Free and open-source software (FOSS): Pros and cons for security

Open Source Initiative logo.

Free and open-source software (FOSS), as the name suggests, is the crossover between free software and open-source software. While there are similarities between the two, there are some subtle differences worth notingnamely that free software tends to be open-source, but not all open-source software is free. 

The free software movement and its goals

Free software generally covers software that is, you guessed it, completely free to download and use. Richard Stallman, who founded the Free Software Foundation and launched the GNU Project, is largely responsible for the direction that free software has taken over the past few decades after starting the free software movement in 1983. Stallman has noted that the main difference between free and open-source software is that “open-source is a development methodology; free software is a social movement.” Within this context, “free” can also refer to liberty rather than complimentary

The free software movement established the Four Essential Freedoms of Free Software to denote what constitutes free software:

Freedom 0

The freedom to run the program as you wish, for any purpose.

Freedom 1

The freedom to study how the program works, and change it so it does your computing as you wish. Access to the source code is a precondition for this.

Freedom 2

The freedom to redistribute copies so you can help your neighbor. 

Freedom 3

The freedom to distribute copies of your modified versions to others. By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Benefits of open-source software

In the strictest sense, open-source software solely refers to the accessibility of a program’s source code, i.e., that the source code is viewable and can be scrutinized. Speaking more broadly, open-source software is released under a license whereby a copyright holder allows for the use, study, alteration, and distribution of the software in any capacity. Even here at ExpressVPN, we’re no stranger to open-source software with our Leak Testing Tools and browser extension available for viewing and download at GitHub

In contrast to closed-source, or proprietary, software, open-source software relies on transparency. Users are encouraged to use and modify software in any way that benefits them. The idea being that this nurtures engaged and supportive communities that will grow in size. Some pitfalls of proprietary software include cost of purchase/subscription/licensing, limited vendor choices, and little to no scope for customization. This by no means is to say that proprietary software is in any way inferior. In fact, it is important for both competition and innovation. Proprietary software is usually developed for specific uses—Photoshop, Skype, Windows, and macOS are great examples of this.

Security and privacy of FOSS

Advocates of FOSS argue that it is an inherently more secure choice due to its transparency, the ability for users to scrutinize its source code, and its accessibility. Another advantage of adopting FOSS is that security concerns can be immediately addressed, provided that a community base is large enough or if collaborative support literature is available. Open-source in security also means that more stakeholders are available to collaborate to provide multiple viewpoints on problem solving. Linus Torvalds, the creator of Linux, for which Linus’s Law is named for, echoes these sentiments perfectly: “Given enough eyeballs, all bugs are shallow.”

Conversely, critics argue that FOSS lacks dedicated support (although community support can be beneficial given large enough numbers), requires rudimentary technical expertise for problem solving, and is more likely to leave users with no updates because of the high chance of projects being abandoned. Having said all this, it should be noted that there are benefits and pitfalls on both ends of the spectrum. There’s never a one-size-fits-all solution to security and privacy, and the best thing to do is figure out what works best for you personally, which might entail a balance of open-source and proprietary software.

Read more:

Revive your old computer by installing Linux

Ditch Android (and Google) and install LineageOS

Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.