By making their source code freely available, developers of open source software rely on the power of the wider community in order to help them audit and improve their code. Not only this but also by involving the wider community of users in the development of software, a broader spectrum of ideas is put forward for consideration.
Open source cybersecurity software presents some unique challenges and requires different considerations for most other types of software. It is the nature of cybersecurity software that mistakes have potentially very serious consequences. It is therefore important to understand the challenges that utilizing open source cybersecurity software presents.
Intuitively, you would be forgiven for thinking that it would be more secure to utilize closed source software. After all, isn’t opening up the source code for a piece of cybersecurity software akin to banks making the blueprints of their buildings available to anyone? In a way, this is true, however, there are some subtle but crucial conceptual differences between physical security and cybersecurity.
The power of open source software lies in the fact that anyone can view it, audit it, and add to it. This leads to many variations of open source software being produced and distributed, with a core development team generally directing the overall development of the software. It is this central team who ultimately decide which changes to adopt from all of those suggested by the community.
Therefore, while anyone can contribute to open source software, not every change will be adopted. This serves as protection against efforts to poison the code by hiding malicious features within it. However, while careful auditing will prevent clearly malicious code from being added, there is still the potential for an attacker to disguise their malicious code within a genuinely useful feature or addition.
The only way to mitigate this threat is to extensively test the software, and ensure that auditing goes beyond just looking over the code.
No centralized support service
While there is usually a core development team, who are able to provide technical support to anyone who needs it, at the heart of any open source project there is also often a point where they will pass the project to the community, or move on to new projects. When this occurs, users are often left without anywhere to turn when they need technical support. In many cases, tech support comes from the community. This means that users who are having issues will post their questions online, usually on the forums or message board of the development team’s website.
For some people, this is a further demonstration of the way that open source software encourages users to come together and assist one another. This demonstrates the power of open source, but it is less than ideal for a business, who would be better served by being able to contact a dedicated support team when they have issues. Given how important cybersecurity is to businesses, time spent waiting for a response on a message board to what might be a rather obscure issue is the time that they can ill-afford.
Evaluation is only as good as the community
Open source software relies upon the community to audit and vet the code, as well as propose any changes or amendments. However, while this process can be very powerful, allowing a much wider range of ideas and suggestions to be introduced, the process is only as good as the community involved. In the case of cybersecurity software, mistakes can have dramatic consequences. Allowing an error to slip through the net in the development of cybersecurity software can undermine the security of an entire network.
There are no guarantees about the community that is involved in any given piece of software, there is no way of divining the motives of the individuals within the group, and you never know how many of them are actually experienced and knowledgeable enough to be proposing and making changes. The benefits of open source software quickly evaporate when the community is not performing their assumed role in the process.
Your threat detection could be compromised
Different individuals and organizations will have different security needs. But regardless of the specifics, there are some universally applicable concepts. For example, every organization needs a strategy for threat detection. Cybercriminals are developing more sophisticated methods of attacking systems and networks, therefore requiring more sophisticated tools for detecting and preventing those attacks. This quickly develops into a cat and mouse game, whereby the attackers discover a vulnerability, cybersecurity teams develop a method to prevent it, and the attackers find their way around the new defenses.
For example, if a network administrator discovers that there is suspicious traffic coming from a particular IP address, they can block that IP from connecting to the network. In response, the attacker arms themselves with a VPN or a proxy, which disguises the IP address. However, while they are now connecting with a new IP address, the cybersecurity team can just as easily block this one. In this case, the attacker can switch to using a rotating proxy. A rotating proxy, much like a VPN, is a tool with innumerable legitimate uses that can be re-purposed to be used as an offensive cyber weapon.
With open source cybersecurity software, a potential attacker can audit the code themselves and look for weak points. In particular, they will look for ways to bypass threat detection. With cybersecurity teams increasingly relying on, admittedly very sophisticated, automated tools for their threat detection, an attacker who can bypass them has a significant advantage.
Open source cybersecurity software should be used with caution, and you should be very careful about which software you choose to use. However, an advantage of open source software is that it can be vetted and audited on a much larger scale than would otherwise be possible.