12 Ways Companies Can Ensure Open-Source Tools Are Safe And Sustainable
Open-source software has become an essential part of many companies’ technology stacks. Free to use and open to anyone to improve and enhance, there’s open-source software available with capabilities that rival those of top-selling office software packages. Open-source software is a cost-effective, ready-made solution for many businesses that might not otherwise be able to afford expensive technology tools.
However, there have been several articles in recent months on growing burnout among open-source developers—an issue that’s hardly surprising given that many open-source teams find themselves seeing far more issue tickets than user donations. Businesses that rely on open-source software need to carefully assess their choices and do their part to support the system if they want it to survive. Below, 12 members of Forbes Technology Council share practical ways businesses that rely heavily on open-source tech can ensure the tools they work with are safe and sustainable.
Treat Open-Source Tech Like A Home-Grown Application
There are numerous well-documented advantages to leveraging open-source technology, but it’s imperative to trust the developers and community and make security a priority. Treat open-source tech much like you would a home-grown application by maintaining rigorous testing and comprehensive vulnerability scanning, and when appropriate, feed those results back into the tech’s open source community. – Neil Lampton, TIAG
Carefully Investigate Solutions You’re Considering
Open-source software undoubtedly provides incredible value to today’s enterprises, but it also comes with its fair share of challenges. The best approach is to investigate the open-stack solution comprehensively. Does this technology have a strong community ecosystem that will ensure its longevity, or is the support already strained? Answering that question is a critical first step in adopting open-source. – Marc Fischer,Dogtown Media LLC
Look For Large, Active Communities
One approach to reducing the risk of open-source technologies is to adopt those that have a large and active community. A vibrant community ensures that there is still interest and belief in the technology and an ongoing focus on resolving critical issues of security and industry changes. In addition, having a large community ensures that there is urgency around solving problems. – Osborn Gomes, Astor & Sanders Corporation
Maintain An Inventory Of Open-Source Components
Maintain an inventory of critical open-source components, such as libraries and software, upon which your operations depend. Set up processes for updating that inventory and consistently validating the state of these dependencies. Plan for quick remediation, and know the alternatives if a project experiences acute issues with bugs or vulnerabilities or if it is abandoned. – Kris Beevers, NS1
Provide A Fixed Amount of Financial Support
A company that relies on them needs to provide financial support to open-source projects—setting aside a budget per employee is a great idea. A resource allowance is also key so company engineers are given time to contribute to these projects during work hours. Support for open-source projects also needs to include compensation for non-coding tasks such as documentation, project triage, regional event participation or organizational commitments. – Ivan Burazin, Infobip
‘Adopt’ A Project And Share Resources
Businesses can “adopt” an open-source project and provide financial and/or developer resources to help the project make progress. Also, open-source projects often lack documentation that matches the quality of their code, so businesses can lend tech writing help too. – Venky Balasubramanian, Plivo
Perform Regular Software Composition Analysis
Recent vulnerabilities in open-source software, such as Apache Log4j, illustrate why it’s critical to continuously perform software composition analysis to detect open-source components that contain security flaws. A software bill of materials that lists security vulnerabilities associated with open-source code can be used to remediate problems before they can be exploited by attackers. – Vince Arneja, GrammaTech
Ask Your Developers Which Projects They’d Like To Support
Business leaders should be asking their developers for input on which open-source projects they want to support and then providing them with time to contribute to these projects during work hours. This will help the open-source tools be more sustainable and also help you avoid involuntary overtime and stress for your developers. – Bernadette Nixon,Algolia
Hold ‘Open Source’ Or ‘Hack’ Days
Businesses should try to give back, especially if a lot of their work is based on open-source technologies. Many businesses now dedicate “open source” or “hack” days where this kind of activity is specifically encouraged, relieving the burden on the original open-source developer and creating a healthy intellectual environment for their own developers. – Alexander Hill, Senseye
Analyze The Tech From Two Standpoints
A good rule of thumb is to analyze open-source tech from two standpoints: social and technical. At a social level, make sure the repository you use for a project is popular and has a big community around it. At a technical level, conduct an audit of the chosen solution. Since there’s access to the source code, your IT department can check whether it’s safe and effective. – Slava Podmurnyi, Visartech Inc.
Consider Hiring The Project’s Maintainers
Open-source projects are the backbone of the Web. If your organization relies heavily on a particular piece of open-source software, hiring some of the project’s maintainers is a great way to ensure its continued viability, support the community and protect your business interests. An ancillary benefit of hiring these developers: They are often among your company’s strongest brand evangelists. – Rashad Nasir, ThinkCode
Purchase A Support Contract
Many high-profile projects offer support contracts. It may seem silly to pay for one when everything is available for free, but doing so helps directly support the teams who work on them and gives them incentives to keep their projects updated. Plus, for any issues you have, there is a direct line of support. For just the price of a cup of coffee a day, you too can support an open-source project. – Luke Wallace, Bottle Rocket
Previously published on Forbes.