A huge amount of technology that powers our daily lives relies on what’s called “open-source” software. Open-source means the inner workings of a tool or program are free for anyone to use or improve. But what’s surprising and risky about this arrangement is that many of these vital tools are created and maintained by just one person.
For example, a program called ‘fast-glob’ helps computers quickly find and organise files. It is so helpful that it has been added to thousands of other computer programs, including some used by the US Department of Defense (DoD), according to security company Hunted Labs. The same firm revealed that ‘fast-glob’ is present in over 30 US military software packages and is downloaded about 75 million times every week.
One individual behind the curtain
All of this work comes down to one individual: Denis Malinochkin, also known as mrmInc. He lives in Moscow and has worked at Yandex, a Russian tech company sometimes linked to government monitoring activities, reported Cybernews. However, there’s no evidence that Denis has done anything wrong or used his position to harm users. In fact, Denis has said he developed ‘fast-glob’ independently long before joining Yandex, and anyone is free to check the program’s code.
This “one-person show” isn’t unique. Josh Bressers, a security expert at Anchore, pointed out that over half of open-source software projects are managed by a single developer. In simple terms, this means that vital bits of technology, from websites to banks and government offices, often depend on the unpaid, sometimes overworked efforts of just one person.
Bressers argues, in a blog post cited by Cybernews, that the biggest risk isn’t where these coders live but that so much depends on so few. “Almost all open source is literally one person,” he says, meaning the world’s digital security rests on a handful of dedicated but overstretched individuals.
Others agree that having code managed by a single person does increase the risk. Countries can sometimes pressure their citizens to make hidden changes to software, and it’s harder to spot problems when only one person oversees everything. That’s why some experts, including those cited by Hunted Labs, urge that important projects invite more trusted people as maintainers, ideally people who are known to the community and live in countries where oversight and transparency are strong.
What can be done? Hunted Labs suggests the makers of ‘fast-glob’ add more trusted programmers to help watch over the project. Others say that, in some cases, it may make sense to switch to different tools that have bigger teams or fork the project to create safer versions. The US Department of Defense has even required that computer programs it uses be checked for potential risks, especially if they come from countries with different security rules.
