The impact of open source on cybersecurity
Open-source software is one of the most innovative developments of the past few decades. Open-source is code that is publicly available and editable. While this sounds dangerous for security, it can actually significantly improve it by allowing anyone to fix errors. Applying the open-source methodology of collaboration to cybersecurity can greatly affect everyone’s security.
When the Internet was new, issues of security and credential theft were primary concerns. Now, consumers are pressuring vendors to be transparent with data collection, vulnerability disclosure and security weaknesses. Open source provides transparency, but more is still needed to develop collaboration between the communities.
I have developed applications to provide the privacy and protection that organizations need, using open source much more securely and cost-effectively than the proprietary alternatives. Here are some tips organizations can use to realize the benefits of the open-source development model, proactively protecting your users and assets.
Should you pay the ransom?
Using open-source software with cybersecurity
Using open-source software can help organizations keep their technology more secure. From a cybersecurity team’s perspective, with a smaller development team, it is easier to keep publicly available software up to date against the latest exploits than closed-source software.
Since open-source code is visible to the public, anyone can find and fix bugs and exploits that the developers might have missed. Bug bounty programs, which offer rewards to anyone who identifies an error or vulnerability in a computer program, now play a role. Bug bounties can be found throughout the big tech space, including Google, Microsoft, Facebook, Apple, and some smaller firms.
Furthermore, if several large organizations are using the same open-source software, several large cybersecurity teams may be going through the code. Using open-source software makes securing a company’s technology collaborative, allowing better security for everyone involved.
The difference open source can make in cybersecurity
Rethinking the role of open-source software can change cybersecurity by making defense a collaborative effort. Without open-source security, each company’s cybersecurity teams are solely responsible for their own security. Open-source defense tools becoming mainstream would benefit every company that uses an open-source tool because, when a company fixes a bug or adds code to strengthen their systems, they strengthen the defense of every other company that uses the same open-source software.
Unifying cyber-defense benefits not only small companies who would otherwise not have the capability to create a strong defense but also larger companies. These larger companies often fall into the trap of spending money on cybersecurity tools without knowing what they really do. They tend to think that the bigger their cybersecurity budget, the more secure they are. In reality, many of these tools are redundant or unnecessary, and even the best cybersecurity defenses leave gaps. Collaboration among cybersecurity tools creates a unified, stronger defense against cyberattacks by closing these gaps. When one team fixes an exploit, that exploit will not work against any other organization.
Open source can also make strides in email security solutions and defense. Affordable and unified software can play a big role in the face of a cyberattack and in protecting business email. Because of the availability and transparency of open-source code, these products can be engineered to achieve superior levels of quality, reliability and security over a longer time than projects that do not use the open-source development model.
Leveraging open source can be powerful
Before starting Guardian Digital, I worked for UPS, where I found an easier way to develop open-source security applications than the proprietary alternatives at the time. Although open-source software is more popular than ever—open-source development is now the focus of some of the biggest technology companies — the cybersecurity world has fallen behind. It has yet to take advantage of open source.
Cybersecurity companies rarely collaborate, meaning that even if a company develops an innovative new tool or software, it will likely not spread very far, leaving others open to attacks that already have solutions. Many attackers utilize open-source code and collaboration to develop their attacks, and defenders doing the same can strengthen the security of every user.
Phishing simulations & training
Key takeaways
Primary concerns about the internet’s integration into society may still be ongoing, but the focus has shifted to vendors offering full disclosure of data collection, vulnerabilities and security weaknesses. Innovation and businesses are continuing to grow, and so should the reliability of the systems and infrastructure these organizations use.
Open source is a community built on visibility and collaboration, which may prove to be the most resourceful tool in the cybersecurity industry.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- The impact of open source on cybersecurity
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization