Open-source software makes up some of the most incredible collaborative projects of modern times. It is not uncommon for community projects to have over a thousand unique contributors. Even major companies will open up important software to public contributions. But why is it that so many individuals and organizations alike are willing to release this software into the world for free? Should any software really be closed-source?
To start, I will look at the reasons companies decide to lock down their projects and keep their code hidden away from prying eyes.
Security
I have found enough security vulnerabilities in my workplaces to make you scared to trust anyone with your data. The vast majority of these exploits were low, or even zero-skill attacks. The amount of major security issues that are merely obscured behind closed-source software is harrowing. In the wild, I have seen fully unprotected API endpoints that expose sensitive user data and had been in production for years. Their only protection was their ability to be slightly difficult to find.
At one place of employment, I was informed that we wrote our own storage network for sharing important company documents. Of course, I had to take the opportunity to perform a mild audit of our systems. Within only a few minutes I had discovered an exploit that allowed any unauthenticated user full access to our confidential company docs, so long as the user knew the URL to access our files.
Security through obscurity is not an acceptable means to protect your software and user data. I trust software that has been used and collectively audited by thousands of users much more than the software that is written by a team of five developers under tight deadlines.
Profitability
Protecting a company's assets is a clear and understandable motive for keeping a project closed-source. To be honest, I cannot dispute this point much. If you write a video game, but release the code as open-source, then it is likely very few people will pay you for the work you did. Why buy something you can easily and legally get for free? Sometimes all a company can offer you is the hard work they put into a piece of software, and they want to get paid for all that work.
If money is at risk, then why would any company even consider releasing their code for free to the public?
So why is open-source great?
Security
The same title twice? Yes, I am operating at capacity here, the creative juices are flowing at 100%, bear with me.
As stated before, I am inclined to trust a project that has been extensively tested by the community. If a particular software has tens of thousands of users and many contributors working together, it is unlikely that some sneaky malicious code or glaring security vulnerabilities can find their way in. If the authentication in Python's Django released an update that allows users to easily set their own permissions to admin, it is almost impossible that would go unnoticed.
Security through obscurity is hardly better than security at all. I would always prefer to know that the software I use has undergone tremendous amounts of peer review and auditing. Opening up a project to such a high level of scrutiny may help reveal more bugs and security issues than a closed-source equivelant, but this is a fantastic thing. The sooner and more urgently an issue can be brought to light, the quicker it will be fixed. This is especially true if there is an army of developers ready to help out with the code they love or depend on.
Free Development
While an application may be less profitable if its codebase is available to the public, work does not come cheaper than free. If a large company is willing to maintain, support, and market their own open source software, they could attract hordes of developers to literally work for free. If there is good, useful, open-source software, the developers will flock to it.
If your software is essentially written by the community for free, that gives your company a lot of wiggle room for profits. Take Canonical, for example, much of their software is entirely open source. Ubuntu can be downloaded and used completely for free, has a thriving community for support, and the building blocks for Ubuntu are largely written by the community. Canonical is a very successful company that is still able to monetize mostly open-source tools. They are able to transform volunteer work from developers all around the world into a profitable business through their services and support.
Summary
I believe in free and open software and information. Whenever possible, I think it is best to allow a community access to the codebases they use. If I see that a company is providing FOSS, they nearly immediately gain my respect and attention. While some formats are not as plausible with the FOSS model, I believe that most software is. If a codebase can be made public to help its users, the company that maintains it, and otherwise contribute positively to the programming community as a whole, then I think the answer is always to let that code be free.
