View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
September 29, 2017

Open source code can strengthen security, says GDS

Which way is the best? GDS explains open and closed sourcing could both be beneficial.

By April Slattery

Government Digital Service (GDS) has outlined that open source coding can be just as safe as closed code – as long as there is the correct guidance.

Two new documents updated GDS’ guidance on opening up source code, outlining the two big concerns over the process and how businesses can overcome these. Their guidance areas cover when code should be open or closed and security considerations when coding in the open.

Open source code can strengthen security, says GDS

The GDS gives government organisations two documents of advice

From the advice, the documents suggest organisations should keep some data closed such as keys and credentials, algorithms for detecting fraud and unreleased policy. All other areas should be open coded like configuration, database schema and security enforcing code.

Having open source coding can create better codes, increase user engagement and support collaboration. Guidance from GDS suggests organisations should open the code earlier in projects, that way security can be addressed throughout the process.

Though businesses think closed source code is the best security measure, GDS explains it shouldn’t be solely relied on as hackers could still find details of organisations codes when closed. Open code could prove to be more secure, by using cryptographic algorithms.

VMware focuses on open source
What businesses are embracing open source software?

Anna Shipman, open source lead at GDS, said: “The new guidance addresses why open sourcing code that performs a security-enforcing function is beneficial. In simple terms, we can compare coding in the open to how padlocks work.

“Everyone knows how padlocks work but they are still secure because you cannot open them without the key. This will make it easier for your organisation to develop and deploy secure and open services, and should address your concerns around coding in the open securely.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Overall, government bodies should use both open and closed source codes across their organisations. Both areas of guidance have been based on industry standards, reviewed by GDS security engineering team and the National Cyber Security Centre.

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.