David Sudjiman

“Would you buy a car with the hood welded shut?”[ZDNET 2000]. Most people would answer no [ZDNET 2000]. Microsoft and other non-Open-Source software company have deliberately obstructed the availability of software source code. This practice, although adopted by many software companies, will lead to security problem as customers and users have no access to look inside the software product nor having the access to audit it. The customers and users should have the right to know what is inside the software and not just receive blind quality assurance that the software will not contain any secret code.

An approach presented by Open Source Initiative (OSI) and GNU GPL (GNU General Public License) provide software with several criterias and one of them is the availability of the source code in every software distribution. Using Open Source Software will lead to the freedom that customers or users will not fall into the pitfall of software licensing litigation, secure, and more ethical [Wheeler 2005]. Thus, the presence of source code will allow customers and users to have access to look inside the software product and have the chance to audit the software.

Introduction

The Open Source movement basically is an idealism to provide source code for every software released [Open Source 2005a]. During its movement and advocacy, Open Source then builds its more specific definitions describing several criterias how can software be categorized or licensed under Open Source definition. The other popular Open Source-like initiative is GNU GPL (GNU General Public License). GNU GPL offers 4 criterias, often called as software freedom [GNU 2005a], which are similar demand to ethically provide software’s source code [GNU 2005a]

These types of licensing are not only promoting the idealism to share among programmers and users to make the software evolves better. The other important thing about this licensing method is to promote transparency inside the software itself. The benefits of having the source code available at anytime to anyone will lead to openness and assurance that nothing hides inside the software. This is why the Open Source is important from the side of software security. The availability of source code for each software ensures that everybody can have access to fix the problem. Although there possibility to inject malicious code inside Open Source product, there will be impossible to do it as the source code is available for the rest of the world [GNU 2005b].

Position Support

The law should conform to ethics, not the other way around. Nor does current practice decide this question, although it may suggest possible answers. The only way to judge is to see who is helped and who is hurt by recognizing owners of software, why, and how much. In other words, we should perform a cost-benefit analysis on behalf of society as a whole, taking account of individual freedom as well as production of material goods.
[GNU 2005b]

Following the idealism to provide source code for every software released, several software products and developers start to use this licensing method and start to release its software with the awareness of open source idealism. Currently, there are more than 50 software products that categorized using Open Source-like licensing method. The names like Apache, GNUGPL, BSD, IBM Public License, Intel Open Source License, MIT License, NASA License, and Nokia Open Source License are licenses that have similar idealism [Open Source 2005b].

The Open Source Initiative (OSI) defines 10 criterias to abide [Open Source 2005c].

1. Free Redistribution.
2. Source Code.
3. Derived Works
4. Integrity of the Author’s Source Code.
5. No Discrimination against Persons or Groups.
6. No Discrimination against Fields of Endeavor.
7. Distribution of License.
8. License Must Not Be Specific to a Product.
9. License Must Not Restrict Other Software.
10. License Must Be Technology-Neutral

These criterias ensure that programmers will have the access to read the code, to redistribute, and to modify [Open Source 2005a].

The other similar initiative is GNU GPL (GNU General Public License). GNU GPL offers 4 criteria, often called as software freedom [GNU 2005a].

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

If users or programmers have the access to the software product, it will be easy to fix the problem anytime by anyone and will reduce the dependency to the software developer, thus it will reduce the cost for not being dependent. This is one the main right that people should be aware of if doing outsourcing Information System software.

From his article, Ruffin, in Register 2005, brought up the idea that Microsoft, using its closed source, has perform insufficient work to deliver secure software by not giving the source code to the customer or available to public.

This will, of course, give difficulties to the users to access the code and make customer helpless to maintain its security assurance standard.

Several misunderstanding about source code availability are mostly untrue and merely because of lack of research. There are several myths that put people in fear to not make the source code available and these items even more important to defend the facts why software should be provided with the source code.

1. The source code availability does play important role for many people.[Wheeler 2005].It is true that not many people need to see the source code as not many people will have the knowledge to understand what is happening inside it. But it is not the reason that vendor should keep the source code from the customers. Customers should have the power to have the transparency to see if the software is free from hidden code and customers should have the control over the software and not the software vendor has the control over the customers. [Wheeler 2005]Although the customers mostly do not have the knowledge, what about the developer that available throughout the world that has the capability to add better features to the software or even fix the software bug. [Wheeler 2005]If the source code is not available, the dependency level to the software vendor will be high and no customers will have any right to modify what their pay using their own money. [Wheeler 2005]
2. The source code availability does not mean insecurity. [Wheeler 2005]It true that if the source code is available it ca also have the change for hackers to intentionally put hostile code and distribute it. However, the chances are likely rare or almost impossible as another people will have the chance to view the modified code as well and find out that the software has been altered. [Wheeler 2005]It is also need to understand that closed source software vendors do not even produce better software compared to open source software. For example, Microsoft Windows, as the example of closed software, has more insecurity problems compared to open source software [Wheeler 2005].If the open source software is not secure why is Apache web server, and open source software, had 68.43% of the market, Microsoft had 20.86%, Sun had 3.14%, and Zeus had 1.19% (Netcraft, as cited in Wheeler 2005).If the open source software is not secure, why Sendmail had the largest market share (42% of all email servers), followed by Windows Microsoft Exchange (18%), Unix qmail (17%), Windows Ipswitch IMail (6%), Unix smap (2%), UNIX Postfix (formerly VMailer, 2%) and Unix Exim (1%) (Bernstein, as cited in Wheeler 2005).
3. The source code availability does not impose the restriction to gain economic value.[Wheeler 2005]People were afraid if the software source code provided, there will be no chance to gain economic value of the software. On a contrary, IBM builds and maintains mutual partnership with open source software vendors such as Red Hat and Novell’s SuSE who also make some economic value out of it, by supporting IBM servers. [IBM 2005]There is more, HP as cited in Wheeler (2005)[Wheeler 2005], reported US$ 2 billion sales related to GNU/Linux open source software and IBM, as cited in Wheeler (2005), reported that US$ 1 billion investment on GNU/Linux was back in only one year.
4. The Source code availability will not destroy intellectual property.It is certainly not. Open source software equipped them with GNU/GPL licensing and Open Source licensing method.One of the most common copyright from GNU/GPL is available on http://www.gnu.org/licenses/gpl.txt provides intellectual property protection thus giving more flexibility to other who wants to view the source code.Following the idealism to provide source code for every software released, several software products and developers start to use this licensing method and start to release its software with the awareness of open source idealism. Currently, there are more than 50 software products that categorized using Open Source-like licensing method. The names like Apache, GNUGPL, BSD, IBM Public License, Intel Open Source License, MIT License, NASA License, and Nokia Open Source License are licenses that have similar idealism [Open Source 2005b].
5. Open source software has no support better than closed source companies [Wheeler 2005]This is not true. Wheeler (2005) provides some several facts that closed source software companies are not doing better support than open source companies such as Red Hat, Novell (SuSE), Mandriva (formerly MandrakeSoft), and Canonical Ltd. Other facts that even more surprising, that community support has proved to be better support by being more responsive than being dependent to closed source companies. These things can be done by making the software source available to public so more and more people could help. [Wheeler 2005]

Conclusion

To conclude, as more and more closed source software building an image that software source code should not be available to customers and users, there are proved facts that the availability of a source code will be important to people, produce security, could be used to gain economic value, and will even emphasis the intellectual property rights.

Customers do not have to be always right, but the customers’ right should be treated properly as the customers are the main issues where business can survive. Instead driving the customers’ right into a blind way, considers grabbing the customer by providing transparency that will certainly build more trusts.

Bibliography

Arstechnica 2005, Anti-Microsoft group wants Microsoft to scrap Vista, viewed 20 September 2005, http://arstechnica.com/news.ars/post/20050809-5191.html

BSD 2004, Welcome to www.bsd.org!, viewed 13 August 2004, http://www.bsd.org

FreeBSD 2004, FreeBSD: The Power to Serve, viewed 13 August 2004, http://www.freebsd.org/

GNU 2004, GNU Operating System Free Software Foundation, http://www.gnu.org

IBM 2004, Linux at IBM Solutions, viewed 13 August 2004, http://www-1.ibm.com/linux/va_4049.shtml

Kernel 2004, The Linux kernel Archives, viewed 13 August 2004, http://www.kernel.org

Linux 2004, Linux Online, viewed 13 August 2004, http://www.linux.org

McNurlin, BC & Sprague, RH 2004, Information System Management in Practice, 6th edn, Prentice-Hall

NetBSD 2004, Welcome to the NetBSD Project, viewed 13 August 2004, http://www.netbsd.org

Olson, MA 2002, A Business Case for Open Source, viewed 13 August 2004, http://news.com.com/2010-1071-901341.html

Open Source 2004, Open Source Initiative, viewed 13 August 2004, http://www.opensource.org

OpenBSD 2004, OpenBSD3.5 Free, Functional & Secure, viewed 13 August 2004, http://www.openbsd.org

Oracle 2004, Gartner Dataquest: Oracle leads on Linux with 360% growth, viewed 13 August 2004, http://www.oracle.com/technologies/linux/index.html

Perens, B 2004, Free Software Leaders Stand Together, viewed 13 August 2004, http://perens.com/Articles/StandTogether.html

Prasad, GC 2003, The Practical Manager’s Guide to Linux: Can you profitably use Linux in your organisation?, viewed 13 August 2004, http://www.lannetlinux.com/mgr_guide/Manager’s-Guide-to-Linux.html

Raymond, ES 2003, Halloween IX: It Ain’t Necessarily SCO: A point-by-point rebuttal of the amended complaint filed against IBM on 16 June 2003 by Microsoft’s new favorite sock puppet, viewed 13 August 2004, http://www.opensource.org/halloween/halloween9.html

Raymond, ES 2004, Halloween X: Follow The Money: In which we learn the extent of SCO’s sock-puppet relationship to its masters in Redmond, viewed 13 August 2004, http://www.opensource.org/halloween/halloween10.html

Raymond, ES 2004, Halloween XI: Get The FUD: in which we consider the implications of Microsoft’s laughably misnamed Get The Facts roadshow, viewed 13 August 2004, http://www.opensource.org/halloween/halloween11.html

Security Focus 2005, Hidden-code flaw in Windows renews worries over stealthly malware, viewed 20 September 2005, http://www.securityfocus.com/news/11300

ServserWatch 2005, Real World Open Source: Security, viewed 20 September 2005, http://www.serverwatch.com/tutorials/article.php/3526826

Sudjiman, D 2004, David Sudjiman’s Personal Homepage, viewed 13 August 2004, http://www.davidsudjiman.info

The Register 2005, Microsoft, terrorism, and computer security, viewed 20 September 2005, http://www.theregister.co.uk/2001/12/14/microsoft_terrorism_and_computer_security/

Wheeler, DA 2004, David A. Wheeler’s Personal Homepage, viewed 13 August 2004, http://www.dwheeler.com