Open source traits lead to secure applications

A disciplined community effort and its unfettered characteristic allow open source to provide a level of security assurance, say Sun executives.
Written by Sol E. Solomon, Contributor

SINGAPORE--The manner in which open source tools are developed lends a level of security assurance to the applications that are built on this model, said Sun Microsystems executives.

Roman Tuma, Asia South software practice managing director at Sun, noted that due to the inherent nature of open source, anyone can review the source codes to look for irregularities that could potentially harm users.

"I do see it as being more secure or more 'transparent' than proprietary software," Tuma said in an interview Wednesday, on the sidelines of this week's Open Source Singapore Pacific-Asia Conference here, where he was a speaker. The Sun executive is also a member of Singapore's National Authentication Framework Committee and the Philippines Ministry of Communication's Advisory Committee on Cyber Security.

While this unfettered trait may seem to create an "unsecured environment", where "developers are all over the place", he noted that it is not necessary to monitor the process too closely to ensure security.

"You know in general, when you give people freedom, you embrace creativity. When you start to police it, some people get scared and will turn their backs [on developing for it]," he said.

The open source community itself is a good deterrent against the creation of harmful codes, Tuma added, noting that developers who introduce bad codes are often severely criticized by their peers.

"When you see people [in the community] try to contribute something that doesn't fit, the [feedback] is very cruel--the person gets 'sloshed' by the community. It is free, but there is a certain level of pride in [being part of the open source community]," he said.

S. Rohit, Sun's Asia South software practice business development director, said the quality assurance process in open source development is "exactly the same" as how it is carried out for proprietary software.

Rohit told ZDNet Asia that a group of open source developers is dedicated to managing the code base. "And they make sure that the quality audits and security checks are in place," he added.

Tuma said an additional level of security is implemented when organizations engage IT vendors to maintain their open source applications.

"When companies like Sun, step in and review the source code, you get a certain level of security into a product," he said. "We take steps to ensure there's a certain level of security, in whatever is delivered to a customer to run its critical applications."

Growing open demand
Tuma is also encouraged by the warming reception toward open source from organizations in the region.

"I think the current economy's helping open source tremendously. And second, businesses realize that the maturity of open source has reached a point where they can seriously consider it for an enterprise deployment," he said.

Another driver in the region stems from open source's potential of "giving people knowledge, basically for free", he noted."I saw recently in the Philippines, a hunger of its people to be competitive. In places like Vietnam, the Philippines and Indonesia, the people are literally trying to equip themselves to be marketable, and that's one of the drivers," he added.

Governments in the region, too, are warming up to open source, noted Tuma.

"I believe, in the next 12 to 18 months, we will see more of open source software in the government sector in Southeast Asia. We already see a lot of it in the Philippines, Vietnam and Indonesia," he said.

According to Tuma, Sun will be stepping up its efforts to encourage greater adoption across Singapore's public sector, given the government's urging Tuesday for the open source community to participate in the country's Intelligent Nation 2015 (iN2015).

Editorial standards