Some may already be familiar with the term 'open source'. Especially those who have experience with programming. But what does it actually mean, and why is it important for Bitcoin wallets? In the following article we explain what it means and what advantages this model has.
Open source code
By far the most important feature of open source software is the transparency of the program code.
If you install a program from the Internet, you usually only get an executable binary file (for example an .exe).
A binary file is a "pre-compiled" version of the source code, which has the advantage that it is much easier to handle. The user no longer has to compile the code himself, and just has to execute a single file. However, after the code is compiled, the content of the program is no longer directly traceable, since it is expressed in machine code. The user must trust the developer that the program does not contain any malware.
To avoid having to trust the developer completely, the developer may decide to publish the uncompiled source code, making it available for anyone to see. This publication of the source code is the basic requirement for open source software.
Thanks to this open source code, it is possible to understand how secure or insecure a program is. Other programmers can check the code for security vulnerabilities and make suggestions for improvement.
Especially for very security-relevant programs, such as a Bitcoin wallet, this feature is essential. For this reason, both the firmware of the BitBox02 and the BitBoxApp can be openly viewed and compiled by anyone.
With the help of our documentation, the firmware of the BitBox02 can be compiled by yourself. This ensures that the device really runs the software that is available online. With the help of the firmware hash, this comparison can be done quickly and easily.
Open source software should always be released with a very free license that allows other programmers to view the code, modify it and publish these changes.
Often certain restrictions apply, such as that the published changes may not be commercially distributed (i.e. sold). Licenses that do not allow changes to the code are also called "shared source" - so they are not open source.
These modified versions are called "forks", because they split off from the main code much like a fork. Forks can be used to create completely new programs based on the code of another program.
In this way conflicts between developers of a program can be solved. If it cannot be agreed upon which changes are introduced, the program can be "forked" at any time.
Due to these characteristics open source software is absolutely necessary for the collaboration of several programmers, who neither know each other nor have to trust each other.
It is the open-source model that enables developments such as Bitcoin, on which thousands of people around the world collaborate. Ultimately, the general public benefits from open source software because it is freely available to everyone and the code can be developed and used by anyone.
Open source gives control back to the user. Instead of using pre-compiled programs, the user has the ability to modify the software to their liking and understand what it actually does.
Frequently asked questions
Why is open-source software code important for Bitcoin wallets?
Bitcoin itself is free and open-source software. That means that you can inspect every detail of how it works and use it without trusting the developers. The same is crucial for hardware wallets: if it contains closed-source code, you need to trust the manufacturer to do their job very well (as nobody else can check the code and point out flaws) and resist the temptation to do shady things. The BitBox02 hardware wallet is 100% open source, and we incentivize independent security researchers to check our products through our bug-bounty program.
Is open source bad for security?
It seems logical that public software code might be less secure than secret code, as attackers can more easily find vulnerabilities. Surprisingly, the opposite is true: open-source software is widely regarded as more secure. Closed source software relies on 'security by obscurity', while open-source software relies on fundamentally sound security architecture, auditable by anyone.
Why is open-source software more secure?
Developing open-source software in the eyes of the public incentivizes better code quality and documentation, many more eyes can check everything, and external audits from independent security researchers are extremely valuable for an outside-the-box view. With closed source software, 'security by obscurity' can only last until security flaws become apparent to motivated attackers.
Are all Bitcoin wallets open source?
Not all crypto wallets are free and open-source projects. Ledger hardware wallets, for example, contain closed-source software that manages your private keys, which is due to how Ledger uses the secure chip. Check out the open-source comparison table with information on more wallets on https://shiftcrypto.ch/bitbox02/bitcoin-only/#compare.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.