<<<<<<< HEAD¶
title: Open Source reviewers: Dr Anchit Chandran
=======
Open Source¶
5113a63 (updated section on open source)
The RCPCH Incubator believes open-source software is significantly safer, more secure, and more scientific than proprietary or closed-source models, especially in child health and international development.
What is Open Source?¶
Open-source software means that the software's source code is published openly. Various variants of this primary concept exist and are described in the open-source license.
Copyright protects open-source software in the same way as closed-source. The RCPCH still owns the copyright on the software and will defend this if necessary.
Why does the RCPCH believe so strongly in open source?¶
Open-source development has yet to be mainstream in the healthcare tech sector. However, we have chosen to lead the way for three main reasons:
- Explicit trust
- Healthcare democratisation
- Proof by tech-sector trends
Explicit trust¶
Firstly, open-source software is transparent and centres around explicit trust. Consider the domain of medical research. Clinicians would only trust medical intervention if there was significant empirical backing. Medical software, which impacts medical decision-making, should be no different. There is no reason to rely on large, shady organisations' implicit trust and reputations when open-source provides a better alternative. Furthermore, as the software develops from basic admin and reporting systems to active clinical digital tools, the trust placed in open source becomes vastly more important.
Healthcare democratisation¶
The RCPCH is a charity focusing on international development and improvements in global child health.
<<<<<<< HEAD Making all healthcare code open-source ensures the most comprehensive remit for safe improvement and prevents innovation stagnation. In addition, it enables strong collaboration by tapping into international community support, allowing value to be delivered worldwide.
All children, regardless of geographical distance, deserve equitable health standards¶
Common open source fallacies¶
5113a63 (updated section on open source)
Proof by tech-sector trends¶
The largest, most influential technology companies are enlarging their open-source footprints. A few honourable mentions include:
- Developed GraphQL and React
- Developed Android, TensorFlow, and Kubernetes
- Support Golang
- Microsoft
- Developed Visual Studio Code
- Acquired GitHub
The Business Case for Open-Source¶
A common misconception is that open-source is not commercially sustainable. How can you be sustainable if you give your IP to the world for free?
Open source software is possible to be commercialised in many of the same ways as proprietary software. There are many examples in the wider tech world of successful businesses releasing open source code - Wordpress.org, Discourse.org, and of course Red Hat and Canonical.
Open-source software is both the only ethical solution for healthcare, and offers non-exploitative business models, proven through The RCPCH Incubator's ventures and by enormously profitable businesses like WordPress, Discourse, Red Hat and Canonical.
These models differ from the usual sales of proprietary software. One popular model is Software As A Service (SAAS) offerings, where the core product is freely available. However, organisations will pay for your expertise and consulting in developing, hosting, and integrating software solutions. Commercial extensions, plugins, and customisations can further build upon this.
Even if a financial director values their source code, an intangible asset, at £100 million, this does not mean their source code is actually worth £100 million. In many cases, this is creative accounting intended to increase their orgainsation's stock price artificially. In healthcare, this is an intolerable, immoral, and unethical practice. Software value should depend on its real utility, quality and reliability rather than false scarcity generated by hiding IP.
Though open-source means it's harder to trap consumers with infrastructure lock-in, should public money funding healthcare services be diverted into the pockets of those maximising profits at the expense of patient outcomes?
The Security Case for Open Source¶
If you reveal all of your code, are you not easily vulnerable to security exploits?
This is an understandable viewpoint. However, there are three irrational misconceptions baked into the premise:
1) Security relies on obscurity - some systems do, but these are bad, dangerous and outdated. Effective, widely-used industry best standards enable security even with full visibility (see blockchain technology for one example).
2) Closed source means outsiders can't see your code - slapping on the label of closed source doesn't prevent hackers from leaking your code. Many multinational companies are frequently attacked and have their codebase revealed. Investing resources in preventing these leaks is an unnecessary, perhaps Sisyphean endeavour.
3) Open source is inherently insecure - in truth, there is no inherent difference in security between open and closed source. The terms only relate to codebase visibility: it is down to the people to provide protection. Arguably, developing under the mindset your attackers can see your code will bake in much higher standards of security practice from the project's beginning. Moreover, open-source technologies benefit from larger teams of developers via community contributions, allowing more robust testing and bug identification.
While both types of software have valid pros and cons, neither is intrinsically more secure
"The source code is an intangible asset which our finance director has valued at 10 million pounds"¶
This is simply creative accounting intended to drive up the net worth of an organisation on paper. It is not related to any measure of value of the code. The most effective way to realise return on investment for software is to provide robust, trusted services around a secure, well-featured open source code-base.