Open source won. Now what?
As pivotal open source projects enter middle age, what's needed to ensure continued growth?
2023 sees a number of Open Source Software anniversaries being celebrated. The GNU Project was founded forty years ago, in September 1983, in reaction to a printer company restricting access to its software. The software lacked functionality to notify users when their jobs were complete and alerts that the printer had a fault. The ability to add these features was restricted by the proprietary nature of the software, prohibiting access to modify or amend it. The GNU project created a free operating system that users could deploy for their own needs, rather than following what proprietary software companies would provide.
We can also celebrate the creation of the Debian Project in August 1993. This new operating system (named after its founder, the late Ian Murdock and his then girlfriend Deb) followed in the footsteps of GNU and Linux, and spawned many other operating systems including Ubuntu whose commercial sponsor Canonical is based in London. Today, the Debian operating system is used by hundreds of thousands of organisations worldwide, and its spin off operating systems are used in many more.
1993 saw the launch of Mosaic which, as well as becoming the most popular web browser for those on the early Internet, provided the template for how we navigate the web today. FreeBSD also launched in 1993, based on the Berkeley Software Distribution of Unix and created to help the community of users update and release faster. Since then, FreeBSD has gone on to support multiple OS distributions and appears in everything from cloud services and video streaming through to games consoles, still being very popular today.
Alongside these software projects and Operating Systems, CERN released its web server software in April 1993. By making the source code of the World Wide Web available on a royalty-free basis and as free software, this helped popularise the use of websites and pave the way for the rich Internet experience we have today.
Following on from this, we have the anniversary of the first question to mention open source software in the UK parliament. This took place in June 2003 and covered the moves that the UK government was taking around the role of open source software and how it could be used, so that government departments could be more confident in using this form of software.
Supporting open source today
Today, open source is everywhere, but we still need to do more work on how open source is consumed and supported. The 2021 security vulnerability in Apache Log4J demonstrated how use of open source software components has spread far and wide and at an unthinkable pace. It also emphasised lack of understanding in good hygiene and practices in the use of open source and shows that support for these kinds of projects has not kept up with the scale of demand. Critical projects are on occasion still dependent on small teams of contributors and maintainers to stay up to date.
Governments globally have responded with a sharp focus on software security and resilience. In the US, tools like software bills of materials (SBOMs) are now mandated for federal software projects through a White House Executive Order, with the goal being to identify and track all the components of the software supply chain over time. Standards around SBOMs and software are available to help in this process and make it easier for everyone to adopt.
See also: All about SBOMs: the latest moves to secure the software supply chain
However, this does not address the full landscape of needs to be met. It also fails to touch on the fundamental challenges that exist around the future of open source.
Projects need more support. We can't continue to rely on those small groups of contributors that run open source projects to manage everything. The code is shared free, without liability and they are not obligated to make it work in particular use cases, etc. This software is freely available and it comes without any warranty or liability.
At the same time, open source software has become critical to enterprises and public sector infrastructure. It is the base for much of our digitalised world. Individuals and groups of businesses may create projects that attain ubiquity, yet there may be vast differences in the resources available in terms of both skills, labour resources and finances.
Who has to be involved?
As a critical part of our digitalised infrastructure today, open source software and its creators and maintainers, must be supported effectively. This is fair and equitable, but also selfish, as it stops issues developing and affecting digital services. Fixing security issues and ensuring that updates are pushed out upstream and downstream requires time and resources.
This is only a part of the bigger picture. We must now build awareness of what goes on around open source and its ecosystem. This means highlighting the role that communities play covering non-code areas like documentation and support, and encouraging more people to get involved. It also involves looking at how to build successful businesses around open source. This is something that the UK is actually very good at, yet our startups have not scaled in the way they ought to. Supporting these companies while they remain in the UK, rather than having to move to attract funding or find buyers, requires us to provide better support and to develop skills.
Lastly, we have to build understanding of what the future looks like for the world with and without open source. Today the ability to reuse and recycle code, to collaborate and share, is fundamental to innovation. To get the best out of open source we have to provide the right support to creators.
Open source software provides us with a digital public good. It must be nurtured and this can only be done with international collaboration around the evolution of policies for its use, including security and resiliency.
The UK government has supported the use of open source to deliver public services and make digital implementations more efficient for decades. However, the same questions that were asked in 2003 are relevant today. Putting open source in place involves more than just using the projects to scratch technical itches, but adopting a community mindset to help everyone benefit faster. This involves developing the necessary skills to not only implement and manage the code itself, but also to contribute back with both resources and funds.
The UK's technology community plays a leading role in areas like Kubernetes, cloud-native and security developments, and those efforts can go hand in hand with economic success. These developments can be exported and shared internationally. However, we have to have the right strategies and understanding in place to make that happen.
These issues will be discussed at the first annual State of Open Con in February. I hope you can join to be part of that discussion on the future of Open Source Software, and how to support that future confidence in the technical, policy and security strategies that are built around open source. This is necessary if the UK is to be the next Silicon Valley.
Amanda Brock is CEO of OpenUK