What is Open Source Software (OSS)?

Key principles of open source software development

Guided by the key principles of transparency, collaboration, and decentralization, the open source software model creates code from the community—and community from the code.

Collaboration

Unlike closed source software, OSS is not only available for anyone to use, but also to build on. This has resulted in a global network of contributors who work together on a project by collectively reviewing, testing, documenting, and patching code.

Transparency and security

Open source software development is public, which means all of the work, including the codebase and communication among users, is available for the open source community to see. Transparency instills trust among contributors, paving the way for innovation and play. And since the codebase is public, users are able to quickly identify and fix security vulnerabilities as they arise.

Decentralization

Since the community develops the code—and since no one person or company owns that code—open source is an inherently decentralized form of software development that comes with fewer silos, bottlenecks, and barriers to entry.

Why is open source important to your business?

Open source is an invaluable technology and framework that continues to define how organizations approach software development—which is why you’ll find OSS components in most commercial codebases today. The benefits of open source software are myriad, but here are just a few key examples of why businesses and developers alike continue to invest in the model:

• Flexibility and customization. Since you can alter the source code to meet your exact needs, OSS offers wide-ranging flexibility and freedom when it comes to building new apps or improving upon an existing solution.

• The latest technology. With its emphasis on transparency, collaboration, and decentralization, OSS fosters some of today’s most innovative projects. Many of these projects, like Linux and Apache, go on to become major industry leaders.

• No vendor lock-in. No lengthy contracts with technical vendors mean more budget and bandwidth to experiment with a variety of tools and integrations.

• Cost savings. OSS source code is free, resulting in a lower total cost of ownership compared to proprietary or closed source solutions.

• Community support. OSS projects tap into the expertise of a developer community. The community makes contributions all throughout the development, review, and deployment process, resulting in quicker updates and fewer vulnerabilities.

On an enterprise level, OSS benefits open source enterprises by modernizing all aspects of the software development lifecycle. Luxury auto brands use OSS components to build faster processes and accelerate software delivery while Fortune 500 companies rely on enterprise platforms to consolidate and centrally manage code. With the assistance of OSS, enterprise organizations enjoy seamlessly integrated code, fewer silos, and the ability to ship software securely and at scale.

How does open source software work?

Open source code is typically stored in a public repository, or repo, which anyone may access, contribute to, and share (depending on permissions). Contributors upload new versions of the code to the project, building and improving on the existing work to deliver new features and updates. All the work is performed publicly in the repo so that anyone may add to it.

The code usually comes with a license, which defines what a user can and cannot do with the software. Some licenses are permissive and allow you to use and distribute the code for any purpose, while others may require that you explicitly log any changes when you share. Other licenses may stipulate that all copies of the source code be free and available for public use. Some of today’s most popular licenses include:

• MIT. The MIT license carries very few restrictions on what can be done with the source code, which makes it the most permissive and widely used free license. All the license requires is that future versions of the code must include the original copyright notice and a copy of the license itself.

• GNU General Public License (GPL) v2. Created by the GNU Project, GPLv2 explicitly requires that source code be made available for public use. GPLv2 is also a copyleft license, which means that any version of the source code must also be released under the same license, GPLv2.

• GNU GPLv3. Like its predecessor, GPLv3 also requires future versions of the code to be released under the same license. Unlike GPLv2, GPLv3 is compatible with the popular Apache 2.0 license, specifically addresses patent rights, and does not require that source code be made available to the public.

• Apache 2.0. Much like the MIT license, the Apache 2.0 license is a popular and permissive software license that allows users to do anything they want with the code—so long as they log any major changes made.

The pros and cons of open source software

Even within enterprise organizations, OSS has reached new heights of mainstream growth and adoption, heralding in a culture of collaborative software development—and a higher return on investment (ROI). Still, open source isn’t without its disadvantages. Let’s look at some of the pros and cons:

Pros

• Cost. OSS tools come with freely available source code, resulting in a lower total cost of ownership.

• Innovation. OSS encourages creative problem-solving among users. Users can make as many or as few changes as they want—or even build an entirely new app of their own.

• Faster updates. Thanks to its network of contributors, OSS projects tend to implement bug fixes more quickly when compared to closed source solutions.

• Faster time to market. When it isn’t viable to build your own solution from scratch, incorporating open source code can help your product get off the ground fast.

• Trust and transparency. Because all the work is publicly available, users can trust that active projects are being properly maintained by the code’s community.

• Developer buy-in. Developers stand by open source for its familiar processes, culture of collaboration, and efficiency. IT leaders are more likely to select a vendor who contributes to open source.

• Learning opportunities. Public repos provide new developers with a plethora of hands-on resources, as well as a built-in network to turn to for support.

Cons

• Steeper learning curve. Due to its developer-centric processes, interface, and culture, OSS can be harder to pick up among non-coders.

• Less polish overall. Some OSS projects are small, still in beta, or no longer being maintained, which means they may be less reliable for production-ready use.

• Licensing issues. There are hundreds of open source licenses in the wild, and some of them are very detailed and specific. If you’re working with a complex tech stack, keeping track of all your license agreements can get tricky.

• Liability issues. Unlike closed source software, open source software typically does not come with a warranty or liability protection. The user is solely responsible for maintaining compliance standards, which can create issues in the long run.

• Security issues. Though many platforms now have application security (AppSec) tools and practices in place, OSS has historically been considered a less reliable option among enterprise companies—and the stigma may still linger.

Popular open source software

Open source is engrained in the very foundation of modern development, powering the apps, tools, and frameworks that organizations use every day.

Here are just a few examples of some of today’s most popular open source apps:

• GNU/Linux

• Mozilla Firefox

• Ruby on Rails

• VLC Media Player

• jQuery

• Node.js

• Kubernetes

• GIMP

• BASH

Build secure, open source code

An open source codebase is only as safe and as secure as its contributors, which is why security needs to be addressed at the community level. Today, many organizations are taking a shift left approach to security. While security experts traditionally perform audits at the end of a DevOps lifecycle, the shift left security model encourages developers to take a proactive approach to security during every step, from start to finish.

To help your team code securely along the way, you may want to consider adopting new AppSec tools and processes. GitHub Advanced Security assists in identifying and fixing reported security vulnerabilities, errors, and dependencies through code scanning. And with the help of continuous integration and continuous delivery (CI/CD) platforms like GitHub Actions, developers can now automate this process, as well as their build, test, and deployment pipelines, right from where they code.