Abstract
A question that often arises in the post-quantum conversation, is around the use of open source projects for cryptographic libraries. There’s little doubt that open source can be incredibly powerful; it’s free to use, and it leverages the input of hundreds, if not thousands of contributors to solve real-world problems. Code can be accessed, used, easily modified, and, in many cases, easily distributed. But could an open source project be a viable solution for post-quantum cryptography? Is there a choice to be made between open source, and commercially licensed software?
In this article, we’ll explore some of the key considerations to be made when it comes to the comparison of open source with commercially-licensed IP. Clearly there’s a place for both, but there’s often a choice, and it’s useful to examine some of the reasons why those choices might be made.
