• Risk Wizard Team

Risks of Open Source Risk Management Software

Updated: Jun 8

Open source to some of us may sound risky. If everyone can see the software code, can’t they just as easily hack the system for their malicious purposes? Let’s have a look at the risks of open source risk management software and see:

The Importance of Open Source Licensing

Just because a particular risk management software (or any software, for that matter) is labelled as being ‘open’ doesn’t mean it’s truly open source nor does it mean that it’s without its risks.

Nowadays many open source developers seek open source licensing of the source code, which helps legal teams and risk management professionals evaluate the robustness and security of the software before implementing it within the organisation.

To be fair, just because a company claims to have licensed their source code doesn’t mean it’s 100% trustworthy either, but it’s a little like choosing a licensed plumber or roofer rather than a cowboy - it gives users a reasonable degree of reputability and trustworthiness.

Entry Barriers and Exit Strategies

There are many benefits unique to open source software, but risk management professionals should note down their considerations with regards to adoption (onboarding the software) and getting out if things aren’t working out.

For the former, adoption itself depends on many sub-factors such as willingness to use a new, perhaps not widely-known software with licenses that may be unfamiliar to the legal team or beyond what the higher-ups consider to be acceptable in the organisation.

Basically, one can think of adopting open source risk management software along the lines of Metcalfe’s Law: the more people that use the network, the greater its overall value (in layman’s terms). If others (i.e. competitors, other industries) are using particular open source software, its value increases as more people use it.

For the latter, an exit strategy is crucial. Extremely restrictive licenses have thankfully fallen out of favour in recent years, which hamper the ability of an organisation to produce value with the software when they are considering switching to another service. Far more permissive licenses are now quite normal.

Bear in mind that from the developer’s point of view, restrictiveness is in place for often very good reasons, but they do limit what you can and can’t do with the software as a user.

Risks of Open Source and Solutions

There are many examples that illustrate the risks of open source and demonstrate the reality of these risks vs the fear of something going wrong. Generally, closed-source software has a good reputation for security since it’s all (often) proprietary on the developer’s side, but that doesn’t mean that open source by definition has security vulnerabilities.

With the rise in the attention given to blockchain technology and the crypto market, one need only consider that one of the original blockchains, Ethereum (ETH) is open-source and has been developed in such a way that the security of the ledger is front and centre. Nevertheless, it is possible and it has happened before as seen during the hard fork to Ethereum Classic (ETC).

Third-generation blockchain developers at Cardano (ADA) and Polkadot (DOT), both of which were founded by ex-founders of the Ethereum project, have maintained open-source development on their blockchains yet security remains a key feature. After all, if someone can manipulate the ledger, it isn’t much of a reliable solution, is it?

These examples borrowed from the world of cryptocurrency show that open-source can be safe and secure, whilst giving users the freedom to develop on the backbone of the technology. Similarly, risk management software that is open source isn’t necessarily ‘risky’ so long as the license and the developers work hard to minimise risks that may present themselves.

Risk Wizard

Start using Risk Wizard today and experience the benefits of our bespoke risk management tools.