The world has learned (The hard way) that the greatest threat actually doesn’t come from attackers, but from within an organization itself. This isn’t restricted to poor maintenance, but the inability to patch in time and in an efficient manner.
If the latest Windows exploit leaks by “Shadow Brockers” group taught us anything, it is that patches in closed-source software might take months and even years before they get released. That time frame was more than enough to hit more than 900K computers all over the planet.
“[…] The advantage of having hundreds or even thousands of people looking at the software at once is that there is a bigger opportunity for vulnerabilities to be detected much quicker. Once a virus is detected, it will be made public immediately, which gives users the opportunity to fix it within hours, if not minutes. Transparency becomes the strength as it allows errors and faults to be spotted easily, making it harder to hide anything malicious.”
“[…] In contrast, it is more difficult to detect and trace vulnerabilities in proprietary software as there can be security leaks that nobody knows about, until it reaches a critical level. Having a community of developers, engineers and cyber security professionals participating and contributing to an open source software actually lets it operate better, making it an instrumental tool in the development of mobile applications, browsers and servers.”
on the long run
The most important thing more than even security, in my opinion, is that solo developers, startups, and even multinational companies don’t want their projects to depend on a vendor that might go out of business or change its strategy which would leave them in a tough situation.
“Today’s enterprises simply cannot rely on a proprietary piece of source code to manage their increasing multitude of applications that are powering their critical business transactions.” Damien Wong is Vice President & General Manager, ASEAN at Red Hat