An Open Source of Innovation
A few companies in the security industry have either used open–source software (OSS) as an integral part of their technology or have made their codebase open source in recent years. This might seem like a strange business decision, since open-source code can often be accessed and used by anyone, seemingly giving away the secret sauce. However, there are many advantages to going open source that could help the industry, and there are business models based on open–source code that have proven successful for major companies.
In a move widely regarded as a show of support and major investment into open source development, Microsoft acquired GitHub – a popular platform for managing the development of open–source projects – in 2018.
Google’s mobile operating system, Android OS, was built on an open–source, Linux kernel and has been developed using an open–source approach since 2008. The Linux kernel comprises the core components of an operating system, and is not only found in phones, but is a popular choice as a foundation for the operating systems’ powering servers, various small electronics and many Internet of Things (IoT) devices around the world.
An Allegory for Open Source
Open-source development, at its heart, is the living embodiment of the saying, “Don’t reinvent the wheel.” When a company makes the source code for its project open, it is the equivalent of the wheel’s inventor putting his diagram and instructions out in the town square for anyone to see. The whole town can then make their own wheeled inventions and even start a cart business, if they feel so inclined.
The wheel inventor is now happy because he is the resident wheel expert, and benefits from the sudden influx of carts to his previously bipedal town. Perhaps he will even charge a fee to service peoples’ wheels or for his services as a wheel consultant. Beyond that, imagine how much faster he can get around now to study for his next invention!
Of course, this is an oversimplification, but the point is, there are business models in which open source can do plenty of good for everyone involved. In many open–source business models, companies let the community contribute to their projects under the condition that the company can use their contributions in its own commercial products. Sometimes the open–source license allows the contributors to do the same, if they make significant changes or contributions to the core code they intend to sell as a package.
For many projects, this open development environment has resulted in new configurations, permutations and even entire new genres of software that change industries by creating new efficiencies and connections.
Open Source in the Security Industry Today
In the security industry today, alliances are forming for OSS development to power video cameras and other IoT devices. An independent startup owned by Bosch Security called Security and Safety Things has developed an operating system for security devices based on the Android Open Source Project. This project is an integral part of the Open Security and Safety Alliance’s common Technology Stack, which seeks to outline a common set (or “stack”) of technologies that will promote interoperability between cameras sold by different vendors.
Many companies in the space have acknowledged the benefits of OSS and upped their involvement with open projects. For instance, Axis Communications joined the Linux Foundation in 2013, at which point Axis CTO Johan Paulsson said that the company had been “one of the first companies to use embedded Linux in a volume product” and that it had “long seen the advantages of using Linux.”
Most recently, ONVIF announced that it would open the codebase for its network interface specifications on the GitHub platform under a dual license for open–source development. The license scheme would allow ONVIF to publish extensions created by the community, while giving community developers the opportunity to expand on the code for their own projects.*
Per Björkdahl, chairman of the ONVIF Steering Committee, was quoted in a September Security Sales & Integration (SSI) article about the move, in which he signaled the same sentiment expressed by many other companies turning to open source.
“By having a repository on GitHub, ONVIF is making its interface specification development process more accessible, transparent and efficient,” says Björkdahl. “We encourage ONVIF members and the global developer community to go to our GitHub site and contribute to the standardization work of supporting greater feature interoperability and innovation.”
ONVIF’s dual license allows for the possibility that community contributions to the specifications might be used in works which build on its foundation to create entirely new software solutions.*
Open-source development, at its heart, is the living embodiment of the saying, “Don’t reinvent the wheel.”
Why Open Source?
After all this, the question remains: “Why?” Why would a company give away its software to be used in other projects?
The answer is that when someone provides a tool for everyone to use, the whole trade benefits. Open source is crowdsourcing innovation by releasing advancements that could one day be used to invent something new that can then be used to make businesses more efficient or provide a new service that the original creator of the tool would not have had time to invent.
By making the development of a software open source, anyone can contribute, without taking over the code entirely. Platforms like GitHub were designed for collaborative editing, and most projects require approval from assigned reviewers before a change can be added to the main codebase.
Another advantage is that anyone can find flaws in the code and suggest changes to fix them. If multiple people didn’t review this magazine, there would be typos galore and half of this would not make sense. The same goes for the code that makes up software – more eyes reviewing the product is better.
Overall, the use of open source development processes will hopefully result in quicker development of new solutions that can serve as a base for entirely new products and services. This shift in the security industry could result in technological advancements at a more rapid pace, at a time when many are lamenting that the industry has fallen behind technologically.
*This article is not legal advice. Everything herein is based on the author’s understanding of open source software development and a layman’s reading of the referenced licenses. Please consult the ONVIF Contributor License Agreement (available on the ONVIF GitHub here: https://github.com/onvif/specs/blob/20.12/LICENSE.md) to read it for yourself.