How to Protect Digital Economy on Open Source – Guide

Many of the technologies we use daily are powered by free and open source software (FOSS). From phones to cars, planes and AI, FOSS such as Linux kernel, Apache and Nginx web servers (which run over 60% of websites) and Kubernetes (which powers cloud computing) are essential. But unlike traditional closed-source software, FOSS is developed by unpaid developers and distributed for free - raising questions about sustainability, stability and security.

Corporations have been increasingly taking an active role in open source software, from assigning employees to contribute to existing projects to making their own code available. This trend has seen tech giants such as IBM, Microsoft and Salesforce.com spending billions of dollars on acquisitions of FOSS producers, with IBM’s purchase of Red Hat for $34 billion being the most notable example.

In relation to the discoveries

The future of FOSS is uncertain as corporate involvement increases. Will developers be driven away by profit-driven motives? Will companies prioritize profitable projects over critical infrastructure? Could security suffer with fewer eyes on the code? If any of these questions are answered in the affirmative, it could spell trouble for open source software.

Our census reveals two worrying trends that could make FOSS more vulnerable to security breaches: many widely used packages are held under individual accounts, and many companies are using outdated versions. This suggests security is often an afterthought, leaving FOSS open to potential hacker attacks and known bugs.

A survey revealed that traditional corporate incentives may not be enough to motivate employees to address security vulnerabilities in free and open source software (FOSS). Instead, intrinsic motivations such as a passion for learning, a sense of belonging to FOSS communities and the professional identities of programmers should be prioritized. Companies, organizations or governments wanting to improve FOSS security should focus on these intrinsic motivators rather than just paying employees. Alternatively, they can pay for hit men specifically dedicated to security issues. However, our research indicates that contributors are unlikely to voluntarily address security vulnerabilities without additional motivation.

How companies can help

Large companies and governments should be aware of the influence they have on the future of free and open-source software (FOSS) and adhere to certain principles, despite not needing to return to the days when FOSS was mainly a volunteer effort.

Our survey revealed that many employees lack a clear understanding of their company’s FOSS policies, making them hesitant to use and contribute to open source projects. Companies must find the right balance between encouraging FOSS growth and preserving the community spirit that motivates contributions. To do this, they should have a policy in place that encourages employees to contribute, if possible. Additionally, companies should proactively support these projects for their own future health.

All companies should be aware of the FOSS they use and create a software bill of materials (SBOM) to provide transparency and protect against potential vulnerabilities. This is especially important for those doing business with the government, as an executive order requires an SBOM for all products purchased. Companies should take this example to heart and ensure they are adequately informed about their reliance on FOSS.

Companies should prioritize the stability of FOSS software they use, and encourage their employees to contribute features that benefit the company’s safety and maintenance. This will not only help them gain from new features, but also ensure the long-term success of FOSS projects.

Free and open source software (FOSS) is a critical part of the economy, akin to highways, electricity grids and communication networks. To ensure its security and vitality in the future, it is essential to understand the extent of the issues facing FOSS. This requires an effort from multiple stakeholders – businesses, government organizations and individual taxpayers – working together. Our efforts are one of the first steps in this direction.

A new study has found that employees who are given more autonomy in their work tend to be more productive and satisfied with their jobs. Employees who have greater control over their work are more productive and content, according to a recent study. The research revealed that those with increased autonomy experienced higher job satisfaction and better performance.

Final note

The guide “How to Protect Digital Economy on Open Source” is now available. If you have any questions, please reach out to us. Help spread the word by sharing it with your friends.