Nutrient.io
Why PDFium Remains the Most Trusted PDF Rendering Platform— Debunking the Myths

Why PDFium Remains the Most Trusted PDF Rendering Platform— Debunking the Myths

Zubin Ajmera's photo
Zubin Ajmera
·

6 min read

Table of contents

In recent years, myths about the security of open source technology, including PDFium, have circulated.

To clarify these misconceptions, today’s focus is on PDFium, a popular open source PDF rendering platform.

About PDFium

PDFium is a powerful and liberally licensed library designed for PDF rendering, inspection, manipulation, and creation. It’s widely used in various applications, including web browsers, document viewers, and editors.

It provides a comprehensive set of functions for working with PDF files, such as rendering pages and extracting text and images. Its versatility and robust feature set make it a great library for developers working with PDF files.

Purpose and intended audience

This article targets decision makers who are choosing a reliable PDF processing technology. Whether you’re developing a web, desktop, or mobile app, understanding the true capabilities of PDFium is crucial.

I’ll analyze some of the myths and misconceptions regarding the security of open source, as well as the open source technology used and trusted by literally billions of people (no, that’s not a typo) around the world.

My goal is to help you, the reader, come to your own conclusions about what really is fact versus what is fiction.

Myth #1 — Open source technology is insecure because the source code is open to the public

Have you ever heard anyone say: “Open source technology is insecure because all the source code is completely open to the public?”

Unfortunately, this is one of the biggest myths regarding open source technology, and it’s typically used by companies who’d rather spend their resources attacking their competition as opposed to innovating or contributing to a community.

So let’s analyze this argument a bit further.

Fact #1 — You’re probably already using open source technology and you don’t even know it

Just take a look at the latest statistics in Figure 1 below from the independent market research site statcounter.com regarding the global usage of web browsers.

Web browser market share statistics

Figure 1 — Browser market share worldwide (June 2022)

As you can see, Google Chrome dominates the market with a whopping 65 percent of the global market share. And when you add up all the statistics for the top four browsers (Chrome, Safari, Edge, and Firefox), you see that all the major browsers command a combined total of more than 91 percent of the global market.

And in case you were unaware, all of those web browsers are either fully open sourced, or they embed open source technology.

So now think about this conclusion personally: If you use Google Chrome, Apple Safari, Microsoft Edge, or Mozilla Firefox, you’re already using open source technology. That’s a fact.

Another major thing to consider: If your company (or business) standardizes on any of the web browsers above, then they’re standardizing on tools that are (or embed) open source technology.

Now take a look at Figure 2 below, illustrating how many people worldwide use open source web browsers, to see how ubiquitous and pervasive open source software is.

Open source web browser statistics

Figure 2 — Infographic: Worldwide usage of open source web browsers (June 2022)

At Nutrient, we adopted the use of the open source platform PDFium within our tools and APIs for developers. And with that, let’s address another myth.

Myth #2 — PDFium is an insecure PDF rendering engine

Now, without getting into the technical details of the various PDF specifications and how PDF toolkits (such as Nutrient) work, understand that PDF tools and toolkits are typically split into two parts.

One part reads and processes the text and binary information encapsulated inside a PDF document (this part is typically called the PDF parser). The other part is responsible for taking the parsed information (text, images, etc.) inside the PDF document and visualizing it for the user (this part is called the PDF renderer).

PDF parsers and PDF renderers illustration

Figure 3 — The architecture for PDF tools such as Nutrient is split into two parts: PDF parsers and PDF renderers

Now, although we evidently demonstrated the widespread and ubiquitous use of open source technology, some may argue that, in particular, the open source PDF renderer PDFium is inherently insecure. So, again, let’s look at the facts.

Fact #2 — Major companies contribute to or use PDFium

I love arguing this point because I can let the facts speak for themselves. Guess what Google, Microsoft, Amazon, Dropbox, and (yes) Nutrient all have in common?

All of us are either contributors to the publicly available PDFium open source project, and/or we directly embed PDFium in the products we create for our end users. That’s a fact.

  • Google uses PDFium inside Chrome (the most widely used browser in the world).

  • Microsoft uses PDFium inside Edge (the default web browser in Windows 10 and 11).

  • Amazon uses PDFium inside Amazon Echo and Fire TV products.

  • Dropbox uses PDFium inside its client tools to preview files.

PDFium community

Figure 4 — Nutrient participates in a community of users and contributors to the open source PDFium project, alongside Google, Microsoft, Amazon, and Dropbox

Fact #3 — PDFium is an active and well-maintained open source project

As an active member of this vibrant and evolving community, Nutrient is passionate about and dedicated to the success, stability, and security of the open source PDFium project, which is continuously maintained and improved with new features that are channeled back to our customers.

Have you ever heard the phrase, “If you want to go FAST, then go alone, but if you want to go FAR, then go together?”

This is the mindset I instill in every employee at Nutrient, and it’s why we participate in the community of PDFium users and contributors. In this community, each company has its own business case and reasoning for embedding PDFium within individual platforms, however, we’re jointly committed to the success of the project.

Conclusion

Hope this helps to get a good understanding of the common myths and why PDFium is a reliable pdf rendering platform you can trust.

FAQ

Here are a few frequently asked questions about PDFium

What makes PDFium a trusted platform for PDF rendering?
PDFium’s trustworthiness stems from its open source nature, contributions from major tech companies, and its integration in widely used products like Google Chrome and Microsoft Edge.
How does open source technology contribute to the security of PDFium?
Open source technology allows a global community of developers to continuously audit and enhance PDFium, ensuring vulnerabilities are quickly addressed and security is maintained.
What is the role of PDFium in popular web browsers?
PDFium powers the PDF rendering capabilities in browsers like Google Chrome and Microsoft Edge, providing reliable and efficient document handling.
Why is PDFium considered a well-maintained open source project?
PDFium is actively maintained by a broad community, including major corporations, which contributes to its stability, security, and ongoing feature improvements.
How does Nutrient utilize PDFium in its products?
Nutrient integrates PDFium to offer advanced PDF rendering and manipulation features, benefiting from PDFium’s reliability and ongoing development.

Sources

Whenever you're ready, I'm here to help. We've specific PDF SDK solutions that could be helpful to your applications, requirements, and use-case. If PDFs are core to your apps, explore how it could fit into your workflow. (Trusted by thousands of developers in companies like Dropbox, IBM, Disney, and more).

pdfDocument ProcessingRenderingPDF generation