|
Personally, I see the arguments about software security to be a bit distracting. In my experience, users of free/open source software don't generally inspect the code (there are definitely exceptions of course.) What it can provide is things like the ability to customise, to avoid vendor lock-in, and things like that. Most users aren't developers, but those that aren't can still get benefits from those who are. For example, if I provide software X to someone, and they use me for support (set up, config, development, whatever), they can choose to move to someone else to provide their support if they want. If I start charging too much, or provide bad service, or just want to get out of the industry and go into woodworking, I as a developer am replaceable. If I don't want to do something, they can get someone else to do it. I used to work on a free software project where this was a big draw for the users. They usually didn't have their own expertise to do the support, but there was a big pool of people and companies they could choose from to take over. And, some did have someone internal to do it, which meant they could change things to suit their own needs as they saw fit. We occasionally got patches and QA reviews from our customers, through the public bugtracker for the project. It does get more complicated with SaaS stuff, but that is solvable also (for example, requiring that data and code is provided.) This is of course only one aspect, and is a bit more commercially oriented (because that's a lot of my experience), but I just think that the security aspects, while valid, often distract from some of the core reasons behind the free and open source models. |