The use of free or open-source solutions in the IT market is usually associated with benefits such as cost reduction and flexibility, but a series of cases have raised the level of concerns, especially regarding security, in the decision to adopt these systems. One of the latest developments in this regard was the confirmation, which occurred in early May, of the involvement of ‘easyjson,’ an open-source software library, with developers from the Russian group VK, whose performance and prominence are compared to Facebook in that country. As the library is widely used in critical projects like Kubernetes, Istio, and Grafana, there is fear that it will be compromised for geopolitical objectives through espionage or cyberattacks, especially in sensitive sectors such as defense and finance.
For Rodrigo Gazola, CEO and founder of ADDEE, a company with 30 years of experience in the IT management solutions market, the case of ‘easyjson’ is just another one that reinforces companies’ concerns about open-source solutions. ‘The fact that these technological structures are public, allowing anyone (including attackers) to study them and search for vulnerabilities is a significant risk factor because most open-source solutions do not offer free official support, which can leave companies completely helpless in critical situations, relying solely on forums and the community,’ he states.
Gazola cites other recent cases related to open source programs. In December of last year, the Ultralytics YOLO project, an open-source artificial intelligence library, was compromised through a vulnerability in GitHub Actions automation scripts. Attackers exploited this flaw to inject malicious code into distributed versions of the software. Earlier, in October 2024, cybercriminals published hundreds of malicious packages in the NPM repository, using names similar to legitimate libraries (a technique known as typosquatting). The goal was to deceive developers into installing these compromised packages, allowing the execution of malicious code on their systems.
According to him, this worrisome scenario has led to an increase in Brazilian companies seeking solutions offered by manufacturers recognized as secure and cost-effective. After all, when choosing free or open-source tools, organizations find themselves obliged to deal with the complexity of having to develop the configuration of much of the systems themselves, which consumes time and energy in exchange for a supposed benefit in reducing the final cost paid for the solution. Considering that besides they still need to consider hosting and maintenance costs, if these open platforms also add the risk of leaks, the cost-benefit ratio is truly quite impaired.
The executive states that he has detected this search movement for manufacturers in the market of IT service providers, known as MSPs, by the receptivity of solutions like HaloPSA and N-Able, both brought to Brazil through exclusive partnerships between ADDEE and global brands. According to Gazola, the fact that the product is entirely marketed in local currency eliminates exposure to the dollar, offering financial predictability in a market that heavily relies on long-term contracts and recurring revenue.
“In addition to freeing companies from the task of setting up solutions, from concerns about hosting and maintenance costs, partners like HaloPSA and N-Able ensure that companies are not interrupted by any misuse of open and unprotected technologies,” he explains.
ADDEE’s CEO emphasizes that the absence of contingency plans in case of failures or scams carried out from open-source programs has discouraged their adoption and encouraged the search for more resilient alternatives that fit within budgets.
