Software Code

Open source software is not a problem

Security flaws recently exposed in Apache are serious, but open source software should not take the blame, says Jason Walsh
Blogs
Image: Markus Spiske/Pexels

19 January 2022

Security breaches are certainly newsworthy events and you can expect to hear about more of them as information technology becomes ever more integrated into every aspect of our lives.

Unsurprisingly, then, vulnerabilities in core pieces of software are big news, and the revelation in December that a bug in the Apache Java library Log4j was being widely exploited was no exception. One report in the Financial Times is worth dwelling on for a moment, saying the “alarming” vulnerability (a fair description) “raises serious questions about open-source software”. Does it?

The worry with some of the reporting around the recent Apache vulnerabilities is that it could undo two decades of hard graft explaining to people outside the industry that making code freely available is a good idea. Not only does it allow developers to check code for problems (whether or not they actually do this is another question), but it has massive economic and cultural benefits.

 

advertisement



 

Think about it: without Linux, server software licences would still be the norm and few of us would want to go back to the days of spending €250,000 on a Sun pizza box, no matter how spiffy they were. MySQL, meanwhile, may not be quite as powerful as Oracle Database, but MySQL allows start-ups and even one person businesses to get up and running in minutes. 

Free and open source software is essential to pretty much everything today. Indeed, the ‘LAMP’ combination of Linux, Apache, MySQL and PHP alone runs much of the web as we know it. Want to run a website? There’s a good chance you’ll be using WordPress, which runs atop Apache and MySQL, is programmed using PHP, and the whole thing runs on Linux servers. Adding other software provided by your hosting company? It’s the same story.

Software engineer Jeffrey Roe said the real issue is people need to work to get things right.

“It’s a broad generalisation, but a lot of open source projects are designed to get you up and running quickly. A lot of people don’t always get things configured correctly,” he said.

Roe is also director of Dublin’s Tog hackerspace, a place where hobbyists can come together to learn and work on tech projects. This movement, which has spread across the globe in recent decades, would be unimaginable without free software precisely because many tech companies have been working hard to lock down both hardware and software in the hopes of locking users in.

Skills are obviously the answer, or course, but in addition new methodologies that result in better control over software projects, replacing giant lumps of projects with bite-sized chunks and clearly-defined responsibilities, would go a long way. 

This will take time, Roe said, but it is happening.

“The way the modern software stack is we’re moving away from one person having total control [but] DevOps hasn’t come to full maturity yet. It is getting better, but it demands an organisation of a certain size and with certain resources,” he said.

Read More:


Comments are closed.

Back to Top ↑