“Free and open-source software” (FOSS) comes at a lower cost and with short production cycles. Unsurprisingly, it has become widely used in the tech industry. According to the Linux Foundation, 99% of firms relied on free code in 2021, and 78% used it during the product lifecycle. Even the moguls rely on open-source code, just like anyone. More on this later.
Big players like IBM, Google, and Facebook support many open-source projects. Google’s Android has been a free operating system since its inception, and it is a prime example of how non-proprietary software supports people globally and doesn’t just benefit the tech industry. Since November 5, 2007, Android has been powering smartphones and tablets worldwide for free, based on a modified Linux kernel.
How Open-Source Shapes Tech Industry
As mentioned, open-source code has one major advantage: its cost-effectiveness. Producing and licensing traditional proprietary software is expensive. 60% of people who maintain freely available software are enthusiasts who have yet to see a dime from their contributions, with only 13% earning a living through their free code. However, over half of these enthusiasts need to learn about critical security measures like OSSF scorecards, SLSA, and the NIST SSDF.
Non-proprietary software also has fast development cycles. Developers usually collaborate when coding non-proprietary software, which accelerates production. Furthermore, its agility allows coders to customize the software to meet their unique needs without waiting for software to release updates. Again, this feature allows for a faster time to market, a crucial element to outrunning competition.
Another great free code feature is accessibility to a greater number of talented developers. When you choose widely used open-source frameworks such as Spring Boot, jQuery, Django, React, and Vue.js, it is much easier to find talent. So, basing your next project on a tech stack using these elements will enable you to find skilled programmers easily.
This means that free code has increased competition in the tech industry, resulting in better consumer products and services. We can also thank open-source software for the transition many companies have made from selling software licenses to subscription-based models. That is what made costly technology more accessible and improved economic and social opportunities for many communities worldwide.
The Dual Realities of Open-Source Software
It is not all sunshine and pretty codes, however. Freely available software doesn’t come without challenges. Integration with other software systems can be faulty, especially if not initially coded with integration in mind. Compatibility issues that arise can be time-consuming and expensive. Despite these hiccups, non-proprietary software continues to foster innovation in the tech industry, including the acceleration of cloud computing, big data analytics, and artificial intelligence.
But in an era where software development is deeply intertwined with global socio-political dynamics, the integrity of open-source ecosystems faces a significant challenge: protestware.
What is protestware?
Protestware is a type of software that developers manipulate to convey a message on an issue of controversy or dispute, such as the war in Ukraine. Coders post protestware in open-source libraries. Messages they post can be either innocent or harmful. The decision depends on the developer’s personal beliefs, financial incentives, social status, and moral values. Hacktivism involves using technical skills to promote digital liberties and address social or political issues through online actions and coding, often employing disruptive tactics.
In March 2022, the developer behind a widely utilized software library boasting over a million weekly downloads intentionally introduced a disruptive element into their codebase. The developer of a widely-used JavaScript component called node-IPC, which is hosted on the npm repository, added malware to his code to protest Russia’s invasion of Ukraine. The corrupt code made users’ files disappear or become corrupted suddenly without their knowledge or permission.
As a result, several projects on the repository had to release emergency updates to address the issue. For example, node-IPC is a valuable part of Vue.js, the foundation of numerous websites for major corporations like Google, Facebook, and Netflix.
Probing the Relationship Between Open-Source and Protestware
Associate Professor Christoph Treude from SMU is researching the fundamental impact protestware has on open-source software. He notes that software developers typically rely on preexisting components, similar to how car manufacturers use parts crafted by others. Just like a car, open-source libraries have many moving parts, so when someone injects malware into them to protest an event, it can cause many of those parts to crumble. After the node-IPC scandal, many users in Russia and Belarus fell victim to computer breaches.
Professor Treude explains that maintainers sometimes unintentionally make errors when coding. You must remember that people who maintain these libraries volunteer their time, besides having families, day jobs, and other engagements. However, events like the Ukraine conflict can trigger maintainers to transform their open-source projects into malware to draw attention to the event. There have also been extreme examples of coders intentionally reprogramming the library to target machines in Russia and Belarus.
Protestware Categories and Implications
But, luckily, most turn to less intense measures, such as incorporating an image, a message, or a document that promotes the cause they support. Given the interrelationship of all IoT software, people who contribute to and maintain these free platforms have had considerable influence.
Upon analyzing this phenomenon, Treude and his fellow researcher Raula Gaikovina Kula identify three categories of protestware:
- Malignant protestware: Software that aims to intentionally harm or seize control of a user’s computer without them knowing.
- Benign protestware: It aims to peacefully raise awareness of political or social issues, just like real-life political posters. Benign protestware never controls the user’s device.
- Developer sanctions: These go beyond individual software issues and impact entire software ecosystems. Two examples of developer sanctions were when MongoDB pulled their products from the Russian market, and GitHub suspended Russian accounts.
Ethical Considerations and Dilemmas
In the beginning, Microsoft was against open-source software because they thought software should have a price tag instead of being available to everybody for free. However, they had a change of heart, and now Microsoft is one of the most significant contributors to open-source. They maintain their libraries conscientiously.
Open-source software is free, but maintainers have realized that some companies use their code to make money. That is why some companies have attached licenses to free code libraries, but this goes against the core ideas of open source. Such a practice resulted in people losing trust in those libraries because it prevented the public from using them commercially.
Alternatively, end users could do a deep dive into any software before downloading it to find out who maintains the library, how long they have been active, how reliable they are, and how quickly they have fixed security vulnerabilities. This approach could help mitigate the distrust by looking at someone’s history, but it doesn’t mean the now inactive coder won’t do something in the future.
Empowering Creators: Corporate Support for Open-Source Projects
The number of corporate initiatives that support the open-source community is on the rise. GitHub’s Accelerator program and Codacy’s Pioneers Fellowship Program offer funding, guidance, and mentorship to open-source projects and creators that fulfill their prerequisites. The Rust Foundation Project Grants offer financial means to maintainers who contribute to the Rust programming language. These initiatives are beneficial to the world of non-proprietary software not only through monetary support, but also by building a collaborative ecosystem that restores trust in the community and drives technological innovation.
[Find out which open-source projects contain protestware]
Conclusion
Free code has been a crucial part of the tech industry for years now. It allows developers the freedom to create new programs, managers can, therefore, save money, and businesses have the breathing room to adapt quickly to the fast-paced digital world.
But FOSS is more than mere code. It carries a philosophy of transparency, collaboration, and innovation and will continue to shape the future of software development and business success. In fact, open source makes up 78% of all code. However, 81% of codebases have at least one security flaw, and because of the interconnectedness of global networks, this statistic shows how a single vulnerability can cause damage to systems worldwide.
Looking ahead, we must continue addressing the ethics and social aspects of software engineering. After all, we are in the middle of a supersonic technological evolution. As AI fuels software development, we must discard old and find new ways to mitigate these complex challenges in a progressively tech-co-dependent world.
