The government is now a little more open. This week, the White House released its first official federal source code policy, detailing a pilot program that requires government agencies to release 20 percent of any new code they commission as open source software, meaning the code will be available for anyone to examine, modify, and reuse in their own projects. The government agencies will also share more code with each other, essentially adopting open source practices within their own governmental universe.
It's the latest in a long line of high-profile victories for the open source movement. As recently as a decade ago, the worlds of both government and business worried that using open source software would open them up to bugs, security holes, and countless lawsuits. But despite these early fears, open source came to dominate the digital landscape. Today, practically every major piece of technology you interact with on a day-to-day basis---from the web to your phone to your car---was built using at least some form of freely available code.
Some of the biggest companies in the world are not only using open source software, but open sourcing their own code as well. Earlier this year, Walmart released an open source cloud management system. ExxonMobil released an open source developer toolkit to help oil and gas companies adopt standard data formats. Financial giants like the London Stock Exchange Group, JP Morgan, and Wells Fargo are among the companies backing Hyperledger, open source software that could reinvent the stock market. In short, open source is now a core part of how software is created not just by software companies, but by every kind of company.
That's because governments and corporations are realizing that open source is often the best way to develop software. Open source lets companies share the burden of developing common infrastructure and compatibility standards. And because anyone can participate, regardless of what company they work for,or whether they work for any company at all, open source can potentially attract a more diverse pool of talent--people with unique perspectives, who can spot problems or develop new features that the original creators of a piece of software never imagined.
But despite this mainstream success, many crucial open source projects---projects that major companies rely on---are woefully underfunded. And many haven't quite found the egalitarian ideal that can really sustain them in the long term. Some open source developers struggle with burnout, while others have trouble working their way into the open source community. Though the community has proved that open source is among the most important ideas in the history of technology, it faces a whole new set of tests as it transforms from scrappy underdog to pillar of the mainstream.
An Unsolved Problem
Venture capitalists are betting big on open source startups. A Silicon Valley outfit called Cloudera raised over a billion dollars all on its own. Meanwhile, existing companies like Google, Facebook and Microsoft spend enormous amounts developing open source in-house. But many important and widely-used projects still struggle to raise funds, according to a recent paper published by the Ford Foundation.
Take OpenSSL, an encryption software library used by countless websites and operating systems, including Android and iOS, to securely process sensitive data such as passwords and credit card details. Prior to 2014, only one person worked on the project full time, and this was a big reason no one noticed Heartbleed, a massive security hole that led to one of the worst digital security emergencies in history.
The OpenSSL team patched Heartbleed, and the incident helped raise funds to prevent future problems. With support from several major tech companies, the Linux Foundation started the Core Infrastructure Initiative (CII) to help support important but under-funded open source projects, including OpenSSL. But now that the Heartbleed publicity has worn off, donations have slowed to a crawl, says OpenSSL Foundation co-founder Steve Marquess. Not counting its CII money, the organization only has enough money saved to keep paying two engineers for another year and a half. "CII funds less than half of our current operation," Marquess says. "We hope that continues, but it's something that we don't necessarily want to count on."