Digital Ocean just published a survey of developers that indicates how companies are getting more comfortable with using open source, but remain much less comfortable with contributing to open source. Matt Asay and Chris Aniszczyk picked up on this, suggesting that open source will become more sustainable if we get those contribution numbers up. What is it that is keeping companies from letting their developers contribute?
Here is a representative experience from some recent consulting activity of mine. I asked:
So what about your open source policy?
The first manager answered:
Uh, I don’t think we have one.
The second manager:
Not true, our policy is not to do it.
The third one, somewhat puzzled:
Uhm, what about this Eclipse plug-in we are developing?
Even using open source, not to speak of contributing to open source, is not as widely spread as non-representative surveys might suggest. In my experience, consumer-facing companies usually have a handle on using open source, but already their first tier of suppliers, then B2B software vendors, often have a “no open source” policy. (“No open source” is usually an indicator that the managers have no idea about what their developers are actually doing.)
Now, moving from using open source to contributing to open source is a non-trivial step. The governance and compliance processes necessary for safely using open source are complex, and contributing to open source saddles more processes on top of that. All of this, of course, is doable, but it requires significantly more knowledge for managers and developers alike to have, and it usually isn’t there.
Following the press, we sometimes think that open source is widely understood, but as soon as you start digging, you can see how understanding open source has not deeply penetrated the software supply chains. Or, to paraphrase a prominent saying: The future may already have arrived, but it is far from being evenly distributed.