The hackers who compromised Adobe’s network knew, when they hacked into the system, that the most valuable prize would be the one that was the most secretive – their source code.
Exploiting secrets is the name of the game for the hacking community, but now, the new hot secret to steal is beyond personal data, it’s the code that makes things tick.
In the past, companies viewed source code as their best defense. Develop a code, hold it tight to the vest, and your system would be as secure as a maximum-security prison, or so they thought. Today, many of the same organizations, which thought keeping their code closed was a best practice in security, are finding themselves in hot water and re-evaluating their security policies.
What’s the solution? It’s quite simple. The best security defense is a good open source offense. Instead of holding your code so close, open it up and share it with the community. Although it may seem counter-intuitive to share more, if there’s no secret, there’s nothing to steal.
Oftentimes, rather than thinking of open source as an offensive strategy to protect against security breaches, people believe that sharing code makes you more vulnerable to security threats. The truth is that open source code goes through much more vigorous scrutiny and is, therefore, less likely to have security holes. Not only are you one step ahead of the hackers by sharing your past secrets, but you have an entire community of developers helping you to make sure that bugs are flagged and fixed faster, assuring that the code does not become vulnerable to any future attacks.
Quicker evolution of code
Open source is inherently dynamic – constantly evolving with faster releases compared to proprietary code. And, with the software quickly changing, hackers have less time to infiltrate the code. Since the hacker community is constantly looking for new ways to attack companies and software, it is important that security holes get identified quickly. When code is open source, everyone from end-users to community developers is able to identify issues and fix them quickly. Hackers might be fast, but when there is a community evaluating code, organizations have the opportunity to be much faster.
Companies often use proprietary software from third-party vendors. As a result, they do not have a clear and transparent view of how their software works while using the code. Proprietary vendors hold on to their “secrets” and, if there is a security issue, customers are unable to get a full picture of the problem. Organizations can find themselves in a situation where they know they have a breach, but are unable to identify the source. In the meantime, their customers are waiting for them to resolve the problem. If they had chosen an open source software solution instead, they would have a much easier time identifying and understanding the issue. Open source provides a complete picture of the software and how it is integrated with the overall product, providing a tremendous advantage when answering the big question – “what went wrong?”
The more inter-dependencies, the bigger the issue
Software has several interdependencies and if one portion is hacked, it’s very likely that other parts of the product will also be affected. Open source operating systems (OS), like Linux, are modeled on UNIX – a modular OS. These systems are not only transparent to users and administrators, but also have fewer interdependencies in comparison to proprietary systems. When there is an issue with one part, it’s easier to work on fixing it without having to worry about its impact on other components. And of course, if one part is hacked, it doesn’t mean that the entire system has been compromised.
As we all know in the security world, hackers are always thinking of new ways to attack our systems, and open source is not going to solve all security challenges, but going on the offensive is the first step in taking back control. The characteristics of open source, such as constant evolution, quicker fixes and lesser interdependencies, can be a huge advantage when facing hackers. Evaluating security policies to understand the “secrets” in an organization’s IT vault and how they are impacting the organization is critical in assuring that the next breach is merely an inconvenience rather than a catastrophe.
Security cannot be taken for granted and requires constant vigilance. There are no easy fixes and substitutes for being aware of ones environment and vigilant for threats and attacks. Using open source software is one tool in an entire arsenal of protective strategy that is needed to ensure security in the modern enterprise.