Application Security Testing: An Integral Part of DevOps
Open Source is a type of software distribution that allows the user access to the program's source code, to view the source code, modify it, and redistribute it to others. Contrast this with the more traditional closed source software distribution that has dominated the retail software market for decades, whereby the user only gets the executable version of the program, not the raw source code itself. The source code is a tightly guarded secret, and redistribution or resale is strictly prohibited.
On the surface, the difference between the two methods seems simple enough, but the differing philosophies have been enough to spark one of the most heated technology debates of the last decade between adherents to each camp. This brief look at the major tenants of open source isn't looking for answers to the question of which method is better or who's supporters are right; I'm just presenting some of the basic facts that make open source what it is.
Two of the most well-known open source projects are the Linux operating system and the Apache Web server. For either of these, you can get the full source code to compile or change yourself to run on your systems. Contrast this with the Windows operating systems or the IIS Web server, for which you can't see or modify the source code. In fact, in early 2004 when some older Windows source code was leaked, Microsoft immediately made a major effort to locate the leak's origin and put a stop to the widespread source distribution. A major tenant of a closed source system such as Windows is that the owner (in this case Microsoft) keeps very tight control over who is allowed to even see the source, seeing the source as valuable property that if leaked and shared diminishes its commercial value.
Linux and Apache, on the other hand, are built on the philosophy that the more programmers who have access to the source code, the more people there are who will freely make improvements to the code or come up with new ideas for new software built from the code. So, the code is available and users are encouraged to learn how to make changes to the code on their own and submit their changes back to groups who try to keep a master set of the main code for others to work from. If you have an idea for new software that builds on Linux, you can get the core Linux source code, add the code for your new application, and redistribute both the Linux code and your addition, an option you don't have if you write a new application for Windows, for example.
This difference in code models is usually spelled out in the software's licensing agreement. When you install Windows, for example, you agree to a license agreement that prohibits many types of activities. For instance, the Windows End User License Agreement (EULA) prohibits disassembling or reverse engineering the Windows product, actions that would enable you to read the source code. The version of the EULA with the retail single user copy of Windows prohibits you from making copies of the software or from running it on more than one computer at once.
Contrast this to the GNU General Public License (GPL)—the most commonly used licensing agreement in the open source movement. With GPL software, users are allowed and encouraged to make copies of the software, modify it, or further distribute it, provided that if they add modifications, they make the source code for those available and they always operate under the GPL themselves, so that others on down the line can also make further additions or changes. You can even sell open source products, provided that a customer is willing to pay for them, as long as you comply with the requirement that the source code is freely available or available for a nominal charge to cover the duplication cost of the media (CDs or DVDs, for example). Software companies that distribute open source products base their businesses off of selling service contracts to support the software, guaranteeing compatibility with other systems, or other business plans that don't depend on selling the code anyone can freely distribute.
Linux is licensed under terms of the GPL, which helps explain why there are so many different versions of Linux (Red Hat, Debian, SUSE, and so on) while Windows of course is only available from Microsoft. Apache software, including the Apache Web server is licensed under the Apache License which is similar to the GPL to be compatible with GPL distribution, but with some minor licensing differences compared to GPL.
The Linux OS and Apache Web server are just two of tens of thousands (or more) applications that are distributed in the open source model. There are games, office productivity tools, databases, software development tools, literally any category of software that exists has open source options. And with any of those options in open source, you can modify the code if you have an idea to make it better and redistribute it. Or if you find a bug, you can fix the code and provide the fix to others rather than waiting for a set of programmers at the software vendor who are the only ones who can access the code to be the ones to fix it when they can.
Open source models have been tried with only limited success in non-software businesses. For example, some publishers and authors have attempted to mimic open source publishing for books and articles, publishing their work under terms of the GPL or similar open licenses. For the most part, those have not been commercially successful to the extent that open source software has found success with Red Hat Linux or MySQL (an open source database) in the software world. And the non-software open source businesses haven't achieved anywhere near the market share in their categories that open source has achieved in the software world.
Jim Minatel is a freelance writer for Developer.com in addition to working with Wiley and WROX publishing.