The use of free or open source solutions in the IT market is often associated with benefits such as cost reduction and flexibility. However, a series of cases have raised concerns, particularly regarding security, in the decision to adopt these systems. One recent incident was the confirmation in early May of the involvement of ‘easyjson,’ an open-source software library, with developers from the Russian group VK, whose role and prominence are comparable to Facebook in that country. Since the library is widely used in critical projects like Kubernetes, Istio, and Grafana, there are fears it could be compromised for geopolitical objectives through espionage or cyberattacks, especially in sensitive sectors like defense and finance.
Rodrigo Gazola, CEO and founder of ADDEE, a company with 30 years in the IT management solutions market, states that the ‘easyjson’ case is just another example reinforcing corporate concerns about open-source solutions. ‘The fact that these technological frameworks are public, allowing anyone (including attackers) to study them and seek vulnerabilities, is a significant risk factor. Moreover, most open-source solutions do not offer free official support, potentially leaving companies entirely without assistance in critical situations—relying only on forums and the community,’ he explains.
Gazola cites other recent cases related to open-source programs. In December of last year, the Ultralytics YOLO project, an open-source AI library, was compromised via a vulnerability in GitHub Actions automation scripts. Attackers exploited this flaw to inject malicious code into distributed software versions. Earlier, in October 2024, cybercriminals published hundreds of malicious packages on the NPM repository, using names similar to legitimate libraries (a technique known as typosquatting). The goal was to trick developers into installing these compromised packages, allowing malicious code execution on their systems.
According to him, this concerning scenario has led to increased demand among Brazilian companies for solutions offered by recognized, secure, and cost-effective manufacturers. After all, when opting for free or open-source tools, organizations are forced to handle the complexity of configuring large parts of the systems themselves—consuming time and energy in exchange for an assumed cost-saving benefit. Considering they must also account for hosting and maintenance costs, if these open platforms further add the risk of leaks, the cost-benefit ratio is significantly compromised.
The executive claims to have detected this shift toward established manufacturers in the IT service provider market (MSPs), driven by the reception of solutions like HaloPSA and N-Able, both introduced in Brazil through exclusive partnerships between ADDEE and the global brands. According to Gazola, the fact that the product is sold entirely in local currency eliminates exposure to the dollar, offering financial predictability in a market heavily reliant on long-term contracts and recurring revenue.
‘Beyond freeing companies from the task of configuring solutions and concerns about hosting and maintenance costs, partners like HaloPSA and N-Able ensure that businesses avoid disruptions caused by any misuse of unprotected open technologies,’ he explains.
The CEO of ADDEE emphasizes that the lack of contingency plans in case of failures or attacks stemming from open-source programs has discouraged their adoption—encouraging instead the search for more resilient alternatives that fit within budgets.
