Open Source: No Handcuffs, Freedom, and Maybe Problems

July 26, 2019

DarkCyber has noted the use of open source technology in policeware (software and systems for law enforcement) and in intelware (software and systems for intelligence professionals). The reasons mentioned to me when I get a demonstration include avoiding the handcuffs clicked on when one licenses proprietary software, the ability to get bug fixes and enhancements without waiting for the proprietary software vendor to get around to these adjustments, and a bigger pool of technical talent from which to draw. “12 Challenges Businesses face when Using Open-Source Software” does a good job of identifying some issues to consider when adopting open source code.

Let’s look at three of these which I have encountered in the last few months. I won’t name the vendors of the policeware and intelware systems, and if you want the other nine “challenges”, please, navigate to the original article.

Here are the three “challenges”, which in some cases may be deal breakers:

Cost. Note that the article pegs cost last in the list of 12 issues. My thought is that cost in the number one consideration. I have heard, “Our software is more value centric because we use open source software.” My response is, “So the license fees is reduced, but what about the cost of support, training, and coding special widgets to get the system working to meet our specifications?” No policeware or intelware system is “cheap.” Less expensive than another product, sure. But in terms of headcount, direct and indirect system costs, and time — vendors often understate costs and licensees say “Wow, I’ll go with you.”

Compatibility. Because a chunk of code or a system is open source and perceived as open, the software may not be compatible with one’s existing code. More problematic, the assumption that open source can happily ingest whatever “common” or “database” content one wants to have the open source software process. Think in terms of finding, licensing, or writing “filters,” “import routines,” or “file conversion” routines. Vendors of proprietary software may not have what you need, but you can buy filters from a cheerful sales professional or directly from the company. Working out “compatibility” can be expensive and slow down the process.

Mystery Sources. Open source is perceived as one way for a developer to demonstrate his open sourciness and his expertise. However, intelligence agencies in some countries create or contribute code to open source projects. Assuming that what looks like a benign tool may prove to be somewhat problematic. How problematic? Data about compromised open source software are elusive. In the US, third parties who use open source software for projects sub contracted by a prime contractor can be a vector for backdoors, exploits, and malware. Paranoiac project managers and contracting officers may wish to ponder this issue. Legalese will not reduce the aperture for fancy dancing.

Is open source inherently more risky than proprietary solutions? No, risk is about equal. Proprietary software is fraught with problems. So is open source. That’s a point of fact that is often glossed over.

Stephen E Arnold, July 26, 2019

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta