Last Updated on March 16, 2023
Open source software has been an important part of the IT landscape since at least the 1990s. Released under a license that grants users the right to examine, modify and redistribute the software as well as use it, open source code is often developed in a collaborative, public environment where potential enhancements are openly suggested.
But having earned its stripes long ago, has open source become “part of the furniture”? Something that everybody assumes they “get” and when there might be more to the story?
In the world of security software in general and device management in particular, open source has found a highly competitive niche. That’s why we invited Mike McNeil, CEO at Fleet Device Management, to join a recent episode of The Virtual CISO Podcast. Hosting the show as always is John Verry, Pivot Point Security CISO and Managing Partner.
Transparency has both business value and coolness
A former open source developer, Mike is passionate about the open source value proposition, especially as it pertains to security.
“You want to be able to see the code, as someone using it,” Mike explains. “You want to be able to modify it, even fork it, potentially, so you’re not locked in.”
Mike also touts the value of being able to view the device management code that monitors our computers. With Fleet Device Management, which is based on the widely embraced osquery project, there will soon be a desktop component that lets you can see what the software is monitoring on your computer.
In the security and compliance realm, it’s a significant benefit to easily understand the data you’re getting and to easily validate its authenticity and relevance—as well as the fact that it was appropriately and ethically captured.
Doing more for less
Because open source solutions are self-managed and often have a “developer-centric” look and feel, they cost far less than most proprietary offerings.
But that doesn’t mean open source doesn’t offer strong features and quality. In the case of a popular tool like osquery, there is a whole developer community working in the background to refine and extend the code.
“It has all the challenges and opportunities of any product development process,” Mike notes. “The difference is just that it’s all out in the open.”
New features to support new use cases often get their start in the form of “pull requests” that anybody can take on. It’s all in the public domain. The friction of having to take up a feature request with a software vendor disappears.
“You can’t skip quality, so you still have to do all the things you need to do to merge that into your coding conventions,” clarifies Mike. “It doesn’t necessarily mean that code gets merged faster. It just removes the barrier to entry for people suggesting or showing what they actually want to happen.”
To listen to the podcast with Mike McNeil from Fleet Device Management all the way through, click here
Interested in the security and legal implications of free open source software (FOSS)? We recommend this blog post: Free Open Source Software (FOSS) Risks
Free OWASP ASVS Testing Guide
If you are just learning about OWASP’s testing standard or are considering the best way to prove the security of an application, this guide is meant for you!