Three questions and answers: Get involved with open source, don’t just donate

When it comes to supporting open source projects, many companies insist on their financial donations. They’re good – but they’re not enough in the long term, according to Josep Prat, Open Source Engineering Director at Aiven. We talk to him about what companies can do better.



Josep Prat is Open Source Engineering Director at Aiven, a managed cloud services company.

Mr. Prat, you believe that companies should not limit themselves to financially supporting open source projects. What further engagement do you have in mind?

Open source software is also often referred to as “free” open source software. However, this is accompanied by the misunderstanding of many people that it is “free” in the sense of being free of charge. However, “free” in open source refers to the freedom to examine, edit, share and use the software individually – and we want to ensure that this “free” ecosystem is preserved. That’s why at Aiven we want to be a leading example for other companies by making a big contribution to the development of these technologies, building sustainable communities and ensuring that open source projects remain active and intact.

In existing projects we fix errors, develop new functions or share our experiences. In addition, last year we also created the OSPO, our Open Source Program Office, to ensure the sustainability and future of open source projects. Our OSPO works full-time on projects and in communities on open source projects in order to distribute the maintenance of the software to more people. In this way we help to reduce the “bus factor” in many OSS projects that are currently maintained by a few people either in their free time or in a single company.

Additionally, we created the Plankton program to support and recognize extra work our employees do outside of their regular duties, regardless of the volume of that work. Under this program, employees can request compensation for the time they invest in open source activities outside of their work – including beyond working on the code – to improve the existing ecosystem.

Some projects are of enormous importance in the technology stack and still depend on the work of a few or even individuals. This is an enormously dangerous situation – why are companies not doing more here?

Many companies are unaware of the precarious state of many of the open source projects they rely on. While some projects, such as the Linux kernel or Kubernetes that form the backbone of Internet infrastructure, are well maintained, the vast majority of projects are currently supported by single companies or just a handful of contributors. Faced with tight budgets, companies focus on quick profits and forget to invest in long-term and sustainable goals in order to become more independent.

The task of our Open Source Program Office (OSPO) is therefore to ensure the sustainability and future of open source projects in our value chain. For this we contribute to open source projects and ensure that the software maintenance is distributed among several people. At the same time, we bring in different ideas and opinions to successfully advance these projects. Such actions ultimately help create a sustainable and healthy ecosystem in which projects can exist while providing the right space for new ideas.

Part open source has a reputation for hobbyist tinkering—and part for the technology that secretly powers the world. How can companies dispel many of these myths and bring Open Source closer to the general public?

The first problem to solve is the common misconception that open source is only for the select few. The internet as we know it depends heavily on open source projects. A large proportion of these projects, in turn, depend on the work of a single maintainer. Remember Heartbleed in 2014? This vulnerability was found in OpenSSL, an important library used for the basics of the secure internet – and maintained by just one person.

And when that one key person decides they’ve had enough of the thankless volunteer work and quit, what do you think happens to online shopping and social media? And we’re not just talking about a hypothetical what-if scenario. In 2016, web development ran into a serious problem when a single programmer deleted 11 lines of code from the “left-pad” package from npm.

By not only raising awareness of the importance of open source and the work of the community, but also painting a picture of the potential dangers of neglect, the public could better understand the critical role open source plays in innovation and security in a digitized world . At least after last year’s Log4J vulnerability, a larger part of the tech industry has recognized the importance of a healthy and sustainable open source ecosystem. Even the White House met with tech industry giants and foundations to better understand the benefits of open source and how they can help mitigate the risks open source currently faces.

Mr Prat, thank you very much for your replies.

In the “Three Questions and Answers” series, iX wants to get to the heart of today’s IT challenges – whether it’s the user’s point of view in front of the PC, the manager’s point of view or the everyday life of an administrator. Do you have suggestions from your daily practice or that of your users? Whose tips on which topic would you like to read in a nutshell? Then please write to us or leave a comment in the forum.

More from iX Magazine

More from iX Magazine

More from iX Magazine

More from iX Magazine


To home page

Leave a Comment