Why is responsible OSS usage important?
Nowadays, it is difficult to find a software development project that doesn’t rely on OSS to a greater or lesser extent. That includes, but is not limited to, any web client, node.js, Java or .NET software, and UI widgets.
Open source software is a living, breathing ecosystem and, like any ecosystem, we all have a responsibility to keep that ecosystem healthy. Otherwise, everybody suffers. If any of these products fail, it can leave our development project or enterprise software at risk. As we all depend on OSS, we are all vulnerable if it ceases to work as it should, or is compromised in any way. Therefore, we have a collective responsibility to ensure that it fails as rarely as possible.
How can I support the OSS ecosystem?
There are many things that you should include in your DevOps best practice, in order to support and protect the OSS ecosystem and, by extension, everyone involved in it. The first of these is using a SBOM (Software Bill of Materials) to itemise your OSS code and easily identify any vulnerabilities. By identifying and reporting or eliminating bugs, you are not only improving your own project’s chances of success, but also making a positive contribution to the whole OSS ecosystem and community.
Why is it my responsibility?
The vast majority of people who come into contact with open source software are consumers – those who take advantage of it either to build their own projects, or as end users, without contributing back to the ecosystem. But all open source projects rely on user contribution, not only in the form of bug reports and patches, but also in documentation, community participation and coding.
Another potentially serious issue when using OSS is that of copyright infringement when dealing with proprietary software. As such, it is vital to be aware of the precise terms of any OSS licence, to ensure you are not acting beyond its scope. Failure to do this could see you embroiled in something like the ongoing case involving Nutanix, who have been accused of violating the terms of an OSS licence.
I’m a company employee, and can’t contribute to OSS
Although you may not be able to directly contribute to OSS in the ways mentioned above, there are things that you can do to ensure the continued health of the OSS ecosystem. OSS does not run for free, so being able to contribute financially to the products you are using is one of the best things you can do to support them . This could be by paying for consulting, training or content, or by becoming a sponsor or patron if the product supports GitHub Sponsors or Patreon.
If you are in any way involved in the OSS ecosystem, click here for your free Agnostic Open-Sourced assessment, which will provide you with an objective and unbiased view of your software landscape.