What reasons to companies have for open-sourcing libraries and applications?
Doing this may allow a developer to better understand the code, but could doing this allow people to find and exploit vulnerabilities in the library or application?
6
There are myriad reasons why a company would put code out into the world for anyone to see and use:
-
Developer Relations – Putting out quality, useful code endears developers to the company.
-
Trial by Fire – If you have code out in the wild that is used by many people, you are likely to get loads of feedback about it. Bugs, areas to improve, and maybe vulnerabilities. It can lead to more robust products in the end as you find many things that a few developers may not have found on their own.
-
Free Developer Time – Plenty of developers are perfectly willing to spend time working on a project. By allowing developers to contribute, you get the benefit of free labor as well.
-
Growth – Putting out an API allows other developers to create an ecosystem around the product/platform/etc. which in turn can attract more people and grow the ecosystem.
9
Companies release code as open-source when that code isn’t their core business. Facebook doesn’t sell software, it sells a global social network. You can take 100% of Facebook’s code, run it on your own servers, and still not be any sort of competition to them. So what do they have to lose? The reason they’ve beaten out rival social networks isn’t because they have a super-efficient patented memory caching algorithm or the best PHP templating engine. The code isn’t the only thing here.
1
A good reason would be this:
If some 3rd party developer gets an awesome idea and integrates it in that code, it can easily boost the popularity of that company or that product; this is always desired, even if it means some (not a lot) additional security risks. It’s a trade-off worth making.
Also, exposing some API of your code to literally everyone can be beneficial. The best example I can think of is what Google did with Google Maps. They can be integrated in virtually any web-page out there. This helped Google by making that service much more popular and attractive. I know this doesn’t fit the criteria of publishing the code; but making an API completely public comes pretty close.
1