Open source software is software released under a published license that lets users inspect, modify, and redistribute the source code. In cyber security, that transparency matters because defenders can review how a tool works, spot weaknesses faster, and adapt code to local security needs instead of waiting for a vendor.
Open source also appears in attacks and defenses as part of the software supply chain. Attackers may target popular libraries, packages, or build tools because one compromise can spread widely. Defenders use the same ecosystem for hardened distributions, rapid patching, code auditing, and reproducible builds. The key risk is that visibility does not guarantee security: an unmaintained project can leave critical bugs exposed if no one is responsible for updates and long-term support.