Open Source, Licensing and Exam Technique
The final lesson covers open source vs proprietary software, software licensing types, and the most important exam technique for this unit: how to write balanced "evaluate" and "discuss" answers that actually score full marks.
In 2004, Munich became the first major city in the world to migrate its 14,000 computers from Windows to Linux - open source, free software. The city saved millions and became a symbol of digital independence. Then in 2017, Munich announced it was switching back to Windows. The headline reason given: too many problems with software compatibility, particularly with Microsoft Office documents. But leaked reports suggested IBM and Microsoft had both lobbied the city hard, and Microsoft had moved its European headquarters to Munich in 2016.
Open source vs proprietary software
The most important distinction is about the source code: open source makes it publicly available; proprietary keeps it closed.
| Aspect | Open source | Proprietary |
|---|---|---|
| Source code | Publicly available to view, modify and redistribute | Closed. Not available to users. |
| Cost | Usually free (though services/support may cost money) | Usually paid - one-off purchase or subscription |
| Support | Community forums, documentation; no guaranteed support | Official vendor support, phone/email/SLA |
| Security | Transparent: anyone can audit the code for flaws. But vulnerabilities are also publicly visible to attackers. | Code is hidden from attackers, but also hidden from independent security researchers who might find vulnerabilities. |
| Customisation | Fully customisable - modify the code to your exact needs | Limited - use only what the vendor provides |
| Reliability | Varies by project. Major projects (Linux, Firefox) are extremely stable. Smaller projects may be abandoned. | Generally predictable release cycles and backward compatibility |
| Vendor lock-in | Low - multiple providers, community can continue development if one stops | High - dependent on single vendor's continued existence and decisions |
| Examples | Linux, Firefox, LibreOffice, VLC, Python, Android | Windows, Microsoft Office, Adobe Photoshop, macOS, iOS |
Munich's LiMux project was the most high-profile open source migration in government history. Between 2004 and 2013, the city migrated 14,000 computers from Windows XP to a customised version of Ubuntu Linux called LiMux, replacing Microsoft Office with LibreOffice. The project saved an estimated 11 million euros.
But staff complaints accumulated: LiMux struggled with compatibility issues when exchanging documents with other organisations using Microsoft Office. Certain specialised government software only ran on Windows. The user experience was different enough to require retraining. In 2017, the new city council voted to return to Windows 10 and Microsoft Office, at a cost the city estimated at 49 million euros. Critics pointed out that Microsoft had moved its German headquarters to Munich in 2016, and questioned whether the reversal was technically necessary or commercially influenced.
The real lesson is not that open source is bad or good, but that migration requires whole-systems thinking: compatibility with external partners, training, specialist software dependencies, and long-term maintenance all matter as much as licensing costs.
OpenSSL is an open source cryptographic library used by approximately two-thirds of all websites to secure HTTPS connections. In April 2014, a vulnerability called "Heartbleed" was publicly disclosed. The bug had existed in the code for two years, allowing attackers to read the memory of servers running the vulnerable version, potentially exposing encryption keys and user passwords.
Heartbleed affected an estimated 17% of all "secure" websites on the internet. Companies including Yahoo, Tumblr, and the Canadian Revenue Agency were all affected. The Canadian Revenue Agency had 900 social insurance numbers stolen as a direct result.
The case illustrates the complexity of open source security: the code was transparent and could have been audited at any time, but the critical OpenSSL library was maintained by just four people, two of whom were volunteers, on a budget of $2,000 per year - despite being relied upon by most of the internet. After Heartbleed, the Core Infrastructure Initiative was established to fund critical open source security projects.
In March 2024, a Microsoft engineer named Andres Freund discovered, almost by accident, that XZ Utils - a widely used open source data compression library present in millions of Linux servers - had been deliberately sabotaged. A malicious backdoor had been carefully inserted into the software over the course of two years.
The attacker, operating under the pseudonym "Jia Tan," had spent nearly three years building a reputation as a legitimate contributor to the XZ Utils project. They submitted useful bug fixes, built trust with the single overworked volunteer maintainer, gradually took on more responsibility, and eventually gained commit access to the codebase. They then inserted a deeply obfuscated backdoor that would have allowed remote unauthorised access to any system running the affected versions, potentially affecting millions of servers worldwide. The backdoor was discovered just days before it would have been included in stable releases of major Linux distributions, making it one of the most significant near-misses in software security history.
The case raised profound questions about the open source model: critical infrastructure relied on by almost every internet-connected organisation was being maintained by a single unpaid volunteer. The vulnerability of the open source supply chain - where any contributor can potentially insert malicious code - was dramatically exposed. Several technology companies pledged increased funding for open source maintenance following the discovery.
StartUp Ltd is a fictional company of 25 employees launching a new customer relationship management (CRM) system. They have two options: adopt an open source CRM (SuiteCRM, free to download and modify, large community) or purchase a proprietary CRM subscription (Salesforce, 35 per user per month, full support, widely integrated with other business tools).
Their IT manager argues for open source: "We can customise it exactly to our needs, pay no licence fees, and our developer can maintain it." Their CEO argues for proprietary: "We need it to work reliably from day one, integrate with our accounting software, and we don't have time to maintain custom code when we're trying to grow the business."
Software licensing types
All software is distributed under a licence that defines how it can be used. Violating a licence is a breach of copyright under the Copyright Designs and Patents Act 1988.
| Licence type | What users can do | Examples |
|---|---|---|
| Proprietary | Use the software on specified number of devices; cannot copy, modify or redistribute | Windows, Microsoft Office, Adobe CC |
| Open source (e.g. GPL) | Use, copy, modify and distribute freely; GPL requires derivatives to remain open source | Linux, LibreOffice, Python |
| Freeware | Use for free; cannot modify source code; redistribution varies by licence | VLC (also open source), Skype basic, most browser extensions |
| Shareware | Trial use free (time-limited or feature-limited); must purchase licence for continued use | WinRAR, early Photoshop trials |
| Creative Commons | Varies: CC0 (public domain), CC-BY (credit required), CC-BY-SA (share-alike), CC-BY-NC (non-commercial only) | Wikipedia, many academic papers, Creative Commons licensed images |
Exam technique - evaluate and discuss questions
The ethics and law unit is where most marks are lost on "evaluate" and "discuss" questions. These questions are worth 6-8 marks and require a specific structure to achieve full marks.
However, open source adoption carries real risks. Munich city council (which ran the world's largest open source migration for 14,000 computers) found that compatibility issues with organisations using Microsoft Office created significant workflow problems. Schools must exchange documents with parents, local authorities and examination bodies who predominantly use Microsoft formats; conversion errors can cause professional problems. Additionally, teachers would require retraining, which takes time and potentially reduces confidence. Dedicated technical support is also absent without paying a third party.
On balance, open source software may be suitable for schools with strong technical capacity and limited budgets, but schools that exchange large volumes of documents with Microsoft-format users, or lack IT support, risk significant disruption. The "free" cost advantage may be offset by training, compatibility and maintenance costs.
However, the negative impacts are well-documented and serious. Facebook's internal research (leaked by whistleblower Frances Haugen in 2021) showed the company was aware that Instagram was harmful to the mental health of teenage girls, increasing rates of anxiety, depression and eating disorders. Despite this knowledge, product changes that would have reduced engagement were reportedly rejected because they reduced time-on-platform. Furthermore, the "filter bubble" effect - where recommendation algorithms show users content aligned with their existing views - has contributed to political polarisation, with research showing that exposure to algorithmically curated political content increases extreme viewpoints. The spread of health misinformation during COVID-19 led to vaccine hesitancy with measurable public health consequences.
Ultimately, social media's impact is neither uniformly positive nor negative, but the harms increasingly appear to be structural rather than incidental: they arise from engagement-maximisation business models that are in tension with user wellbeing. Regulatory intervention, such as the UK Online Safety Act 2023, reflects a growing consensus that self-regulation by platforms is insufficient.
Lesson 6 Worksheets
Three worksheets covering open source knowledge, case study analysis and exam technique practice.