Source Code: Open-Source Vs Proprietary

I get asked by people all the time. What is the source code? Source code contains everything a program needs to run including coding functions like variable declarations, instructions, functions, loops, and other statements that tell the program how to function.

Beyond providing the foundation for software creation, the source code has other important purposes, as well. Developers can use the source code to create similar programs for other operating platforms for example if a program that was designed for Windows needs to now run on a Mac. Access to source code also allows programmers to contribute to their community, either through sharing the code for learning purposes or by recycling portions of it for other applications like the old saying goes why reinvent the wheel.

Typically, proprietary software vendors like Microsoft don’t share source code with customers for two reasons: to protect intellectual property and to prevent the customer from making changes to source code in a way that might break the program. Proprietary software licenses often prohibit any attempt to discover or modify the source code.

Open-source software, on the other hand, is purposely designed with the idea that source code should be made available because the collaborative effort of many developers working to enhance the software can, presumably, help make it more robust and secure. Users can freely take open-source code under public licenses, such as the GNU General Public License.  The security issues come into play when hackers use source code to find vulnerabilities in the software to attack, steal trade secrets, or reverse engineer code to avoid paying for software.

The other security issues with source code are programmers may also add comments to their source code that explain sections of the code. These comments help other programmers gain at least some idea of what the source code does without requiring hours to decipher it. Comments can be helpful to the original programmer as well if many months or years have gone by since the code was written. You can see how these comments can be an issue because they explain how the software works and makes the hacker’s life much easier.

Source Code is a valuable thing since you can compile it and use the software for free that you would normally get charged for using. For hackers, it tells them how the software works behind the scene making it much easier to find and create vulnerabilities.  Back in 2012 VMWare Got Source Code Stolen. In 2017 Microsoft fell victim to having source code stolen as well.  

Open-sourcing code makes it less of a target since it’s free and anyone can read it and find bugs. Offering bug bounties is a great way to get hackers to report bugs to you. A bug bounty is a sum of money offered by the software manufacturer to hackers to report bugs to them instead of selling them on the black market. Businesses like HackerOne have perfected the bug bounty business by offering a platform for manufacturers and bug bounty hunters to interact.

The issue is proprietary code as you would not want to open that up to hackers even in a bug bounty program cause some hackers would join the bug bounty program just to look at the code. I think this is an issue was can do our best to combat but since we can’t release all software openly we will always have issues like this going forward.