As long as the deck chairs are properly arranged.

by Tom Davis

Heartbleed opens a few eyes. But not enough.

The Heartbleed bug has revealed how little most people know about the underpinnings of the World Wide Web. I have seen several articles where the reporter is astonished at how few people are involved in creating something like the OpenSSL software that is the center of the Heartbleed story. Their articles take on a tone of scandal. Why? Because up to now they viewed the Web as magic — and free (free as in money). Like most people they never asked questions about the software they use.

Here is a shocker... the Web server used by roughly 50% of the Web sites is created and maintained by an organization with no employees. My guess is that 99% of the population does not know the name of even one Web server application or how the market for the software they use every day works. Who cares, it works... mostly.

As much as 85% of the Web runs on free Open Source software created mainly by volunteers. Does this make the Web more insecure than using proprietary (paid) software? I don't think so. I do not think that Microsoft (paid software) has any more ability to find bugs than the thousands of developers that create and review Open Source software. Bugs (essentially, defects) happen to everyone. 

The downward push on costs for websites is incredible, so it is no wonder that website builders base their work on "free" Open Source software like WordPress, Drupal, Joomla and dozens more free website frameworks. Who wants to add thousands of dollars in software licenses to their website? You can if you wish, there are plenty of expensive software package you can build a website on.

I believe that at the crux of all the Heartbleed reporting (in the mainstream media, at least) is that it was assumed that the World Wide Web was finished - sort of like the Interstate Highway System. All the infrastructure is there, let's drive. Maybe we add some nice restaurants at the exits so everyone can have a pleasant journey. If only it was that simple.

The "volunteers" of the Open Source world take their work very seriously. Programmers working on software like WordPress and Drupal have a surprising level of discipline. The people you need to worry about the most are the website builders that slap up sites using this software and never look back. The reality is that all software needs to be maintained — but most site owners dislike the idea of paying for the work of updating their "completed" sites.