How to Protect Digital Economy on Open Source – Guide
Although most people don’t realize it, much of the technology we rely on every day runs on free and open source software (FOSS). Phones, cars, planes, and even many cutting-edge artificial intelligence programs use open source software such as the Linux kernel operating system, the Apache and Nginx web servers, which run over 60% of the world’s websites, and Kubernetes , which powers the Informatics cloud. The sustainability, stability and security of these software packages is a major concern for all companies that use them (which is essentially all companies). But unlike traditional closed-source software, which companies build and sell internally, FOSS is developed by an unknown army of normally unpaid developers and is usually distributed for free. In recent years, we’ve seen an increase in the active role of corporations in open source software, whether it’s assigning employees to contribute to existing open source projects or making their own code available to allow the community to use it and to help maintain it. As companies made FOSS part of their business model, they also acquired important FOSS producers. Two years ago, IBM bought Red Hat, one of the most successful companies built around FOSS for $34 billion. A year earlier, other tech giants paid billions to acquire a stake in FOSS, notably Microsoft (bought GitHub for $7.5 billion) and Salesforce.com (bought MuleSoft for $6.5 billion).
In relation to the discoveries
The biggest question related to increased corporate involvement with FOSS is whether it will negatively affect the future health and well-being of the FOSS ecosystem. Will the developers who make the software we all trust no longer participate in a system driven less by community spirit and more by profit? Will companies focus only on profitable FOSS while ignoring other critical parts of the infrastructure that society depends on? Will it be more difficult to keep this software secure? If more of the work on FOSS is done by individual companies, will there be fewer eyes looking for potential bugs and vulnerabilities? If the answer to any of these questions is yes, that bodes ill for the future of open source software. Preliminary results from our census reveal two worrying trends that could make FOSS more vulnerable to security breaches. First, we found that many of the most widely used FOSS packages in commercial software are held under the accounts of individual developers (rather than broader communities), compromising not only security but reliability as well. An individual may take a new job, decide to retire, or – luck forbid – get hit by the proverbial bus and be unable to sustain the project. Individual accounts may also lack sufficient safeguards to prevent potentially dangerous hacker attacks. Second, we’ve found that many companies are using outdated versions of open-source programs—a disturbing, if not necessarily surprising, finding. if you don’t stay up so far with updates, the software is more likely to contain known bugs and security vulnerabilities. Both trends show that security is often an afterthought. The survey results also showed that employee motivation can lead companies to use non-traditional incentives. Although more and more contributors are sponsored by companies, the main motivator for these contributors is not money. This means that traditional corporate levers to encourage behavior may not work and more intrinsic motivations may be needed, including a passion for learning, a sense of belonging to FOSS communities and the professional identities of programmers. Therefore, companies, organizations or governments that want to improve FOSS security should focus on addressing these intrinsic motivations rather than just paying employees to work on security. Alternatively, companies can pay for hit men to work specifically on security issues. Regardless, our research shows that contributors are unlikely to voluntarily address security vulnerabilities.
How companies can help
No one, especially us, is suggesting that we need to go back to the early days of FOSS, when it was largely a voluntary effort by like-minded individuals. But we recommend that large companies like companies and governments – they are increasingly sponsoring FOSS, both direct and indirect – to understand the impact they have on the future of the FOSS ecosystem and follow some guiding principles. First, the objective of companies and countries must be to find the right balance: to ensure that FOSS continues to grow without eradicating the community spirit that underpinned the motivations to contribute. This means that companies must have a clear policy regarding open source (preferably one that encourages employees to contribute to FOSS, if possible). Our survey found that many employees do not have a clear understanding of their company’s FOSS policies, which makes them hesitant to openly use and contribute to FOSS projects. In addition, they can proactively support these projects to ensure your future health. Second, companies that use FOSS (which essentially all companies use, whether they know it or not) need to raise awareness of the FOSS they use. A recent presidential executive order requires that a software bill of materials (SBOM) be provided for every product purchased by the government so that it knows what FOSS (and proprietary software) is included in the product and can therefore be aware of potential vulnerabilities that They emerge . This is an important example that all companies should consider following. This would allow companies to better understand their reliance on the FOSS community, provide greater transparency and let them know when they are susceptible to newly discovered vulnerabilities. Third, as companies continue to contribute to FOSS, we recommend that they keep in mind the stability of the software they use, that they encourage their employees’ contributions to focus on both. features who are helpful to the company in terms of overall safety and maintenance, and continuing to realize that the volunteer community behind these projects is critical and must be protected. In this way, they don’t just benefit from the new features they add, but they also ensure the future health and well-being of the FOSS on which they depend. Free and open source software is an essential cog in the economy, as are highways, the electricity grid or the communication network. Given how much we already know about these critical infrastructure systems, doesn’t it make sense to learn so much about their systems – equivalent to the NS century? With the number of stakeholders involved in the FOSS ecosystem, it is difficult for a single actor to solve all the issues. Therefore, it is likely that an effort by multiple parties, including businesses, government organizations and individual taxpayers, will be needed to ensure the security and vitality of the FOSS ecosystem in the future. First, however, it is necessary to understand the extent of the problem. We believe our efforts are one of the first steps in this direction. From the news hbr.org
Final note
I hope you like the guide How to Protect Digital Economy on Open Source. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.
