open source software ELN for laboratories in science - v04

Understanding Open Source Software – What Exactly Does it Mean and What Does It Have To Do With Data Security in Your Lab?

 5 min read

Open source electronic lab notebooks – Beyond technicalities, a movement that shapes the future of computing and your scientific research.

The Open Source Way

To start from the beginning – “the term open source originated in the context of software development to designate a specific approach to creating computer programs. Today, however, open source designates a broader set of values—what we call the open source way. Open source projects embrace and celebrate principles of open exchange, collaborative participation, rapid prototyping, transparency and community-oriented development” – as stated by the team behind Opensource.com (supported by RedHat, the world’s open source leader).

For example, if an electronic lab notebook is an open source software, that means that the source code, the essence of the software, is available to the public. Basically, anyone is licensed to use, improve or change the software (sciNote’s source code is available on GitHub).

Open source does not mean open access to your data by other parties. We can think of it as building the house for example, I decide whether I want to share the method, i.e. the “source”, how I built my house with other people. If someone else takes the source code and modifies it for him/herself, that has no direct effect on me. I built my house, here is how I did it, if you want to build your house and change the windows or add another room to it, that’s fine.

So, if I am using an open source electronic lab notebook sciNote for example, and another institute decides that they want to add a new module to sciNote that would analyze their data, they can develop it and decide whether they want to make it available for others as well. If they do make it available, then you and me would also be able to use the specific add-ons they created.

Open source software actually gives independence to its users, more control over it. If compared to proprietary software that does not allow access to the source code, open source allows the community to step in, improve and fix the software, which increases the security and stability of the software. Open source is in direct relation with open collaboration.

This can actually decrease the costs of the software and enable its original developers to offer it to the public as a free open source solution.

“Open source is a development methodology; free software is a social movement.” Richard Stallman

 

 

Is it easier to hack an open source software?

Let us start with the most common question – is open source software hackable? Yes. Everything is. Pentagon is hackable. Google is hackable. Banks are hackable. Your own computer, phone and memory stick are hackable. Your institute’s servers are hackable. It depends on how good the hackers can be. But the chances might be lower if the software is open source. Why?

The code of an open source software is not necessarily superior to the code of a proprietary software, but in some cases, it can be considered safer because it is the only type of software whose source code can be checked for security without being dependent on the vendor and putting all the trust into their actions. As Edward Snowden pointed out at the OpenStack Summit, open source community plays an important role as a collective protector of people and even as defense against government and corporate actions. “There should not be a need to hide things from the rest of us. So, the main ethical obligation I see developers asking themselves a question – ‘How do I empower the user of this application?’ Or at least they should enter that chain of thought.” Edward Snowden, Open Source and the Power of The Collective (Full text)

While on one side open source nature of the software enables the global IT community (besides the team who developed the software in the first place) to find and fix security bugs – many eyes make all bugs shallow, on the other side the code is available to anybody (hackers included) which might make it easier for them to hack it. However, most of the data provided by experts in the field today points out that when it comes to hacking an open source or a closed source software, the difficulty is pretty much the same. It does not depend on the open or closed nature of the software, but on other things, such as: how was the software developed in the first place and whether the latest security practices have been taken into account. Basically – being closed-source really doesn’t mean that the software is more or less secure than open-source software. Open-source nature of the software doesn’t actually make a major difference for the best hackers.

It is important to note here, that the way in which laboratory data is being managed and the levels of data security that should be in place within each laboratory depend not only on one software, but on the entire organization.

 “Detractors of open source software often point to its broad developer base and open source code as a potential security risk. But that’s not a fair assessment, according to Dr Ian Levy, technical director with the CESG, a department of the UK’s GCHQ intelligence agency that advises UK government on IT security. Asking whether any piece of software is secure is too broad a question. A more valuable approach is to ask what security guarantees your organization wants from a piece of software and then ask whether the software delivers that.” (Full text)

 

Why is sciNote an open source electronic lab notebook?

Open source nature of the software gives independence to its users. It is a movement towards transparency and collaboration on a global level, building a community of professionals to improve, fix and develop it further. Science and IT are becoming so closely linked that we cannot imagine doing science without different software solutions anymore.

sciNote electronic lab notebook scientific community of users already accounts more than 15 000 users and many of them are actively contributing either by developing their own private add-ons or by contacting the sciNote team and sharing their detailed feedback about the user experience and the improvements they would like to see in sciNote.

If you are one of them reading this, we would like to thank you.

 

By Tea Pavlek, MSc

To create your free account in sciNote, follow this link: Sign Up

Leave us a comment:

4 Comments Published

by Paul , post on 17 August 2017 |

where is the source code?

by Tea Pavlek , post on 1 September 2017 |

Hi Paul,

source code is available on GitHub: https://github.com/biosistemika/scinote-web

Summary of sciNote’s technical specifications is also available here (it is accessible via our support page in the main menu above): https://scinote.net/technical-specifications/

I hope this helps,
Tea from sciNote

by Nick , post on 5 December 2017 |

Is scinote HIPAA compliant?

by Tea Pavlek , post on 6 December 2017 |

Dear Nick,

yes, sciNote electronic lab notebook (ELN) can contribute to your company’s HIPAA compliance.

In accordance with HIPAA, most important features that an ELN should provide are:

1. Detailed and automated audit trails i.e. activity logs of all users which means that all user’s actions are automatically recorded with date and time when each action was performed.

2. Strictly defined roles and permissions of each user within the software that determine who has the authority to see which information and process it further.

3. Accessibility of data which means that healthcare professionals authorized to access certain data at certain times need to be able to do so. Here, the compatibility of the ELN with different electronic devices used in the hospital for example can be an important advantage, but also additional security and privacy precautions need to be addressed accordingly

4. Powerful data encryption (check out the HITECH Act for more information on the privacy and security concerns associated with the electronic transmission of health information)

5. Data safety and regular backups to prevent valuable data loss

We cover all of this. If you would like to read more, here is another article we published on sciNote blog, it can give you more information on HIPAA and Electronic Lab Notebooks: https://scinote.net/blog/hipaa-compliance-electronic-lab-notebooks/

Otherwise, would you like to talk to our scientific team (short online meeting) and discuss it all? We’d be glad to meet you and answer all questions you might have.

Have a great day,
Tea from sciNote