Open source: Security through transparency

Simon Moffatt, solutions director, ForgeRock

The contrast between proprietary and open source software is as old as the IT industry itself. Software in almost every category is available either from suppliers who develop and market their code by themselves or from developer communities who work with open code.

Over the last decade, according to Simon Moffatt at ForgeRock, the aversion to using open software, especially in the corporate field, has undergone a marked change. Managers realised that if even IT giants such as Facebook, Google and Amazon were relying on open source, ordinary companies should be able to do so too.

The advantages of open source are well known: lower costs, the security and higher quality that arise from a large developer community and the absence of ties to one manufacturer are powerful arguments. In some areas open source products are already leaders in their field. Linux, Firefox and WordPress, for example, are hugely successful in the consumer sector. MySQL, Apache, Free BSD, Zimbra and Alfresco are frequently encountered in the corporate environment.

However, the distinction is not black and white: software cannot simply be divided into open and closed, free and non-free, open source and proprietary. There are all sorts of subcategories, which give rise to huge differences in their licensing terms. For companies, however, it is largely only the categories of open source and proprietary software that are of relevance, and it is the combination of the two in the form of commercial open source software that in fact provides the best of both worlds.

Below is a summary – by no means complete – of the most important categories of software on the market. Software is divided roughly into “free” and “non-free”, with a special category that combines open source and proprietary software.

Free softwareNon-free software
Free software

Free software is software that comes with permission for anyone to use, copy and/or distribute it, either unchanged or with modifications, gratis or for a fee. In particular this means that the source code must be available. Proprietary software companies usually use the term “free software” to refer to the price.

 Non-copylefted free software

Non-copylefted free software comes from the author with permission to redistribute and modify it and also to add additional restrictions to it.If a program is free but not copylefted, some copies or modified versions may not be free at all.

Open source software

The term “open source” software is often used with the same meaning as “free software” but the two are not completely identical. However, the differences in extending the category are small: all free software is open source, and all open source software is almost free.

Proprietary software

Non-free software is any software that is not free. Its use, redistribution or modification is prohibited, or requires you to ask for permission, or is restricted so much that you effectively can’t do it freely.


The best of both worlds: Commercial open source software

Open source software is widely used for free-to-access non-commercial applications. In addition, many independent software producers, value-added resellers and hardware manufacturers use the open source software framework, individual modules or even entire libraries for their products and services. From the customer’s point of view, in terms of standard commercial criteria such as reliability and support open source technology is an attractive option. As with typical commercial software, customers are willing to pay for legal protection against infringement of intellectual property rights and also for professional support, training and advice. At the same time they benefit from the development and innovation capacity of open source software.



Free softwareNon-free software
Public domain software

Public domain software is software that is not copyrighted. If the source code is in the public domain, that is a special case of non-copylefted free software, which means that some copied or modified versions may not be free at all.


Copylefted software

Copylefted software is free software whose distribution terms ensure that all copies of all versions carry more or less the same distribution terms. This means, for instance, that copyleft licences generally disallow others to add additional requirements to the software. This shields the program, and its modified versions, from some of the common ways of making a program proprietary.


Private software

Private or custom software is software developed for one user (typically an organisation or company). That user keeps it and uses it and does not release it to the public either as source code or as binaries.



The term “freeware” has no clear accepted definition, but it is commonly used for packages which permit redistribution but not modification (and their source code is not available).



Shareware is software which comes with permission for people to redistribute copies, but says that anyone who continues to use a copy is required to pay a licence fee.

Shareware is not free or even semi-free software.

There are thus many different types of software, with software of different origin being used to meet different needs. Many software solutions are available in different versions, with different licence conditions and often a different range of functions. However, a general cultural change is taking place in favour of open source. For example, the EU and the government of the USA are investing huge amounts of money to increase their use of open source. And at CERN, which has long been a pioneer of IT, scientists are being encouraged to conduct their research using the next generation of open solutions.

The trend is no longer limited to software. “Open hardware” is now becoming widespread: the Raspberry Pi, the Kano, the Arudion, the Firebox-based MatchStick, the NAO and the Hummingboard are all examples that show how open projects are gaining momentum and awakening new trends, such as the Internet of Things. And yet open source is not something really new. The ultimate open source computing platform is still the mainframe, which was also the nucleus of the present personal computer and hence has always represented a significant open source community.

Security concerns with open source? Quite the opposite!

With the increasing acceptance of open source software, pure proprietary software is losing ground in the market. Many users have doubts about the future flexibility of proprietary software and many experience dependence on the supplier as an unwanted restriction.

As they eye up the future of digital business and government services, companies such as Facebook and Google regard open source as indispensible; most providers are already using open source in various areas of their IT operations. In particular, open source solutions provide a platform for customer-ready technology that can be customised for different products. Nevertheless, despite the growing acceptance of open source, companies still have concerns about liability and security. But what are the facts of the case?

The preconception that open source software is not secure is certainly not valid. The worldwide network of developers, architects and experts in the open source community is increasingly being recognised as an important resource. The community provides professional feedback from experts in the sector who can help companies produce more robust code and create patches faster and can develop innovations and improvements to new services. In a proprietary model the software is only as good as the small group of developers working on it. Companies that rely on third-party vendors for their proprietary software may feel safer, but they are labouring under an illusion: in the name of proprietary intellectual property producers can easily prevent business customers finding out whether there are security flaws in their code – until hackers exploit them. There have been numerous examples of this in the recent past, causing problems for many customers.

Because of the high level of transparency within the open source community, the work of this network of experts is of first-class quality; members attach great importance to maintaining an unblemished reputation. Nobody puts their professional credibility at risk when the whole community can view the code published under their name and comment on it. In consequence community members subject their newly compiled code to painstaking checks before they publish it. This should allay the unjustified fear of security flaws. 

Commercial open source solutions – a give and take

Naturally companies want a development model that supports continuous improvement. The open source development model enables companies to support the project in a technologically appropriate way with code tailored to their requirements – and hence to give something back to the community. In commercial open source software all new code undergoes a strict quality assurance process to ensure the security of corporate clients and their end users.

Changes that are of benefit to the wider body of corporate customers are checked and the community then adds them to its codebase. To be able to utilise all the advantages of open source, there must be a close relationship with a provider of commercial open source solutions. This is essential in order to promote creativity and contributions within the community. Companies can also provide code to support their business. Providers of commercial open source solutions supply the support and the strict product development process, including the tests with databases, containers and quality assurance that typically form part of the development of proprietary software.

Open architecture plus unlimited scalability provides reliable solutions

Social media, the cloud, big data, mobility, virtualisation and the Internet of Things are constantly turning IT upside down. Existing technologies struggle to keep up with these changes. Companies and institutions must provide their services via numerous channels while ensuring complete data security.

With rigid, proprietary systems this is virtually impossible to achieve and the open source community demonstrates daily that open source code products are more than ready to take on important services. Apache is already the number one. MySQL is on the way up; sooner or later OpenStack is highly likely to become the software of choice for the management of computing centres and OpenAM is one of the best products for access rights based on digital identities. Companies that refuse to use open source are likely to fall behind in terms of function breadth and depth and are unable to offer their clients a comprehensive digital user experience.

The success of open source is measured by its ability to ensure a high level of security and innovation. If openly developed software were not safe, security and innovation would not be possible. Open source thus provides security through transparency – something that does not apply to proprietary software. Companies would do well to keep a good eye on open source solutions.

The author is Simon Moffatt, solutions director at ForgeRock.

Comment on this article below or via Twitter: @M2MNow OR @jcm2m


How will OEMs manufacture the smart factories of the future?

Posted on: September 23, 2022

“By 2025, there will be approximately 27 billion connected IoT devices. Someone is going to have to manufacture these, and OEMs are gearing up to enable as many functions as possible to be integrated into the devices they build.”REGISTER NOW TO READIoT relies on manufacturing efficiency to get massive volumes of devices out into the

Read more

IoT meets the property sector to combat rising energy costs and climate change while increasing property value

Posted on: September 23, 2022

Ericsson released a Connected Buildings Energy Management report in partnership with Nordic property technology company Kiona and Arthur D. Little.

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox