At Soffid IAM, we often get asked why we share our code base for free, especially when it comes to Identity Governance and Administration (IGA). Last week, a potential customer questioned why we would offer our intellectual property at no cost. It’s a reasonable concern—after all, why would a company give away its product’s core? The answer is simple: security and transparency.
Why Security Isn’t About Hiding Code
One of the biggest misconceptions in software security is that hiding source code keeps it safe. In reality, with the sheer availability of decompilers and reverse engineering tools, anyone determined to access code can eventually succeed. Trying to hide the code only makes it harder for “the good guys”—security teams, auditors, and partners who want to verify its integrity—while malicious actors can still find a way. So, hiding the code is not a real security solution.
At Soffid, we believe that transparency is the key to securing intellectual property. By sharing our source code publicly, we can easily prove authorship in case of disputes without lengthy legal procedures. Customers, auditors, and collaborators can simply visit GitHub or other platforms to verify the legitimacy and timeline of our codebase.
Enhancing Security Through Open Source
When it comes to the security of our customers’ systems, open-source software has clear advantages. By making our code available, we invite not just our own security teams, but also customers, collaborators, and the broader security community to review and identify potential vulnerabilities before they are exploited in production environments.
Some argue that making the code open could allow bad actors to exploit vulnerabilities more easily. While theoretically possible, experience shows that this risk is minimal. For example, Linux—the backbone of over 75% of public servers globally—has demonstrated that open-source systems can be incredibly secure, even with their code open to the public. If anything, having more eyes on the code strengthens it.
The Productivity Boost of Open Source
Beyond security, using open-source tools offers significant productivity benefits for organizations. Without access to the source code, modifying behavior, diagnosing problems, or integrating with legacy systems can be incredibly time-consuming. With open-source IGA, businesses gain:
- Faster Implementation: New policies or configurations can be implemented quickly.
- Easier Problem-Solving: Engineers can directly review and modify the code to resolve issues faster.
- Flexibility: Customizing the platform to meet specific needs becomes much easier.
- Better Integration: Integrating with legacy systems or external tools is more straightforward when the source code is accessible.
The Benefits for Soffid IAM Customers
At Soffid IAM, we stand by our decision to offer open-source IGA because it provides several tangible benefits for our customers:
- Enhanced Security: Open-source allows for continuous code reviews, reducing vulnerabilities.
- Faster Project Completion: Customizations and issue resolutions are faster with open-source access.
- Fewer Technical Limitations: Our customers can build, modify, and extend the platform to meet their needs, without waiting for updates from us.
- Lower Costs: By minimizing troubleshooting time and simplifying integrations, open-source tools reduce overall implementation and maintenance costs.
Why We Haven’t Found Any Drawbacks
You might think there are drawbacks to sharing the source code, but honestly, we haven’t found any yet. Our customers experience better security, faster project completion, and fewer limitations. It’s a win-win for everyone.
In a world where security, flexibility, and transparency are paramount, open-source IGA stands as a powerful tool that provides long-term value.