Better than its reputation: Why German companies still underestimate the IT security advantages of open source software. Bitkom's Open Source Monitor 2021 provides important answers to security questions.
Open source software (OSS) has found its place in the German economy: According to Bitkom's Open Source Monitor 2021 Around seven out of ten companies use applications whose basic source code is publicly available. The survey participants value many different advantages, but still view the topic of IT security as critical. The respondents agreed that the lack of specialized OSS specialists is a major disadvantage of open source solutions. The survey results show how important advice and training from and services from open source software providers can be in order to exploit the benefits of the solutions.
Open source software popular because of cost savings
Cost savings (24 percent) and access to the source code (14 percent) were cited most frequently as advantages of an OSS. The phenomenon is by no means concentrated on cost-sensitive small businesses and the use of free office packages. On the contrary: the proportion of respondents who use OSS increased with the size of the company to 87 percent with over 2.000 employees.
The companies use database programs and writing or graphics applications as well as web services and server operating systems. The latter in particular must meet demanding IT security standards in order not to become a gateway for security incidents, i.e. a weak point. Of those surveyed, however, just seven percent considered high security through timely updates to be an advantage of the OSS. In the IT security category, the software's stability and its low susceptibility to errors followed in second place with just two percent.
The community is a permanent code checking tool
This may surprise specialists who are actively involved in the open source topic and IT security. Because the security of the software and its open source code are closely linked in many eyes. Popular solutions, the code of which is publicly visible, are gathering an active user and developer community from different areas. These bring different interests and thus perspectives into the examination of the source code: Some want to know how the software works, others are actively looking for weak points as a hobby or want to adapt the application to individual needs.
Security-relevant lines of code are quickly noticed, regardless of whether they are weak points, back doors or undesired data evaluations. The community enables a quick exchange of information about errors, application problems or even potential security risks and thus accelerates the deployment of a patch. At the same time, it is difficult to hide functions in software so that the way it works is very transparent.
PKI software EJBCA - open source as the best case
For applications whose source code is not publicly available, companies must trust that providers have implemented IT security in the best possible way and, for example, have not integrated any undesired tracking functions. Open source enables testing by experts from your own company and independent community members.
The example of the Public Key Infrastructure (PKI) software EJBCA shows how far-reaching this can be in IT security. This is available as OSS and contains all the necessary components for the implementation of a PKI such as Certificate Authority (CA), Registration Authority (RA) and Validation Authority (VA) to issue cryptographic certificates for establishing identities for end devices and users.
Digital identities and their applications are among the fundamental building blocks in data and information security. Trust in the issuing infrastructure can be as strong as trust in the individual software components. Since there is a global and active community for EJBCA that analyzes and extends the source code, it is very well known what the certification authority can do and how it works. Companies that integrate the application into their own PKI therefore gain additional certainty that the promises made to them will be kept.
OSS providers and the shortage of skilled workers
In the study listed at the beginning, 88 percent of those questioned named a shortage of specialists for OSS as a disadvantage of open source software. For popular applications, companies can find help from specialized providers such as PrimeKey and their partners, who can provide consulting, training, implementation and maintenance services in addition to the software. This allows organizations without their own know-how to implement special application scenarios that require adjustments to the source code, while the community continues to be available to them as a control instance.
More at Primekey.com
About PrimeKey
PrimeKey is one of the world's leading providers of PKI solutions and has developed a number of innovative products. These include EJBCA Enterprise, SignServer Enterprise, EJBCA Appliance, PrimeKey SEE and the Identity Authority Manager. As a pioneer in the field of open source software for IT security, PrimeKey helps companies and institutions to implement crucial security solutions such as e-ID, biometric passports, authentication, digital signatures as well as uniform digital identities and validation.