The Problem With Open Source

Open Source software has been on my mind a lot the last few weeks with regards to a problem that exists within the community.

The world is built on the shoulders of Open Source software. If you look at any tech startup out there,  they are more public code than proprietary. We leverage open source as a starting point for new ventures and new innovation.  Even large companies – the Googles and Facebooks of the world would not run without that foundation of open source code.

The reliance on Open Source inflates the risks. Bugs in open source come at huge costs due to the amount of shared code by everybody. The direct costs of a bug or security vulnerability could be massive.  For example, the estimated cost to fix the Heartbleed vulnerability in OpenSSL was $500,000,000. There are indirect costs as well, relying on goodwill of volunteers means you can’t have the best people work on the hardest problems.

Yet, despite the critical nature of this code the vast majority of work on open source goes unpaid.  Most projects are started out of personal interest – an often fleeting commitment. There is little accountability and in fact as has happened time and time again these developers burnout and abandon popular projects.  Were you to do ‘due diligence’ on any of these projects you would find that 30% of the top 133 projects on Github are maintained by a single person, that the next 34% have only 2 contributors.  These are at risk of being abandoned quietly or at short notice.  Key pieces of supporting infrastructure such as package management services need to be up, but are maintained by people who need to book vacation days from their paying jobs to do so.

Github was launched in 2008 and with it, a new wave of open source developers started to dip their toes into it.  These open source boomers are becoming more senior, they are realising the value of the code they write, and they are starting families that vie for their time and attention. For many of these developers burnout is real and they increasingly need to justify their continued involvement.  If we ignore this problem the code we all rely on for a functioning internet could be abandoned.

It is a growing problem for which something must be done.