When you’re looking for a software solution for your government website, you need assurance the software will provide the best possible security. Spoofing, phishing, information decryption and theft, slow or unavailable service: there are many ways for a cyberattack to disable your site and erode citizens’ trust in your agency. You simply can’t afford to let your website — and your citizens’ data — be vulnerable to cyberattacks.
One option is to choose closed source (proprietary) software; its source code is essentially secret and unmodifiable by the public. Many government website vendors offer specialized closed source software solutions that look ideal at first glance. The touted benefits of unparalleled security and a 24/7 support team are indeed compelling.
But closed source software has serious drawbacks: its inner workings are opaque; subscriptions can be expensive; and technical support can be inconsistent in reality.
Open source software (OSS), on the other hand, has a source code readable by human beings and distributed in a way that any of them can use it. While it may seem counterintuitive, open source software is actually a better choice than closed source for keeping your government website secure. Here’s why.
1. OSS Provides Greater Transparency
When you choose closed source software, you have to completely trust what a vendor says about how the software really works. You can’t verify that what you’re told is accurate, upholds best practices, or is up to date.
However, with open source software, anyone can evaluate the code for accuracy and security capabilities. And anyone can see what the software actually does.
Proprietary software, especially cloud-based software, is reliant on ongoing subscription payments. If you stop paying, it stops working. Open source software is paid for once (during implementation), so government customers can have confidence they aren’t at risk of losing access.
It appears that even the federal government as a whole is moving decisively toward OSS as more than just a cost-saving or cost-management measure. In short, the federal government is finding OSS is more reliable and a better defense against cyberattack.
For example, The Department of Defense OSS FAQ page blatantly rejects “security through obscurity” (which describes closed source software in a nutshell). The DoD clearly says both dynamic and static cyberattacks don’t even need source code. It also highlights these specific OSS security advantages:
- Public access to source code “significantly aids defenders and not just attackers.”
- Publicly available source code “improves software reliability and security through the identification and elimination of defects that might otherwise go unrecognized by the core development team.”
The DoD clearly recognizes the benefit of OSS transparency, as do more and more government organizations.
2. OSS Offers Safety in Numbers
Proprietary software teams (closed source) can be small and don’t always include necessary specialists who can reduce or eliminate vulnerabilities. That can mean you have to wait for questions to be answered, bugs to be fixed, or features to be added. After all, only the code creators can address issues.
It makes sense why most of the internet runs on open source software. A large number of developers and software engineers have a vested interest in making sure it stays reliable and secure. OSS is being tested constantly and collaboratively, which means bugs are found and fixed quickly.
Drupal is one example of an open source solution that undergirds the internet — and it’s used by many municipal government organizations. A specialist vendor can customize Drupal to meet the unique needs of each city, county, or organization.
Proprietary solutions may seem easier to implement and use at first, but you’re stuck with a third-party company’s software roadmap and all their other customers vying for service. Proprietary software can’t customize things just for you unless all their customers want it.
3. OSS Ensures Timely Security Updates
Closed source software users receive software updates when the creators decide to implement them. Complex planning, timelines, and budgeting concerns can mean that updates are delayed by weeks, months, or even longer.
Conversely, open source software allows users and developers to take initiative and provide feedback and fixes at the moment they choose to do so. Users of open source software are alerted when changes are made, dependencies are updated, and security vulnerabilities are addressed.
Vulnerability reports can be more detailed with open source software, and users can remedy issues themselves with provided suggestions. As you can imagine, patching vulnerabilities can be done in short order when developers take matters into their own hands. You can participate in code review yourself, and make a decision to stick with the previous version if you see fit. You also have the power to disable features or release your own security patches.
Drupal serves as a great example; it supports, maintains, and extends its software so that the risk of obsolescence and cybersecurity threats are low. At a minimum, Drupal patches security holes monthly. And because its large community is driving change, new iterations and versions are available fast.
Open Source Software Meets the Complex Needs of Government
The stakes are tremendously high with a government website. Hackers are targeting these sites more and more often. Naturally, you don’t want generic software solutions that are prone to cyberattack or expensive to customize and maintain.
Without a shadow of a doubt, open source software is the best choice. You don’t have to worry about sloppy coding, whether best practices have been followed, or if your software has been properly inspected.
And most importantly, you can have confidence you are getting the best possible security with a large community of OSS users and developers sharing the risk and standing guard.