Open Source and Security: What’s the Connection?

In our everyday lives we trust the developers of applications to protect our sensitive data, usually without knowing how or why these tools work. Now consider the documentation process: communication, data management, media recording; experts will often talk about the importance that they be open source. But do we understand what makes tools open source and how that matters for different documentation projects?

The most important element that makes open source essential for safe and secure documenting is transparency. Being open source means that the code, how a piece of software or hardware works, is open for all to see. In being able to see how something works, this means it will also be subject to a high degree of scrutiny and testing. When a company that makes a piece of proprietary software tells you it is secure, the user has little recourse other than to hope they are telling the truth. In the open source world, that claim can be put to the test at any time by anyone.

Due to limited knowledge of what the term open source means, there are those who get scared when they see it; assuming that their data is open for anyone to see and take. But there is an important difference between code being open versus data being left unprotected. As Marie Gutbub of the Prototype Fund explains it, "The code that you can't read or can't know can make your data less private, while with open source, checking the code lets you know if your data will truly be private or not."

The need to have as many eyes and minds examining code is not only a matter of catching the possibility of malicious activity, it is also helpful to spot any mistakes that could lead to the application not working correctly.

This aspect of open source is not only a service to anyone who uses a tool, it also helps any company or individuals who are creating hardware or software.

From the developers’ side, being able to use open source tools that have been tested and extensively scrutinized is vital to developing software for documentation and digital security. This means that in effect an open source application being put out today benefits from what the community has built and discovered over the past decades. Raphael Mimoun, a software developer who spent years working with human rights defenders and front-line activists founded his company, Horizontal, to make tools with and for communities on the frontlines. According to Mimoun: "Without open source we would not have the internet as we know it today. The development of technology moves faster because we are sharing code." Since the dawn of the computers and the internet, using open source tools was seen as cumbersome, unnecessary, and only for a very small group of people who must have state secrets or some other high level information. The classic cliché "I have nothing to hide" was the mantra for those who truly felt they lived ordinary lives of no consequence to any institutions anywhere. However, as government and third parties worldwide have proven over the past 20 years, there is a desire to gain access to and make use of anyone's private data for a long list of purposes. Digital security is officially a universal need no matter who you are in this new world. And if you are someone who dares to work in the field of documentation where the data you gather has value to someone, having access to open source tools for digital security is not only helpful to carry out your work, it is vital to keeping you safe.