What’s FOSS, Anyway?

by | Jul 4, 2023

What’s FOSS?

FOSS is an acronym for Free & Open Source Software[1]. Most software that we are familiar with is not open source. What does it mean that something is open source vs being proprietary? Why should we want something that is open source vs something proprietary if the proprietary thing works just fine for us? This post will seek to give a short answer for these questions.

First, what does it mean if something is “open source”[2]? Simply put, if something is open source, then anyone with the skill can audit or adjust or even fork a piece of code or a blueprint for a piece of software or hardware. Some of you may live in fear of IRS audits, so auditing software code is a similar process. A programmer or developer sits down and examines the source code or DNA of a piece of software or the plans for an open sourced piece of hardware. Any such person can parse the code, see if it makes calls to anything shady, or if there is something unnecessary that the original developer wrote into the program. They can also check for bugs or other defects, such as security flaws which the original developer might have missed when they audited their own program or script before it was released to the public. This process is generally called patching a piece of software, this also happens in proprietary software, only behind closed doors at the company which develops that application or tool. Developers of each kind of software depend on tools such as bug reports, crash reports, and telemetry to point out issues. Telemetry, at its most basic, is simply an automated data collection so that the user doesn’t need to worry about sending in a bug or crash report to the developer(s) or company behind a given piece of software. What does it mean to “fork” an open source thing? Forking is the process wherein one developer takes open source code, tweaks or modifies it (sometimes as simply as redoing visual window dressing, and sometimes it is a radical re-write with enough of the original idea that it needs to be cited still) and releases it under a different name. If something is proprietary, it is necessarily closed source, with the code locked behind a copyright and if you find a way to hack in and alter it, you are likely to be prosecuted by the company which produces that software.

Why should we want a piece of hardware, or software, or firmware which is open source? generally those pieces of software, hardware, or firmware tend to be more secure, rather than less because the code is transparent and any interested and skilled party can investigate the code for errors, bugs, or security holes, then submit patches to the developer(s) of the piece in question. This openness makes it so that it is harder to slip the public a mickey, so to speak. FOSS codebases usually don’t make it into common use unless they are clean of malware, reasonably free of bugs (are stable within reason), and have been combed through by more than one set of eyes to make sure that those things are the case. This is not the case, as a rule, with proprietary software, as only the team which is assigned to a given piece of an app or program has full access to that code. Sure, there are QC and QA steps built into the development process, but only those assigned to those areas can do anything about bugs or vulnerabilities. This means that often, bugs and vulnerabilities have to wait for full version releases before they get squashed or patched. You also have to keep in mind that with proprietary software, hardware, or firmware (which allows software and drivers to actually talk to your hardware), you need to trust the company behind it. If you are seriously investigating FOSS, then you are likely questioning the validity of trusting those companies already. One big one is Microsoft, but even companies like Fortinet, which is currently under a heavy malware attack[3]. When code is closed source, it can take a huge mobilization effort on the company’s part to remedy a problem, where if it is FOSS, FLOSS (Free, Libre Open Source Software)[4], or simply open source, any developer who pays attention can create and apply patches, then if they work, submit to the project through a pull request. Open source simply means that anyone can look at or modify the source code for a project, when you add Free to the front of OSS, this emphasizes the freedom aspect (not free of cost, necessarily, though they typically are free of charge), where when you add the L as in Libre to it, that is even more clear (free speech vs free beer). This often, but not always, streamlines the process. This leads, usually, to more stable and secure software.

[1] https://itsfoss.com/what-is-foss/

[2] https://opensource.org/osd/

[3] https://www.bleepingcomputer.com/news/security/new-cactus-ransomware-encrypts-itself-to-evade-antivirus/

[4] https://www.gnu.org/philosophy/floss-and-foss.en.html