I’ve been doing some research into Learner Management Systems (LMS) lately, and having the kind of ideas that I do about e-Learning and web 2.0 the first place I looked toward was Moodle because it is open source (source code is freely available to developers – other examples of open source projects include Mozilla and Drupal). Because the selection process and ultimate LMS selected needs to fit the best interests of the company, Moodle is only the beginning of my search, but it has opened some heated debate about the security of open source software amongst my techie friends, and upon further research this debate only gets more heated online.
The arguments as I understand them – being an L&D person and not an IT person - for open source code (and consequently Moodle) go along the lines of:
- more people can view the code to identify security vulnerabilities in it and create fixes
- closed source code can be hacked anyway
- trojan horses can be inserted into proprietary code by maligning employees
- fixes are distributed in a more timely manner because there does not need to be a financial incentive to remove the vulnerability
- Just because someone is a paid developer does not mean they will look as closely at the software as someone who personally uses it
- etc etc
The arguments as I understand them against open source seem to go along the lines of
- vulnerabilities can be intentionally inserted into open source code
- people can be playing around with the code who don’t know what they are doing and create security risks
- a small team of expert developer eyes is better than a random team of developer eyes
- closed code makes it harder for hackers to find vulnerabilities
- open source code is not designed with security consultants like much closed course code is (Moodle has engaged a security consultant)
- etc etc
So how does this relate to Moodle from a non IT person’s perspective? Well, it does raise some concerns… but some other pretty serious organisations are using Moodle in Australia and elsewhere. Fairfax are nearing completion of their Moodle LMS, Open University in the UK uses Moodle and Moodle’s stats tell a story of success with a huge number of downloads. I had a consultant explain it to me like this – basically you can get the source code and do what you like with it, but it is where your instance of Moodle is kept that is important. This is of course trusting that the code that comes from Moodle in the first place is clean…
So, it seems that I am back where I started – Moodle *looks* good from a usability perspective.. well, ok, it looks absolutely great- and cheap (even with the ongoing support costs) – and functional. I believe this is because it has been designed by educators for educators. But I really need our IT department to take a close look as ultimately, the open source issue is their decision to make. When I create learning programs for them they give me guidance without telling me how to do my job, so the best thing I can do for my company and IT department is gather as much information as I can about Moodle, tell them what we want to do and let them make the decision as to whether Moodle’s open source code is a path suitable for us.
Filed under: e-Learning | Tagged: LMS, moodle, open source, security
Moodle being designed by educators for educators is a myth. There’s not an educator in the decision making process at moodle HQ. Debating moodle security is a very valuable task for anyone considering adopting it at their LMS. You won’t find that kind of debate at moodle.org, but you will find some interesting topics posts on this subject at http://www.moodleus.org
thanks for that informatioon Steve – I have been looking for some other perspectives to balance what I have been told. I do agree there are alot of Moodle evangelists out there who may be a little blinded by the light (I may even be one of them!). I don’t know too much about Moodle other than what I’ve researched so cannot comment on their current structure, but I am reasonably sure that Moodle was originally designed around a social constructivist theory by Martin Dougiamas as part of his PhD at curtin university. Dougiamas has also written other pieces in the education space http://dougiamas.com/writing/ Is Dougiamas still taking an active role at Moodle? Or a more philosophical question based on what I read on your blog. Are we making Moodle was it originally rejected (your posts about becoming too administration focussed) as it becomes more mainstream and popular?
Moodle hacked at Denver Seminary. See details at: http://www.moodleus.org/blog/?p=371
…and to your question about moodle becoming “too administration focused”…see:
http://www.moodleus.org/blog/?p=321