Why Companies Should Contribute to Open Source – and How to Do It

Contributing to open source software is beneficial to a business, its developers, and the open source software (OSS) packages they rely on. By giving back, a company can be confident the foundational technologies for their business are secure and reduce the tech debt by relying on publicly-maintained versions.

Contributions also build a relationship with the communities that your business depends on and reduces the likelihood of disgruntled maintainers. Developers contributing to these open source packages gain a deeper understanding of the thinking and technology underpinning their applications.

Open source is how software happens

It’s old news that software is eating the world and OSS is no longer theoretical or conceptual. On average, they make up 85% of a modern application. Your company is using it, your teams are using it, and you can’t make competitive software without it. OSS was initially created for the public good but has provided immeasurable value to business.

Unfortunately, few have contributed back to the communities that develop key pieces of their infrastructure.

Ongoing Help Needed from their Biggest Users

Open source software isn’t self-maintaining – to keep up with bugs and security vulnerabilities open source packages need time and attention to stay alive. Many crucial open source packages are maintained by a small number of unpaid volunteers who contribute in their spare time. 

But what if these maintainers step away or move on to other projects? This uncertainty means risk: popular packages can become a single failure point of failure for your entire build process. They become tempting targets for bad actors looking to exploit the unregulated nature of the open source community.

It’s therefore vital for the industry to recognize open source participation as a crucial part of maintaining your software infrastructure, not just recruiting and public relations tools.

Our Involvement

The (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Matt Freeland. Read the original post at:

Secure Guardrails