Screenshot 2023-10-25 at 10.48.41 PM.png
Open Source Software Is Safer
Quality cannot be absolute. It's a process, which goes on.


Umair Sayed


Aug, 29 2018



min read

In the last few months, we at Frappe received decent traction from the large enterprises. Our first session with these companies included the presentation which briefed the technical stack of ERPNext and Frappe Framework. The moment we presented ERPNext and Frappe framework as an open source application, the quick follow-up question was:

If ERPNext is an open source software, what about data security?
They were apprehensive that if complete code base of a software is public, it will be easier for the hackers to locate the vulnerabilities in the software and misuse it.

I contest that open source applications are safer. To take the case forward, let's study the case of Windows and Linux. Below are arguments which explain how security aspects are better-taken care of in an open source software.

Windows vs Linux

Windows is a licensed based (means non-open source) software which needs no introduction. It is used not just for personal computing, but also in millions of businesses every day. It's Easy to install, get trained and use. It works great, until (wait for it!) it doesn't crash. Yes, that's another bitter reality which goes hand in hand with its goodies. The issues in the windows computer like security breaches, virus attacks and OS itself crashing are pretty common ones. Perhaps that's the reason why market share of Windows PCs which is 88% drops to just 2% when it comes to windows server market.

We have Linux on other hands. It is an open source application, available for free for everyone. Its market share of PC users is just 2%. However, when it comes to Linux server share, it stands tall at 95%! Linux powers all the supercomputers existing today in the world.

The biggest differentiator between Windows and Linux is open source, and one of the major reason why Linux is more secure. Open source project has the source code published in the public domain, having not just the product team, but the product community keeping close eyes on the source code. Apparently, you have people from the community reporting the vulnerability issues and helping you make the application more secure.

For ERPNext as well, the community of user, developers, and bounty hunters have played a pivotal role in reporting the security flaws and in getting them fixed, for the benefit larger ERPNext community.

How to Ensure Security in Software?

In this ever-evolving world, the requirement of the software users is also evolving constantly. Hence software also require upgrades to fulfill these needs (more so to remain in the business). When a software itself is being upgraded so often, it requires a check each time on its security aspect as well, to ensure that new upgrade doesn't introduce any leakages or vulnerabilities. Hence the question:

Is your software secured? 

In my humble opinion, it cannot be answered in binary, like yes or no. It can only be answered by defining the process which does security checks and reviews before every release. Perhaps that's why ISO certification doesn't assign quality-tag on a company but acknowledges that the company does have processes in place to ensure the quality outcome. Quality cannot be absolute. It's a process, which goes on.

Conclusively, for an open source application, security is not a concern but a goodie. We are thankful to all the whistleblowers in the ERPNext community who contributed to making ERPNext and Frappe more secure. But as we learned above, it's a process. So do keep that coming.

Published by

Umair Sayed


Aug, 29 2018


Add your comment




Ostech Man


March 16, 2019

Framing and approaching process, not forms and Windows themselves.

Best regarded.



Paul Mugambi


3 days


Beautiful read, and an insight into an individual I respect and have learned a lot from. Am inspired to trust the process and never give up.


Anna Dane


5 days


I must say this is a really amazing post, and for some of my friends who provide Best British Assignment Help, I must recommend this post to them.

Add your comment