What is Open Source? How to Contribute to OSS Projects
Open source software (OSS) has become a cornerstone of modern software development, powering everything from server infrastructure to web and mobile applications to machine learning models. Over 90% of companies report using open source software in some way, and open source components comprise 60-80% of the codebase in typical modern applications according to the 2021 Open Source Security and Risk Analysis Report from Synopsys.
At its core, open source software is software released under a license in which the copyright holder grants users the rights to use, study, modify, and distribute the software and its source code to anyone and for any purpose. This is in contrast to proprietary software, where the software is under restrictive copyright licensing and the source code is usually hidden from the users.
The open source philosophy originated in the context of computer software development, but has expanded beyond software to include open source hardware, open source pharma, open source seeds, and open source drinks (e.g. Open Cola, Free Beer).
Why is Open Source So Popular?
There are many reasons why open source software has seen such explosive growth in recent years:
Cost savings – Many open source projects are completely free to use, even for commercial purposes. This can provide significant cost savings compared to expensive proprietary software license fees, especially for startups and smaller companies. Even larger enterprises can shave millions off their software spend by adopting more open source.
Quality and reliability – Some of the largest and most successful open source projects are maintained by thousands of developers worldwide, resulting in extremely high-quality and reliable code. For example, the Linux operating system which powers much of the internet has been developed by over 20,000 contributors and 1,500 companies. With so many eyeballs on the code, bugs and security issues can be identified and fixed rapidly.
Flexibility and customization – With access to the full source code, open source software can be modified and customized to fit an organization‘s unique requirements and use cases. Rather than try to shoehorn an inflexible proprietary solution, teams can adapt open source tools to their exact workflows and technology stack.
Community and collaboration – Successful open source projects have vibrant and engaged communities of developers, users, and companies that support and contribute to the software‘s ongoing development. There are community events, forums, mailing lists, and chat channels for getting help and collaborating on ideas. Features and fixes can be crowdsourced from this community.
Avoidance of vendor lock-in – Adopting proprietary software often locks you into that vendor‘s ecosystem, pricing model, and roadmap. With open source, organizations have more control and flexibility to fork the code and maintain it themselves if necessary. This reduces reliance on a single vendor.
Some of the largest and most popular open source projects that form the backbone of internet and computing infrastructure include:
- Linux operating system
- Apache web server
- Mozilla Firefox web browser
- MySQL and PostgreSQL databases
- Python programming language
- Kubernetes container orchestration system
- TensorFlow machine learning library
Open source has especially strong adoption in certain domains like:
-
Web development – Almost every major web development framework (React, Angular, Vue etc.), UI component library (Bootstrap, Material-UI etc.), and build tool (Webpack, Babel, ESLint etc.) is open source. This allows them to evolve rapidly with the web platform.
-
Data science and machine learning – Python has emerged as the lingua franca for data science and machine learning, and almost all of the major libraries and frameworks (NumPy, pandas, scikit-learn, PyTorch etc.) are open source. This makes it easier for researchers to share and reproduce models.
-
Cloud native – As more software is built for the cloud, the projects enabling cloud native computing have seen massive popularity. This includes container tools (Docker, rkt), container orchestration (Kubernetes, Mesos), service meshes (Istio, Linkerd), and serverless frameworks (Knative, OpenFaaS).
Challenges of Open Source
Despite all the benefits, using and maintaining open source software also comes with its own set of challenges:
Decentralized control and governance – Unlike centralized proprietary software, open source projects are often developed and managed by a distributed community of part-time volunteers. This can make strategic planning, timely decision making, and accountability more difficult. The most successful projects have clear governance structures in place.
Inconsistent quality and documentation – While the most popular open source projects are very well maintained, there is a long tail of smaller libraries and tools that may be poorly documented and lightly maintained. The onus is on the user to perform due diligence and assess the health and quality of an open source dependency.
Complex licensing and compliance – There are over 200 approved open source licenses, each with slightly different requirements and restrictions. Organizations using open source must carefully track the licenses of their dependencies and ensure compliance, which can be complex. Specialized tools like WhiteSource and BlackDuck can help automate this.
Keeping up with updates and security patches – Popular open source projects release updates and security patches frequently to fix bugs and vulnerabilities. But it can be challenging for organizations to keep their open source dependencies up-to-date, especially with complex dependency chains. Outdated dependencies can introduce security risks.
Varying degrees of commercial support – The availability of commercial support and training for open source projects varies widely. Generally the most popular enterprise-focused projects have a range of support options, while smaller libraries may have limited or no formal support.
Succeeding with Open Source
Best practices for using open source
For organizations and developers using open source software, some best practices to ensure a good experience and mitigate risks include:
- Establish policies and processes for introducing open source dependencies into your codebase
- Perform code reviews and security scans of open source components
- Actively monitor your open source dependencies for updates and security patches
- Standardize on a smaller set of approved licenses that align with your business needs
- Track and manage open source license compliance, e.g. with Software Composition Analysis tools
- Have a strategy for how you will support and maintain open source components
Contributing to open source projects
One of the best things about open source is that anyone (yes, even you!) can contribute to the projects they use to help make them better. In fact, contributing to open source is one of the best ways to grow your skills and raise your visibility as a developer.
Some of the main benefits of contributing to open source include:
- Improving your programming skills by reading high-quality code and getting feedback on your contributions
- Gaining practical experience collaborating with a distributed team and using version control and CI/CD workflows
- Learning how to navigate open source governance models, licensing, and compliance processes
- Raising your profile and demonstrating your abilities to potential employers or clients
- Giving back to the tools and communities you‘ve benefited from using
If you‘re new to open source contribution, it can feel intimidating at first. But there are some steps you can follow to get started:
-
Identify a project that interests you. This could be a tool you use frequently, a library you admire, or a project aligned with your skills and expertise. Check that the project is actively maintained and welcoming to new contributors.
-
Start small and build trust. It‘s usually better to start with small, non-critical contributions like fixing typos in documentation, writing tests, or triaging issues. This helps build trust with the maintainers and get familiar with their processes before tackling bigger changes.
-
Study the contribution guidelines. Almost every open source project has guidelines that explain what types of contributions they accept and how to submit them, e.g. in a CONTRIBUTING.md file. Read these carefully and ask for clarification if needed.
-
Engage with the community. Don‘t just dive in and start submitting pull requests. Introduce yourself to the community, help answer questions from other users, and build relationships with the maintainers. They‘ll be more likely to review your contributions favorably.
-
Submit your contribution. When you‘re ready, submit your pull request or patch with a clear explanation of what problem it solves and how it works. Be prepared for constructive feedback and a few rounds of iteration before your contribution is merged.
Some of my favorite resources for finding open source projects to contribute to are:
- GitHub Explore – Discover repositories and topics on GitHub
- Open Source Friday – Contribute to open source every Friday
- First Timers Only – Beginner-friendly open source projects
- 24 Pull Requests – Contribute to open source during the month of December
Maintaining open source projects
If you maintain an open source project yourself, you know that it‘s a lot of work. In addition to writing code, maintainers are responsible for setting the roadmap, triaging issues, reviewing and merging contributions, releasing new versions, and fostering a healthy community.
Some tips for being a good open source maintainer include:
- Set clear expectations for what types of contributions you accept and your expected response times
- Write detailed documentation to help users understand how to use and contribute to the project
- Automate as much as possible, e.g. CI/CD, release notes, changelog generation, bot responses to common questions
- Recruit additional trusted maintainers to help share the workload and review pull requests
- Prioritize kindness and empathy in your interactions with users and contributors
- Plan for the long-term sustainability and governance of the project, e.g. through a foundation or sponsorship model
The Future is Open
From its origins in the free software movement to today‘s GitHub generation, open source has proven to be a powerful force for innovation and collaboration in software development.
Today, open source is more important than ever as a counterbalance to proprietary cloud platforms and a way to keep critical software infrastructure in the hands of the broader community. High profile security incidents like Heartbleed and Log4Shell have also highlighted how much of the internet relies on open source projects that are often underfunded and under-resourced.
In response, there are encouraging trends towards more sustainable and secure open source practices:
- Initiatives like Open Source Insights and OpenSSF Scorecard that help the community track and improve the health of open source dependencies
- Efforts to simplify and standardize open source licensing, e.g. through the Blue Oak Model License
- More companies adopting open source programs offices to centralize and professionalize their open source engagement
- Experimentation with new funding models like GitHub Sponsors, Open Collective, and blockchain-based approaches
For individual developers and organizations alike, investing time and resources in open source tooling and communities is a virtuous cycle that benefits everyone. By contributing code, reporting issues, writing documentation, sponsoring projects, and being a good open source citizen, you can do your part to keep open source thriving for decades to come.
After all, the world is built on open source software. The future will be too.