As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.
Looking further ahead, we’ll integrate GitHub and npm to improve the security of the open source software supply chain, and enable you to trace a change from a GitHub pull request to the npm package version that fixed it. Open source security is an important global issue, and with the recent launch of the GitHub Security Lab and GitHub’s built-in security advisories, we are well-positioned to make a difference. In addition, GitHub Sponsors has already paid out millions of dollars to open source contributors, and we’re excited to explore tasteful ways to extend it to the npm ecosystem.
The impact: Open source supply chain security is a big problem that probably needs a lot more resources thrown at it.
For cluster administrators managing large clusters, this proliferation of development methodologies and management interfaces can be problematic. The class of applications that Operators were developed to manage are almost always part of a larger application stack, with dependencies between them. If we have a lot of Operators written in different ways running on our clusters, how can we ensure they will interoperate with each other, and how do we validate and test them?
The impact: This illustrates two cool things about open source. First, the alternating waves of innovation and consolidation. Second, the empowering of affected parties to address their own challenges.
In recent years we’ve seen the posts of CIO and CTO elevated to boardroom level, with senior figures in IT now influencing corporate strategy. Due to a heightened awareness of cybersecurity, it won’t be long before the board looks to CSO and CISO executives for strategic direction.
The impact: This statement has gotten truer over the last several weeks. More activity is being pushed online than ever before; keeping that activity secure is integral to making it all profitable. Security people need to be able to say "no" at the highest possible level.
Being non-opinionated about the adoption of specific technologies and the methodologies of distributing its primitive resources, were the main axes of Kubernetes evolution. Additionally, the proliferation of solutions from multiple vendors played an instrumental role in the emergence of interfaces and it served as the engine for further development and innovation.
The impact: Kubernetes may be the only large-scale open source project where competition is hot. Even still, competitors need to be able to work together and interfaces are the points that separate collaboration and competition.
Direct feedback from the individuals and organizations operating OpenStack helps the upstream development community know what features to prioritize and which bugs to fix first, among other important learnings on how the software is being used. Each of the official project teams has the opportunity to add a question to the survey as well as review anonymized data and trends to further influence their roadmaps.
The impact: Not every community participant can or will provide feedback on bug reports or feature requests. In that case, it is important to provide multiple ways to get feedback and meet users where they are.
I hope you enjoyed this list and come back next week for more open source community, market, and industry trends.