Is Open Source to blame?

In light of the recent Heartbleed code flaw discovery there seems to be a focus, in the coding news platforms, directed at open source software structures. While it is true this recent security flaw originated from a widely used open source software utility, it does not negate the fact that without open source software development there would be no internet security.

The black market of hacking programs and routines are born out of a programming community of sharing and cooperation. Additionally, the struggle for internet security is set against mass marketing, mass distribution, and mass code refinement, which grows and spreads through open source creation and manipulation of various programs and scripts. The only way we have been able to combat this onslaught of information infiltration is by utilizing an open source mindset that allows programs to interact and communicate and allows programmers to collaborate, build upon, and refine existing software platforms and to create new ones that better match the escalating technology demands.

Vulnerability, in programming code, is a part of the code structure or programming output that has an unintended result that can be exploited by another programmer. Sometimes, the exploit can be used for a positive purpose that improves the program or creates an alternate use not originally envisioned by the programs author. Alternately, the vulnerability or code flaw can be used to accomplish nefarious endeavors such as illegal information retrieval, security breaches, and other hacking activities, by accessing the code vulnerability. 

One saw often quoted is, "It's not a bug; it's an undocumented feature!".  Any code can have these vulnerabilities and any program or coding platform being used today, weather open source or not, that has a vulnerability exposed, can be exploited by the hacking community.

The solution some of the major decision makers are presenting is to start throwing money at open source programmers and groups, especially those who have fostered and maintain 'critical coding packages'. While I have nothing against monetary gain, I have to wonder if this is a viable fix or is it just a typical cooperate response.

The whole idea behind open source is differing agendas collaborating on a concurrent and on-going development that is available at no cost so any developer can use the code to further develop and modify the code. If money is added to the mix, will it not change the agendas? Open source has flourished and grown because of untethered access and the untethered access is a result of the code not being tied to money.

If the code remains free to the public then I will agree that better funding of open source projects is a great idea. Although, if the past is any indication of future behavior; monetary motivation doesn't promote and encourage free sharing and distribution of code.

by Jim Atkins 'thedosmann'

Memphis Web Programming

Share it now!