Open Source Fundamentals

This article is a definition of terms for Open Source – including exam questions and tags.

In a Nutshell

Open Source refers to software whose source code is freely accessible, usable, and modifiable, often under clearly defined open source licenses.

Compact Technical Description

Open Source Software (OSS) allows developers to study, modify, and distribute the source code. It is based on open licenses such as GPL, MIT License, or Apache License, which define what usage rights and obligations exist. OSS is developed collaboratively, usually through platforms like GitHub or GitLab. In addition to transparency and innovation, OSS brings challenges, e.g., regarding license compliance and security management. Open Source is not synonymous with free, but requires compliance with the respective license terms.

Exam-Relevant Key Points

• Open source software with defined usage rights
• Different license types: Copyleft vs. Permissive
• Community-driven development, Pull Requests, Forks
• IHK Relevance: License review and documentation in projects
• Practical reference: frequent use of open source libraries
• Security aspect: Code transparency enables audits, but also attack surfaces
• Cost-effectiveness: cost savings, no vendor lock-in, but support effort
• Documentation obligation: proof of used OSS components with license information

Core Components

1. Source code disclosure
2. Open source license model
3. Community and contributor structure
4. Version control systems (e.g., Git)
5. Forks and Pull Requests
6. License types: Copyleft, Permissive
7. Open source governance
8. Contribution Guidelines
9. Security aspect: CVE reports, patch management
10. Compliance procedures with SPDX or SBOM

Practical Example

// SPDX-License-Identifier: MIT
function add(a, b) {
  return a + b
}

Explanation: This code snippet is released as Open Source under the MIT License. Anyone can use, modify, and distribute it as long as the license terms are complied with.

Advantages and Disadvantages

Advantages

• Transparency
• Cost reduction
• Large developer community
• Innovation
• Security through code review

Disadvantages

• Possible incompatibilities due to license requirements
• Support responsibility often lies with the user
• Potential security risk from unmaintained projects

Typical Exam Questions (with Short Answer)

1. What does Open Source mean at its core? Source code is freely available, may be used, modified, and distributed, subject to compliance with the license.
2. Known open source licenses? GPL, MIT, Apache-2.0, BSD, MPL.
3. Copyleft vs. Permissive? Copyleft requires that derivatives are also open source, Permissive allows proprietary use as well.
4. IHK-relevant documentation obligations? Specification of used libraries, licenses, and license texts in the project report.
5. Open Source contribution to security? Through transparency and peer review, vulnerabilities can be discovered and patched more quickly.
6. Risks when using without license review? License violations, legal conflicts, economic damages.
7. Economic benefits? Lower license costs, flexibility, faster development through reuse.
8. Integrate OSS compliance in CI/CD? License scanners, SBOM generation, SPDX compatibility, build blockers for conflicts.

Most Important Sources

1. https://opensource.org/
2. https://spdx.org/licenses/
3. https://www.gnu.org/licenses/licenses.html