Security risks

This is a factor that businesses often put first when considering choosing software to digitally transform their operations. Because choosing unsafe software will have huge consequences for all business operations. Especially with open source code, the software is publicly available on the network, so hackers can easily research, analyze vulnerabilities and spread them quickly. This not only poses many risks to users but also to the business system itself. On the other hand, when there is a system-level information security incident, it will be very difficult to update and fix errors.

According to surveys and assessments, the persistent problem with open source software is the increasing number of security flaws and many vulnerabilities that do not have patches due to the lack of a competent and responsible entity to implement them. Before there is a patch, hackers can exploit these vulnerabilities.

Another problem with open source software is the difficulty in controlling and assessing the level of security because the source code is developed by too many different users, and even potentially contains spy code containing viruses to intentionally collect information for malicious purposes.

Risks in implementation and operation

Not all open source software has detailed and complete installation and operation instructions like commercial software, which will cause difficulties in the implementation and operation process, especially without descriptions of common errors and how to handle them, which will cause problems in the early stages of implementation and risks during operation. Moreover, the cost of infrastructure for implementation is not optimized, causing costs to increase.

Poor compatibility and can crash at any time

Some open source software may not guarantee stability and contain bugs, poor compatibility with other software or platforms. Leading to difficulties in using the software and may even encounter serious problems at any time.

Recall that the US Government's Healthcare.gov system in 2013 used open source code, the website stopped working after 2 hours of launching when traffic increased nearly 5 times, then had to be closed due to problems arising from the source code, important technical positions lacked experience in product development.

The Healthcare.gov incident shows that serious incidents can occur at any time if the development, operation and exploitation unit lacks a deep understanding of the system. This leads to a long time to handle the incident, or even an inability to fix it, which can cause loss of customer data, information leakage... greatly affecting the reputation of the parent unit.

Difficult to upgrade and expand as needed

Open source software is available online, so the staff who receive open source software do not have a deep understanding of the system. Therefore, when there are customization requests from many customers, it will be very difficult to change and meet the customer's requirements.

Slow performance

Many open source software have much slower performance than closed source. Because in open source code, there are inevitably redundant code and functions, which will occupy more system resources than usual and make the system run slowly.

Lack of support and dependence on user community

Some open source software is not supported or has more limited support than commercial software, and although supported by the open source free software development community, there is no clear commitment to the quality of support.

On the other hand, some open source software depends on the user community to maintain and develop. If the community does not develop or the vendor changes its business strategy and can terminate the project at any time, users may encounter problems related to features, stability or even be unable to continue using the software and have to look for other software alternatives.

With large systems or core, foundational software, replacement will cost a lot of resources or be impossible and cause great damage... This is also an expensive risk lesson and also makes many companies, businesses, and governments miserable when RedHat ends the open source project Project Centos after nearly 20 years of its inception and stops providing CentOS Linux 8 version in 2021.

Because the operating system for servers has many software systems and long-term service provision, the conversion is very complicated, and many special systems cannot be converted. Even in the medical field, the sudden termination of open source projects has happened, such as the VistA project of the US Department of Health and Human Services National Guard, which switched from open source to closed source in 2015, or the open source project Mirth Connect, which was sold by Mirth Corporation to a private company and then also switched to closed source.

Software copyright disputes are likely to occur.

Some open source software may contain legal elements, including copyright infringement or improper use of the license. Using such software may cause legal problems for the user.

Bao Anh