Ask HN: Should I make a project open-source being a non-expert developer?
I'm going to start a project developing an app for a charity organization for free. I'm currently studying computer engineering and I doesn't consider me as a professional developer right now. I would like to make the project open source, but I aware that maybe I could make a security mistake and put the private data of the organization at risk. It would be easiest to find security vulnerabilities if my app is open source. What do you think about it?
6 comments
[ 3.5 ms ] story [ 21.9 ms ] threadA good solution is to use an existing service with strong data protections to hold your actual content and then build your service to use authentication tokens with that service. There are lots of options depending on what kind of data you need to store, like Digital Ocean for a SQL instance or Firebase for JSON.
The situation you are in is common. Someone wants work without having an adequate budget. In this case $0. Sure you might work for free. But a busy security professional that could do an audit probably won't.
Making the project open source doesn't mean you will get any help for free. Sure you might. But there are countless open source projects and you are the only programmer who is currently interested in this one. Making it open source isn't going to make anyone else more interested. There isn't an unmet need for projects with non-paying work.
If the app is important to the charity organization, it's fund raisers can raise funds from the usual sources for doing it at a level coming closer to doing it right.
Good luck.
That's not the main purpose. Make the project open source will help me in a future job application. In my country (Spain), companys value more your personal projects than whatever you made in your four years of college.
The app will be part of my final college project so, badly or well I will have to do it. However, the app may not be used by the organization, but I want to produce an useful app in case they want to use it.
Thanks!
- [0]: https://owasp.org/