Our client, the trade union for bachelors of business administration Tradenomiliitto, has decided to open source the web app we have been building with them: Tradenomiitti. It's a social platform for the members of the union. We believe that Tradenomiitti is going to be a better experience for the users and a more sound investment for Tradenomiliitto thanks to it being open sourced.
This is going to be the first of many projects we publish as fully open source with our clients. We have previously open sourced parts of client projects and we contribute improvements to open source libraries, but this is the first time we are publishing the full source code to a whole and functioning web service.
You can take a look at Tradenomiitti at https://tradenomiitti.fi/. The site highlights the expertise of bachelors of business administration and provides a meeting place for them. Please note, however, that you need to be a member of the union to get the full benefits of the service.
For a long time, and at the latest since the Snowden revelations we have known that there are bad actors on the Internet. From the obvious spying of Facebook and Google both on their sites and across the Internet, through Smart TVs phoning home to tell what is viewed on them and said around them, to headphones and vibrators reporting on their usage. And those are just the ones that got caught.
Proprietary software doesn't have to be bad for its users, but if you're going to act against your users’ best interest, hiding what you do is probably prudent. Our client Tradenomiliitto is building a service for the benefit of their members and one of their core values is trustworthiness. Tradenomiitti is a useful and safe service, and opening up the source code for the users and the world to see is a way to further prove it.
Open sourcing means that not only can everybody look at the source code to see what our service does, they can also take the code and build their own service. Any improvements they make can then be integrated back to Tradenomiitti, provided they are relevant there too. Does this mean that similar organizations can just copy the software and start competing? Somewhat, but not really. The value of a social platform is in the users and their content and in continuous innovation and improvement. It is a rare endeavor where the value is purely in the software.
Many companies have already started embracing the open source model for at least part of their business: tech companies like Google, Intel, Apple, and Microsoft as well as companies in other industries such as Walmart and The Guardian. Software development is not exclusive to pure tech companies anymore, and companies looking to recruit tech talent will want to do what modern tech companies are doing already: growing their open source footprint. Tradenomiliitto is our first client to go full open source, but we expect to see many others follow suit.
As said, it wasn't Futurice's decision to open source Tradenomiitti, but one made by Tradenomiliitto. That is because we do not own the copyrights for it. At Futurice we avoid putting our clients in a vendor lock-in situation by always transferring full ownership and source code as well as visual assets to the client. Frankly, we don't understand why anyone would in 2017 buy custom bespoke software as a black box that ties them to more expensive maintenance deals with the same vendor.
Yet even with the client having full ownership, there is still an advantage with the original vendor. They know the code base and can better estimate what it means to deal with it. Having the code visible to all possible vendors simply levels the playing field. We believe that clients should buy from Futurice because they want to buy from Futurice, not because of external reasons.
It is the unified stand of the information security profession that security through obscurity is no security. What this means is that some would consider hiding bugs by not showing source code to be a security measure, but the only thing that does is makes sure that mostly nefarious people look for the bugs. Open source software can be — and in many cases is — scrutinized by people motivated to help.
The source code for Tradenomiitti is at https://github.com/Tradenomiliitto/tradenomiitti. We expect at least four types of users for the code base.