Fact vs. Fiction: Why We're Committed to Supporting PDFium

From the desk of Jonathan Rhyne, Co-Founder and CEO of PSPDFKit

In the first article of our Fact vs. Fiction series, I covered some of the most common myths surrounding the security of open source technology and shared all the reasons why PSPDFKit trusts and uses PDFium for PDF rendering. Today, I’ll take it a step further.

Purpose and Intended Audience

As with my previous article, this is aimed at decision makers who work for companies that are in the process of choosing a trusted technology partner for PDF processing, manipulation, and rendering. Whether you have a custom web, desktop, or mobile application, we understand that managers and decision makers need to be well-informed and equipped with all the facts to make such an important decision.

So I’m now going to address how and why PSPDFKit is committed to supporting the open source PDFium project. Google, Microsoft, Dropbox, and PSPDFKit are all contributors to PDFium, and that’s not going to change anytime soon. So let’s take a look at a big myth regarding open source and PDFium.

Myth — Open Source Technology Is Impossible to Support and Maintain

In conversations with people in this industry, we’ve heard rumors circulating that some organizations are claiming “open source technology is impossible to support and maintain.” This also infers that since PSPDFKit uses and leverages open source technology, we can’t properly protect our customers from malicious code or vulnerabilities.

This is simply not the case, so let me explain the “how” and the “why.”

Fact #1 — The Most Successful Open Source Projects Worldwide Are Maintained by a Team of Organizations

The strength of any open source project lies within its community. Full stop.

Now, I want to bring to your attention two well-known examples to analyze the criteria of what makes a successful open source project. And in fact, one of the projects leverages the other project.

Of course, I’m talking about Android OS and the Linux kernel. Here are some facts and figures to digest:

Android OS

• Most commonly used in smartphones and tablet devices.

• Commands a global market share of 75 percent of the mobile device market.

• Has 2.8 billion active users.

• Corporate contributors include Google, Intel, Samsung, IBM, and Sony.

The Linux Kernel

• Most commonly used within Android devices, cloud servers, supercomputers, network routers, and automobiles.

• Commands a global market share of 100 percent of the supercomputer device market.

• Commands a global market share of 75 percent of the mobile device market (thanks to Android OS).

• Commands a global market share of 50 percent of the automotive market.

• Has more active users than Android OS.

• Corporate contributors include Google, Intel, Samsung, and IBM.

So whether you’re checking your email, using your phone for social media, or simply driving a car, there’s an extremely high probability that you’re interacting with a device that runs Android or Linux.

Now, I can name countless other examples, but as you can see from both cases above, these massively successful open source projects are maintained by a group of companies that have a combined stake in the success of the project.

In fact, I challenge you: Can you think of any successful open source project that’s dominated and controlled by the decisions of a single company?

Figure 1 - PDFium Is Used inside Countless Web Browsers, Android Devices, and PSPDFKit

Fact #2 — PSPDFKit Is an Active Supporter of the Open Source PDFium Project

Now, just like the Android OS and the Linux kernel, PDFium is a widely successful open source project used by billions of consumers worldwide. PDFium has reached ubiquity due to the multiple companies and the passionate developers (us included!) who support it.

For years, PSPDFKit has been an active supporter of PDFium by contributing source code to improve the stability and performance of the platform, and of course, by embedding it into PSPDFKit’s SDKs for developers.

You’ve seen the statistics for Android and Linux, so now let’s look at the stats for PDFium:

PDFium

• The most widely used PDF rendering library worldwide.

• Used as the PDF renderer in Android OS.

• Used as the PDF renderer in the Chrome and MS Edge web browsers.

• Used as the PDF renderer for Dropbox.

• Used as the PDF renderer in PSPDFKit (and for all our happy customers).

• Has more active users than Android OS.

• Corporate contributors include Google, Microsoft, Dropbox, and PSPDFKit.

Quite impressive! Over the past few years, our code contributions to PDFium have been peer reviewed, battle tested, and vetted by some of the largest companies in the industry. Did you know that even Google lists PDFium on its Security Brag Sheet for its web browser engine? This is how open source is done by professionals.

Conclusion

Anyone trying to convince you that open source projects can’t be maintained is lying to you. In fact, the model followed by the most widely used and successful open source projects is to team up with other organizations who all have a combined interest in seeing the product be safe and successful. So let me repeat myself: This is how open source is done by professionals, because anything else is amateurish.

Sources

• Android’s global market shares

• Samsung is one of Android’s main contributors

• Sony’s contribution to Android and the Linux kernel

• Intel’s contribution to Android and the Linux kernel

• IBM’s contribution to Android and the Linux kernel

• Linux is used by 100 percent of the world’s supercomputers

• Linux is used by 50 percent of the automotive market

• Google Chromium Security Brag Sheet