According to Open Logic’s 2023 Open Source Report, 80% of polled companies said their use of open source over the previous year had increased. As the corporate adoption of open source continues to increase, the space continues to grow and thrive, thanks to its large and dedicated community.
As always, new technologies and best practices in open-source software (OSS) continue to emerge and lead the community down new and exciting paths. Here’s a preview of some trends you can expect the open-source ecosystem to focus more on in 2024.
Widespread Adoption of Artificial Intelligence and Machine Learning
The software development community is on board with artificial intelligence (AI) and machine learning (ML) in 2023. A recent GitHub survey showed that 92% of developers use AI-powered coding assistants.
AI and ML tools don’t just assist coders; they’re being used to aid any task requiring learning, problem-solving, and decision-making.
AI adoption in open source is also rapidly growing and has gone completely mainstream. We’ve already seen Google using AI for image and speech recognition tasks. Facebook has also unveiled an open-source machine-learning library called PyTorch.
While AI adoption and use is one part of the story, the other is the legal and ethical issues that this adoption has brought into the spotlight. Open-source software is at the forefront of many of these debates, because most of the coding data that ML models train on are open-source projects.
This learning method brings into question intellectual property rights and licensing issues. Should the OSS creators who wrote the code used to train AI be compensated? Should it even be legal to train these tools on the work of others?
We’ve seen that AI-powered image creators and writing tools have successfully managed to avoid copyright issues. However, one class action suit was filed against GitHub, alleging their CoPilot AI tool violates numerous open-source licenses.
While the chances of resolving these issues of legality and ethics regarding the use of AI technology will take a long time to resolve, it’s hard to believe that these concerns will be able to slow the widespread interest in and adoption of AI and ML tools in open source and otherwise.
A Greater Focus on Security
According to the Synopsys 2023 Open Source Security and Risks Analysis (OSSRA) Report, 87% of the 1,700+ codebases they scanned for the report included security and operational risk assessments. The report found that 89% of the codebases contained open source code that was over four years out of date, and 91% contained components with no new development in at least two years.
With the Log4j library zero-day critical vulnerability event still fresh in the minds of all open-source creators, the OSS community is expected to continue stressing the importance of security and privacy best practices in 2024.
Open source is everywhere. The 2022 OSSRA report showed that 97% of software contains some open source. Open source made up 78% of all code reviewed for the report. More importantly, 81% of the codebases that include open-source code had at least one security vulnerability and an average of five high-risk vulnerabilities.
Open source is ubiquitous and permeates nearly every critical technology we depend on, making proper security and privacy even more vital. When networks worldwide use the same open-source code, one vulnerability could collapse innumerable systems across the globe.
However, open source’s greatest asset is also its most significant obstacle. Why invest in something that’s completely free?
According to a 2023 study by Tidelift, 60% of open-source maintainers are “unpaid hobbyists.” Just 13% describe themselves as professional maintainers who earn their living from this work.
The study also found that more than half of the maintainers polled needed to be made aware of recent security initiatives like OSSF scorecards, supply-chain levels for software architects (SLSA), and the NIST Secure Software Development Framework (SSDF).
For security and workability, a priority for the open-source community in 2024 and beyond must be finding ways to maintain popular projects better — namely, paying open-source maintainers well enough to commit to this type of work long-term.
Increased Corporate Support
Technology companies (both large and small) are becoming increasingly aware of the importance of the open-source community on their entire ecosystem. This recognition of open source’s importance is already leading to increased initiatives and sponsorships aimed at supporting open-source creators.
One of the most notable ones is GitHub’s Accelerator program, launched in April of 2023. The 10-week program provided selected open-source projects with funding and guidance.
Lisbon-based code quality platform Codacy is doing something very similar. They announced a fellowship program for open-source creators called Pioneers. Chosen projects will receive a monthly stipend for an entire year, free tooling, promotion for their projects, and mentorship for a star-studded cast of open-source experts, including Vue.js framework creator Evan You.
Applications for the Pioneers program are open until the end of September, and fellows will be selected and announced in mid-October.
Another recent example of open-source sponsorships is the Rust Foundation’s current project, which offered grants to maintainers working with that programming language, which has a very active open-source ecosystem and community.
More Companies with Open Source Program Offices
Open Source Program Offices (OSPOs) are cross-functional teams within companies that are responsible for how their companies use open source. They create strategies and policies to ensure their company’s open-source strategies and protocols are more efficient and less risky.
The further proliferation of OSPOs should be expected in 2024 and beyond. According to GitHub’s 2022 Octoverse report, 30% of Fortune 100 companies have OSPOs. Research by the Linux Foundation also found that while OSPO adoption is still most prevalent in technology companies, we’re seeing increased adoption in other industries, like education and the public sector.
OSPOs can go a long way toward helping developers, technical staff, procurement, and legal teams select and implement the right open-source tools. An OSPO can also be very helpful in educating staff and creating a culture of transparency and accountability when building an internal tool stack.
In 2024, don’t be surprised if more companies create roles and titles like Chief Open Source Officer to head OSPOs and work with Chief Technology Officers to create more efficient, secure, and sustainable open source policies for their companies.