The use of free or open source solutions in the IT market is often associated with benefits such as cost reduction and flexibility, but a series of cases have raised concerns, particularly regarding security, in the decision to adopt these systems. One of the latest developments in this regard was the confirmation, in early May, of the involvement of ‘easyjson,’ an open-source software library, with the developers of the Russian group VK, whose role and prominence are comparable to Facebook in that country. Since the library is widely used in critical projects like Kubernetes, Istio, and Grafana, there are fears that it could be compromised for geopolitical objectives through espionage or cyberattacks, especially in sensitive sectors such as defense and finance.
For Rodrigo Gazola, CEO and founder of ADDEE, a company with 30 years of experience in IT management solutions, the ‘easyjson’ case is just another example that reinforces corporate concerns about open-source solutions. ‘The fact that these technological frameworks are public, allowing anyone (including attackers) to study them and look for vulnerabilities, is a major risk factor. Moreover, most open-source solutions do not offer free official support, which can leave companies completely helpless in critical situations, relying only on forums and the community,’ he says.
Gazola cites other recent cases related to open-source programs. In December of last year, the Ultralytics YOLO project, an open-source AI library, was compromised through a vulnerability in GitHub Actions automation scripts. Attackers exploited this flaw to inject malicious code into distributed versions of the software. Earlier, in October 2024, cybercriminals published hundreds of malicious packages in the NPM repository, using names similar to legitimate libraries (a technique known as typosquatting). The goal was to trick developers into installing these compromised packages, allowing the execution of malicious code on their systems.
According to him, this concerning scenario has led to an increase in Brazilian companies seeking solutions offered by recognizedly secure and cost-effective manufacturers. After all, when opting for free or open-source tools, organizations are forced to deal with the complexity of having to configure much of the systems themselves, which consumes time and energy in exchange for a supposed benefit in reducing the final cost paid for the solution. Considering that, in addition, they still need to account for hosting and maintenance costs, if these open platforms also add the risk of leaks, the cost-benefit ratio becomes significantly compromised.
The executive claims to have detected this trend toward seeking manufacturers in the IT service provider market, known as MSPs, due to the receptiveness of solutions like HaloPSA and N-Able, both brought to Brazil through exclusive partnerships between ADDEE and the global brands. According to Gazola, the fact that the product is sold entirely in local currency eliminates exposure to the dollar, offering financial predictability in a market heavily reliant on long-term contracts and recurring revenue.
‘In addition to freeing companies from the task of configuring solutions and concerns about hosting and maintenance costs, partners like HaloPSA and N-Able ensure that companies do not face disruptions caused by any misuse of unprotected open technologies,’ he explains.
The CEO of ADDEE emphasizes that the lack of contingency plans in case of failures or scams involving open-source programs has discouraged their adoption and encouraged the search for more resilient alternatives that fit within budgets.
