Much of the technology that underpins everyday life runs on “open-source” software. Unlike proprietary programs, open-source code is free for anyone to use, study and improve. While this model drives innovation, it also carries a hidden risk: many of these critical tools are maintained by a single individual.
Take ‘fast-glob’, a file-search utility widely adopted across the tech industry. Security firm Hunted Labs revealed that the program appears in thousands of software packages, including over 30 used by the US Department of Defense. It is downloaded around 75 million times each week, underscoring how deeply embedded it is in global systems.
The project is run by one man: Denis Malinochkin, better known online as mrmInc. Based in Moscow, Malinochkin previously worked at Yandex, a Russian tech company sometimes linked with government surveillance. However, there is no evidence of wrongdoing. Malinochkin has stressed that he built ‘fast-glob’ independently, long before joining Yandex, and its open-source nature means anyone can audit the code.
The reliance on individuals like Malinochkin is far from unusual. Anchore security expert Josh Bressers notes that more than half of open-source projects are managed by just one developer. In practice, this means essential systems powering governments, banks and businesses often depend on the unpaid, sometimes overstretched work of lone programmers.
“The biggest risk isn’t where the coder lives—it’s that almost all open source is literally one person,” Bressers wrote in a blog post cited by Cybernews. This concentration of responsibility increases vulnerability. If a lone maintainer is pressured by authorities, makes a mistake or simply stops maintaining the project, the consequences can cascade through critical infrastructure.
Experts argue that reducing this risk requires more trusted contributors. Hunted Labs recommends that maintainers of projects like ‘fast-glob’ invite additional developers with strong community ties and transparent backgrounds. In some cases, organisations may prefer to switch to alternatives with larger teams or fork existing projects to build safer versions. The US Department of Defense, for example, already mandates extra scrutiny of the open-source tools it uses, particularly when their maintainers are based in countries with different security standards.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
