing systems and tools. You need products and services that work with them. That’s the value of open-source (…) “The question is no longer whether your enterprise should adopt open technologies; the question is when—and how.”
[By Brian Maguire | Euractiv’s Advocacy Lab ]
Read more with Euractiv
English (US)