Open Source Trends to Look for In 2024 — SitePoint

By admin
According to Open Logic’s

2023 Open Source Report
DATE

,

80%
PERCENT

of polled companies said their use of open source over

the previous year
DATE

had increased. As the corporate adoption of open source continues to increase, the space continues to grow and thrive, thanks to its large and dedicated community.

As always, new technologies and best practices in open-source software (

OSS
ORG

) continue to emerge and lead the community down new and exciting paths. Here’s a preview of some trends you can expect the open-source ecosystem to focus more on in

2024
DATE

.

We created this article in partnership with Codacy. Thank you for supporting the partners who make

SitePoint
ORG

possible.

Widespread Adoption of Artificial Intelligence and Machine Learning

The software development community is on board with artificial intelligence (AI) and machine learning (ML) in

2023
DATE

. A recent GitHub survey showed that

92%
PERCENT

of developers use AI-powered coding assistants.

AI and ML tools don’t just assist coders; they’re being used to aid any task requiring learning, problem-solving, and decision-making.

AI adoption in open source is also rapidly growing and has gone completely mainstream. We’ve already seen

Google
ORG

using AI for image and speech recognition tasks. Facebook has also unveiled an open-source machine-learning library called

PyTorch
ORG

.

While AI adoption and use is

one
CARDINAL

part of the story, the other is the legal and ethical issues that this adoption has brought into the spotlight. Open-source software is at the forefront of many of these debates, because most of the coding data that

ML
ORG

models train on are open-source projects.

This learning method brings into question intellectual property rights and licensing issues. Should the

OSS
ORG

creators who wrote the code used to train AI be compensated? Should it even be legal to train these tools on the work of others?

We’ve seen that AI-powered image creators and writing tools have successfully managed to avoid copyright issues. However,

one
CARDINAL

class action suit was filed against

GitHub
ORG

, alleging their

CoPilot
ORG

AI tool violates numerous open-source licenses.

While the chances of resolving these issues of legality and ethics regarding the use of AI technology will take a long time to resolve, it’s hard to believe that these concerns will be able to slow the widespread interest in and adoption of

AI
ORG

and ML tools in open source and otherwise.

A Greater Focus on Security

According to the Synopsys 2023 Open Source Security and Risks Analysis (OSSRA) Report,

87%
PERCENT

of the

1,700
CARDINAL

+ codebases they scanned for the report included security and operational risk assessments. The report found that

89%
PERCENT

of the codebases contained open source code that was over

four years
DATE

out of date, and

91%
PERCENT

contained components with no new development in

at least two years
DATE

.

With the

Log4j
ORG

library

zero-day
DATE

critical vulnerability event still fresh in the minds of all open-source creators, the

OSS
ORG

community is expected to continue stressing the importance of security and privacy best practices in

2024
DATE

.

Open source is everywhere. The

2022
DATE

OSSRA report showed that

97%
PERCENT

of software contains some open source. Open source made up

78%
PERCENT

of all code reviewed for the report. More importantly,

81%
PERCENT

of the codebases that include open-source code had

at least one
CARDINAL

security vulnerability and an average of

five
CARDINAL

high-risk vulnerabilities.

Open source is ubiquitous and permeates nearly every critical technology we depend on, making proper security and privacy even more vital. When networks worldwide use the same open-source code,

one
CARDINAL

vulnerability could collapse innumerable systems across the globe.

However, open source’s greatest asset is also its most significant obstacle. Why invest in something that’s completely free?

According to a

2023
CARDINAL

study by

Tidelift
PERSON

,

60%
PERCENT

of open-source maintainers are “unpaid hobbyists.”

Just 13%
PERCENT

describe themselves as professional maintainers who earn their living from this work.

The study also found that

more than half
CARDINAL

of the maintainers polled needed to be made aware of recent security initiatives like OSSF scorecards, supply-chain levels for software architects (

SLSA
ORG

), and

the NIST Secure Software Development Framework
ORG

(

SSDF
NORP

).

For security and workability, a priority for the open-source community in

2024
DATE

and beyond must be finding ways to maintain popular projects better — namely, paying open-source maintainers well enough to commit to this type of work long-term.

Increased Corporate Support

Technology companies (both large and small) are becoming increasingly aware of the importance of the open-source community on their entire ecosystem. This recognition of open source’s importance is already leading to increased initiatives and sponsorships aimed at supporting open-source creators.


One
CARDINAL

of the most notable ones is GitHub’s Accelerator program, launched in

April of 2023
DATE

. The

10-week
DATE

program provided selected open-source projects with funding and guidance.


Lisbon
PERSON

-based code quality platform Codacy is doing something very similar. They announced a fellowship program for open-source creators called

Pioneers
ORG

. Chosen projects will receive a

monthly
DATE

stipend for

an entire year
DATE

, free tooling, promotion for their projects, and mentorship for a star-studded cast of open-source experts, including Vue.js framework creator

Evan
PERSON

You.

Applications for the

Pioneers
NORP

program are open until

the end of September
DATE

, and fellows will be selected and announced in

mid-October
DATE

.

Another recent example of open-source sponsorships is

the Rust Foundation
ORG

’s current project, which offered grants to maintainers working with that programming language, which has a very active open-source ecosystem and community.

More Companies with Open Source Program Offices

Open Source Program Offices (OSPOs) are cross-functional teams within companies that are responsible for how their companies use open source. They create strategies and policies to ensure their company’s open-source strategies and protocols are more efficient and less risky.

The further proliferation of OSPOs should be expected in

2024
DATE

and beyond. According to

GitHub
ORG

’s

2022
DATE


Octoverse
PERSON

report,

30%
PERCENT

of Fortune 100 companies have OSPOs. Research by

the Linux Foundation
ORG

also found that while

OSPO
ORG

adoption is still most prevalent in technology companies, we’re seeing increased adoption in other industries, like education and the public sector.

OSPOs can go a long way toward helping developers, technical staff, procurement, and legal teams select and implement the right open-source tools. An

OSPO
ORG

can also be very helpful in educating staff and creating a culture of transparency and accountability when building an internal tool stack.

In

2024
DATE

, don’t be surprised if more companies create roles and titles like Chief Open Source Officer to head OSPOs and work with Chief Technology Officers to create more efficient, secure, and sustainable open source policies for their companies.