Security teams can’t live on an island in the age of DevOps. Use these 6 tips to win buy-in for change.
Why this CTO believes open source should be the new norm for all software companies
Making your code open source has many advantages, according to Alan Duric, CTO of messaging solution Wire. The company recently made its entire platform open source. In an interview with The Enterprisers Project, Duric explains why that was the right call.
The Enterprisers Project (TEP): How did you decide to open-source your platform?
Duric: Open source is personally very important to me, and my team has a long track record of contributing to open source projects, so it was a simple decision to open source our platform. Doing that encourages transparency and community engagement, which is key for any product that has security at its core. We had a vision to be a secure and completely transparent messaging app and we stuck to it.
TEP: How has it worked out so far?
Duric: We continue to see the benefits from our decision every day and encourage our active users to verify our code for themselves and use our API to build new secure features of their own.
TEP: Are there any downsides or risks to open-sourcing your platform? Any lessons learned or things you would do differently?
Duric: Open sourcing your code is not simple; it requires a lot of time and effort – we learned that firsthand. Open sourcing code can create security risks for potential users if it is created without security being the top priority. The risks can be reduced by testing for security vulnerabilities and protecting those who may later use your OSS.
I also recommend open sourcing the code from the very beginning. Initially, Wire wasn’t open source as we were still working on a few vital security features but now that these are available, it’s easier to structure the code and publish it.
TEP: Why should other companies consider open-sourcing some or all of their code?
Duric: I recommend other companies consider open-sourcing their client code to not only increase transparency, but to contribute to other industries’ success. Many industries face the same challenges and if you open source the code, you allow others to collaborate with you, modify the code to suit their needs, submit bug fixes and offer new feature ideas. It’s a really collaborative process that helps all of us involved in OSS to reduce development time and enables us to build an ecosystem of secure services that can talk to one another.
TEP: If a company is interested in turning some or all of its code open-source, what are the first steps it should take?
Duric: Step one is to make sure your code is ready; take the time to get the code in shape and make sure it’s secure. It’s also important to be open to feedback from the community, positive or negative. One of the biggest benefits of open source is the pool of talent and insight that you have available from third parties, so embrace it and learn to take constructive criticism.
I believe open source should be the new norm for all software companies and Wire is taking serious steps to make it accessible to all even for industries that work with extremely sensitive data.