Investment in open source to skyrocket in next five years
Technology is critical in business, government, social development, and so much more—and open source is all too often at the forefront of what’s next, according to Github.
In 2022 alone, governments convened meetings about open source investment, social development groups certified open source software to track carbon emissions, companies sponsored more and more key open source projects, and industry groups continued to make efforts to improve supply chain security in open source software.
Internet freedom will be championed worldwide
Open source has attracted unprecedented attention from governments and the global policy community. In particular, security events have highlighted the criticality of open source while concerns about autonomy, competitiveness, and transparency attest to the power of open source. New research has also made open source more intelligible to policymakers. With more policymakers aware of OSS, there are more opportunities to champion open source in public policy.
“Over the past three decades, the demographic of internet users has shifted away from legacy global leaders and is now more equally distributed towards emerging economies. In fact, half of all internet users reside in the developing world," says Mike Linksvayer, Head of Development Policy at GitHub.
"At the same time, this year's Freedom on the Net report found global internet freedom declined for the 12th consecutive year, with authorities in at least 40 countries blocking social, political, or religious content online—the highest in the report’s history,” he says.
“As a result, it’s more important than ever for policymakers to set the principles and standards of global digital governance. Following the US government’s Iran General Public License update in September, I anticipate internet freedom will be a key international policy objective in 2023.
"As governments realise that the availability of tech platforms is a boon to democracy and advantageous to national security, we’ll see a larger focus on equitable access to the free flow of information."
In the next five years, company investment in open source will skyrocket.
"At GitHub, we’ve seen a remarkable change over the past decade: more companies are actively investing in open source software, contributing to projects, and even releasing their own open source projects," says Stormy Peters, VP of Communities at GitHub.
“While more than 90% of companies today use open source software (OSS) in at least some capacity, the job of maintaining, protecting, and growing projects often falls on the shoulders of just a few developers.
And when a project goes down—like with the Log4j vulnerability—companies risk losing millions of dollars and customers. But instead of retreating from OSS, we’re seeing companies increase their investments," Peters says.
“In doing so, they’re not only improving the health of their software stack, but also opening their doors to the ever-growing OSS community—a relatively untapped global workforce. Through this greater recognition of the value and impact of open source, I expect to see a rapid increase in OSS investment. Internally, companies of all shapes and sizes will create Open Source Program Offices (OSPOs). And externally, we’ll see a new norm: companies directly funding the projects and maintainers they depend on."
Increased cross-industry collaboration to address supply chain security
Over the past several years—and the past year in particular—supply chain security in the open source ecosystem has become a large point of focus for the broader open source community—including the many companies and governments that rely on open source software.
“We’ve seen greater mainstream emphasis on supply chain security, with events like SolarWinds and Log4j providing key reminders of the importance of securing critical code," says Jacob DePriest, VP, Deputy CSO at GitHub.
"The White House’s Open Source Software Security Summit was a timely gathering of government and private sector stakeholders to discuss improving the security of open source software, and it’s clear that there must be a collective industry and community effort to secure the software supply chain.
“I expect 2023 to bring even greater collaboration, with the public sector looking to the private sector to help inform policy, more organisations and working groups like the OpenSSF focused around shared security goals, and more direct partnerships between companies," he says.
"Supply chain attacks do not recognise roles, corporate boundaries, or even national lines so it will require unprecedented collaboration to defend against them. At its core, supply chain security is about how the world builds software, so to drive true impact, these efforts will need to operate in support of the developers who design, build, and maintain the open source projects we all depend on."
Cybersecurity transparency will be hailed as a strength
Discussing the importance of transparency in cybersecurity, DePriest believes that While organisations are improving how they detect and defend against cyberattacks, they must also evolve the way they communicate about them.
"We’ve seen a fair number of breach disclosures this year, and next year will be no different. However, we’ll see more organisations lean further into transparency as a means to strengthen trust around their business," he says.
“More security leaders will focus on building an environment where the security team is an empowered, trusted partner to the business and prioritising open, transparent communications around security incidents to build trust with both internal and external stakeholders.
"As a natural result, the internal bar for privacy and data protection will rise and the threshold for external sharing of security incidents will lower."