Options for open source
At some point in the near future, concerns over this type of corporate and governmental espionage may force larger organizations to make hard decisions. There would seem to be three options.
- Companies could increase their IT budgets dramatically to counter this threat by validating every since piece of commercial code in use anywhere on the network.
- They could start building their own hardware and writing their own software, from desktop OS through to the ICs in their routers.
- They could turn to open source solutions the whole way around.
The first two options are not possible for the vast majority of organizations, but the last one certainly is. If significant dollars start flowing in that direction, there will be a bumper crop of companies that will mold and develop open source solutions and sell the hardware and support for them, while giving away the code for free.
Detractors will say that this will potentially open up security threats in the form of bugs and unintentional exploits, but that's always been the case with software of any flavor, open source or otherwise. At least with open source solutions, when a compromise is discovered, it's usually made public and patched quickly.
As far as cloud computing goes, that's outside of the hands of the business and can't be completely trusted. However, the use of open source encryption can mediate that threat to a degree. But make no mistake — these concerns are only going to make the argument for cloud computing more difficult. As an example, think of how trivial it is to capture data flowing into and out of a cloud server instance at the hypervisor level, straight down into encryption instructions delivered to the virtual CPU.
If we're at a point where no piece of commercial hardware or software can be trusted, then the only reasonable option is to rely on large communities of like-minded people to develop, extend, and inspect freely available code on a continuous basis. Essentially, we may need to open source everything.
Sign up for Computerworld eNewsletters.