Is the source code available for review, reuse, or not at all.
This has consequences:
If source code is available, third parties can review how it works and be confident in their assessment that the app does what it says it does and nothing else. If the source is not available, 3rd-party verification is impossible and the app developers’ word has to be taken at face value.
If the source code is available with an open-source license, third parties can innovate on top of others’ work, potentially leading to innovations that would otherwise be not viable (Linux is a great example for this dynamic).
The argument sometimes is made that if source code is available, attackers can more easily identify weaknesses in the code. While this is true, this argument is generally rejected in the security community: the advantages of additional scrutiny possible by third-party review beat the ability to hide insecure code.
Within this group, the alternatives are:
- An app is implemented as source available if the source code of all of its parts can be examined, but it does not use an open-source license.
- Open Source
- An app is implemented as open source if all of its parts use an open-source license.
- Mixed Source
- An app is that uses more than one licensing style, such as open-source and closed-source.
- Closed Source
- An app is implemented as closed source if none of its parts are available in source code.