Risk involving Russia's Facebook raises concern over free or open source solutions

The use of free or open source solutions (open source) in the IT market is usually always related to benefits such as cost reduction and flexibility, but a number of cases have raised the level of concerns, especially regarding security, in the decision to adopt these systems. One of the latest events in this regard was the confirmation, occurred in early May, of the involvement of “on, an open source software library, with the developers of the Russian VK group, whose performance and protagonism are compared to Facebook in that country. As the library is widely used in critical projects such as Kubernetes, Istio and Grafana, the fear of geopolitical finance is compromised by cyberattacks, the cyberattacks.

For Rodrigo Gazola, CEO and founder of ADDEE, a company that has been operating for 30 years in the IT management solutions market, the case of “easyjson’ is just one that reinforces the concern of companies with open source solutions. “The fact that these technological structures are public, allowing anyone (including attackers) to study them and look for loopholes is a major risk factor because most open source solutions do not offer free official support, which can leave companies completely unaided in critical situations, depending only on forums and the” community, he says.

Gazola cites other recent cases related to open source programs.In December of last year, the Ultralytics YOLO project, an open source artificial intelligence library, was compromised through a vulnerability in GitHub Actions automation scripts. Attackers exploited this flaw to inject malicious code into distributed versions of the software. Before, in October 2024, cybercriminals published hundreds of malicious packages in the NPM repository, using names similar to legitimate libraries (technique known as typosquatting).

According to him, this scenario of concern has caused an increase in the demand of Brazilian companies for solutions offered by manufacturers known to be safe and economical. After all, when they make the choice for free or open source tools, organizations are forced to deal with the complexity of themselves having to develop the configuration of most of the systems, which consumes time and energy in exchange for a supposed benefit in reducing the final cost paid for the solution. Whereas in addition they still need to consider hosting and maintenance costs, if these open platforms still add the risk of leaks, the cost benefit ratio is really greatly impaired.   

 The executive claims to have detected this movement of search for manufacturers in the market of IT service providers, called MSPs, by the receptivity of solutions such as HaloPSA and N-Able, both brought to Brazil through exclusive partnerships between ADDEE and global brands. According to Gazola, the fact that the product is marketed entirely in local currency eliminates exposure to the dollar, offering financial predictability in a market that relies heavily on long-term contracts and recurring revenue.

“In addition to freeing companies from the task of configuring solutions, from concerns about hosting and maintenance costs, partners such as HaloPSA and N-Able ensure that companies do not have interruptions caused by any kind of misuse of open technologies and without” protection, he explains.

The CEO of ADDEE reinforces that the lack of contingency plans in case of failures or scams practiced from open source programs has discouraged their adoption and encouraged the search for more resilient alternatives that fit the budgets.