What's Next for Open Source?: Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability

Earlier this month, a historic moment took place for open source, where it took center stage at the two-day "OSPOs for Good" symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is being used to address global challenges, including the 17 Sustainable Development Goals (SDGs). 

As Nithya Ruff, Chair of the Board of Directors at the Linux Foundation and Head of the Amazon Open Source Program Office, reflected,

 "Could it be that the once thought of as 'hippie' and 'fringe' movement is now being seen as one of the keys to working better together as a world to solve problems facing humankind?" 

The takeaway was clear: open source projects are currently and will increasingly be critical in the collective effort to address the SDGs, both as digital public goods and as a model of open collaboration and innovation. This resonated with the Linux Foundation Research report, "Open Source for Sustainability", which showcases the potential of LF-hosted open source projects to accelerate the SDGs and recommends more organizations leverage them in future sustainability initiatives.

Building on the momentum of the UN symposium, the next day many of us gathered at the "What's Next for Open Source” workshop hosted at Microsoft's offices in Times Square to discuss next steps. Here we summarize key takeaways and calls to action.

Highlights from the keynotes

The keynote presentations set the stage for exploring the transformative potential of open source in addressing global challenges. Speakers from diverse backgrounds, including industry leaders, UN representatives, government officials, foundation executives, and academic researchers, shared insights on collaboration, sustainability, and inclusivity, painting a comprehensive picture of the current state and future directions of open source.

Open for collaboration: OSPOs send positive signals

Open Source Program Offices (OSPOs) were a central theme, with speakers highlighting their crucial role in fostering collaboration within and between organizations across sectors. 

Nithya Ruff kicked off the workshop, highlighting the role of OSPOs in building bridges between industry, governments, and academia. She highlighted, “The existence of an OSPO within an organization is a signal to the outside that you’re open to speaking and collaborating.” 

Omar Mohsine, Open Source Coordinator at the UN, presented the three pillars of the UN's open source strategy: policy for internal use, culture change, and development. He shared key priorities, including building the UN open source portal, socializing the UN's open source principles, and the  “Reboot the Earth” hackathons inviting young programmers to build technology solutions for the climate crisis.

Dadisi Sanyika, Board Chair of the Continuous Delivery Foundation, emphasized the power of connected OSPOs in fostering collaboration and idea-sharing beyond organizational boundaries. His advice for establishing effective OSPOs: "Invest in the people in your organization; they are the seeds that need to be grown."

Open source for sustainability

Sustainability took center stage as speakers explored the intersection of open source and environmental challenges. The presentations underscored the potential of open source solutions in addressing climate change and promoting sustainable development, showcasing real-world examples and initiatives.

Ruth Suehle, EVP of the Apache Software Foundation and Director of OSPO at SAS, underscored that no SDG exists in isolation, citing the Ocean Observatories Initiative and Global Biodiversity Information Facility as role model initiatives that provide open data to address critical science questions regarding the world's oceans and biodiversity. Ruth explained, “The task now is to  prove the power of open collaboration to others to build a better future for the world.”

Among the most important messages of the day came from Gabriele Columbro, Executive Director of Fintech Open Source Foundation (FINOS) and General Manager of Linux Foundation Europe, who announced the recent merger with OS-Climate, an open source community dedicated to building open source tools for climate-aligned finance. By bringing together the expertise and know-how of the climate finance and financial services communities, they can more effectively collaborate on open source projects that create climate resilience. Additionally, he remarked on the important work of the TODO Group, a free to join Linux Foundation project that supports the creation and impact of OSPOs.

Driving open source readiness in highly regulated sectors

Gabriele shared his learnings from  the conservative finance sector, where much value is to be had for banks, fintechs, and asset managers by leaning in to open source and collaborating on common challenges through engagement in FINOS projects. His advice: “Figure out the “how”, once you’ve figured out “why” (i.e. what moves executives).” The practical tools then help with the “how”; for example, FINOS’s Open Source Readiness is a toolkit that helps financial institutions and regulated industries to become compliant users of and contributors to open source.

Fostering a diverse and inclusive open source community

Diversity and inclusion in the open source community were highlighted as critical factors for innovation and growth. Speakers shared initiatives and best practices aimed at broadening participation and creating a more inclusive environment in the open source world.

Paloma Oliveira, Growth Engineer at Sauce Labs and FOSS advocate, shared learnings from PyLadies, a volunteer-based global community and international mentorship group for marginalized genders, including but not limited to non-binary people, trans people, and women in tech. The initiative focuses on helping its community become active participants and leaders in the Python and open-source community.

Ruth Suehle highlighted the “Community Over Code” tagline of the Apache Software Foundation, stating: “`Community over code’ is the ASF’s way of saying we value a sustainable project’s community of contributors first, above the value of the code itself. Because fixing broken code is easier than fixing a broken community, a healthy community is critical to a thriving project.”

Building digital public administrations with open source

The adoption of open source in public administration emerged as a key trend, with discussions focusing on how governments and municipalities can leverage open source to improve public services and foster innovation. Speakers shared case studies and insights on implementing open source solutions in the public sector.

Ben Cerveny, President of the Foundation for Public Code, and Jacob Green, Co-founder of OSPO++, took the stage to discuss the role of sustainable stewardship for digital public goods within public administrations. Ben highlighted his foundation's work to provide organizational structures with governance, stewardship, and financial models around open source collaborations in the public sector, sharing, "Public software is a process that requires ongoing orchestrated collaboration between public administrations."

LaVerne Gray from Syracuse University and Philippe Bareille from City of Paris presented open source collaboration between municipalities and universities. LaVerne highlighted that key words from the UN symposium were community, co-creation, collaboration, and sustainability, but the key word that was missing was reparation. 

Philippe shared lessons from the Lutece project, an open source portal, maintained and developed within the municipal government of Paris, allowing users including national organizations and public universities to quickly create dynamic websites or web applications. Philippe explained, "A public sector administration project such as Lutece at the City of Paris is an important professionalizing project for students looking to get involved in a project that can have an impact on their lives as citizens. We encourage higher education establishments specializing in IT to offer professional open source courses. The city's open source program office is able to welcome students to work on current digital issues, so that they can help enrich Lutece and make it more widely available and reusable in all public institutions."

Calls to action for the open source community

Following the keynotes, a rich lineup of panels and workshops focused on concrete steps for the community to take in order to capitalize on the potential of open source. Below we summarize four key themes and calls to action for the open source community.

a. Secure

The "Safeguarding Our Public Goods, For Everyone" workshop, moderated by Omkhar Arasaratnam, General Manager of the Open Source Security Foundation (OpenSSF), discussed the perils that open source security faces and what we can do about them.

Aeva Black, Section Chief of Open Source Security at the Cybersecurity and Infrastructure Security Agency (CISA), delivered a thought-provoking keynote. They highlighted the global collaborative nature of open source software communities and the pressing need to address the insecurity that results from the consumption-to-contribution imbalance, citing a recent Harvard study that estimates the demand-side value of open source at $8.8 trillion, while the supply-side value is estimated at $4.15 billion. Aeva also shared insights from the CISA Report on Memory Safety Risks in Critical Open Source Projects, revealing that many of the 172 critical open source projects identified by the OpenSSF – even those written in memory-safe languages – depend on underlying libraries written in memory-unsafe languages. Aeva wrapped up their remarks with a call to action for all software manufacturers to prioritize building security into their product design from the start, highlighting the need for manufacturers to be both responsible consumers of, and sustainable contributors to, open source software.

Subsequently, the workshop featured panels on topics such as "Making open source secure and sustainable" and "How can we make OSS maintainers' lives easier?" A recurring theme emerged: the security of open source is fundamental to sustaining its community and ecosystem. For organizations seeking to play their part in addressing the consumption-to-contribution imbalance, the participants agreed that supporting the 172 critical projects identified by the OpenSSF is a good place to start.

Calls to action

• Invest in open source sustainability:

1. Mobilize investment to address the consumption-to-contribution imbalance
2. Develop support structures for maintainers
3. Add funding.yml to repositories to address maintainer burnout

• Prioritize security throughout the development lifecycle:

1. Implement security measures at each stage of development
2. Use maturity models and inventories for day-to-day security
3. Educate developers about making risk-informed decisions
4. Focus on creating environments where vulnerabilities are caught early

• Enhance vulnerability management and patch distribution:

1. Develop a nuanced understanding of vulnerability severity
2. Prioritize speed and agility in releasing security patches
3. Consider implementing auto-updates for critical projects

• Leverage and improve security tools and resources:

1. Utilize tools like the OpenSSF Scorecard and sigstore
2. Develop AI tooling for safety testing in open source 
3. Use the OpenSSF's list of critical OSS projects for targeted support

• Foster collaboration and trust in the open source ecosystem:

1. Coordinate large investments in open source security
2. Hold proprietary security vendors accountable for accurate open source risk profiling
3. Engage with the broader open source security community for best practices

b. Accessible

Accessibility in open source projects emerged as a crucial theme, emphasizing the importance of ensuring that technological benefits reach all segments of society. The conference highlighted this through two key workshops that showcased the value of open source and open models.

The "Open Source & Friends: Mapping Our 'For Good' Community" workshop featured winners of the Reboot the Earth prize, demonstrating how open source applications can address climate change. Projects like INODAI's Elephant, which empowers local communities to tackle climate issues, and Agrigate, which uses open source AI models for drought forecasting, exemplified the potential of accessible technology in solving global challenges.

The "Open Source AI" workshop, co-hosted by Mer Joyce and Lea Gimpel, featured discussions about open AI models as digital public goods and their potential to support the Sustainable Development Goals (SDGs). Lea Gimpel, Director of AI and Country Engagement at the Digital Public Goods Alliance (DPGA), presented the DPGA’s efforts to foster and invest in digital public goods, including open AI models, especially for the benefit of the global majority. Lea told the workshop participants, "Open source AI models will play an essential role in democratizing AI and broadening the pool of available AI digital public goods, even if making models available is clearly not enough to achieve this goal. With the updated digital public goods standard, we will have a set of indicators to ensure open source AI models are fit to help attain the SDGs and are responsibly developed.” Subsequently, a real-world example, Farmer.Chat, an AI assistant providing farming advice in local languages, demonstrated both the potential and challenges of open AI models, particularly in serving diverse linguistic communities.

Discussions also spotlighted the OpenJS Foundation's work in creating accessible web technologies and LF Energy's efforts in developing open source microgrids. The LF Energy initiatives aim to bring sustainable energy to underserved communities, addressing challenges such as high entry barriers and fragmented standards in the energy sector.

Calls to action:

1. Support local innovation: Establish programs that empower local communities to develop and adapt open source solutions for their specific needs, particularly in underserved regions.
2. Foster cross-sector collaboration: Encourage partnerships between open source communities, industry sectors, and policymakers to address accessibility challenges in various domains, from energy to agriculture.
3. Implement inclusive design practices: Adopt accessibility guidelines across all open source projects, ensuring usability for people with diverse abilities and needs.
4. Enhance documentation and training: Create comprehensive, multi-lingual documentation and training resources to make open source technologies more approachable for users worldwide.
5. Prioritize linguistic diversity: Develop and improve open AI models to perform effectively in a wide range of languages, ensuring global accessibility of AI-powered solutions.
   
   

c. Inclusive

The sessions underscored the importance of fostering a diverse and inclusive open source community. Discussions centered around mentorship programs, ensuring inclusivity at events, and providing scholarships to underrepresented groups in tech. These efforts aim to broaden participation and bring diverse perspectives to open source development.

Initiatives like PyLadies exemplify the transformative efforts to empower underrepresented and underestimated people and ensure their voices shape the future of technology. With its current 75 local chapters, PyLadies is dedicated to fostering an environment where marginalized genders can become influential leaders in the Python and open source community, challenging the male-dominated status quo. The group offers comprehensive resources such as the PyLadies Starter Kit, workshops, social, supportive events, and coding sessions tailored to the needs of its members and its local chapter. PyLadies is also actively working to expand its inclusivity, recognizing its own areas for growth. By providing a robust support network and a bridge to the broader Python ecosystem, PyLadies showcases how community-driven initiatives can drive meaningful change in diversity and inclusion within the open source world.

In the  "Open Source AI" workshop, Mer Joyce, founder of Do Big Good and facilitator of the Open Source Initiative's co-design process for defining open source AI, reflected on the efforts to include diverse perspectives in the process and key learnings throughout. Mer emphasized that a global definition requires global consultation, and that equitable and inclusive stakeholder representation isn’t only about justice: it’s about legitimacy. The co-design process involved thirty-six individuals, representing 23 countries by birth and residence, who volunteered as workgroup members or system reviewers. Mer noted that among the workgroup members over 50% were people of color, 30% were black, and 25% were women, transgender, and nonbinary. 

The Linux Foundation itself has implemented a DEI policy at its events, including ensuring diverse speaker lineups, providing inclusive facilities, and offering special events to promote diversity and inclusion. Furthermore, research by the Linux Foundation has highlighted ongoing challenges and makes recommendations for open source leaders to foster inclusivity in open source, including mentorship and sponsorship programs, inclusive naming, and governance.

Calls to action:

1. Expand mentorship programs: Develop and support mentorship initiatives that target underrepresented groups in open source and the technology industry more widely.
2. Implement inclusive event policies: Adopt and enforce comprehensive DEI policies at all open source events, including diverse speaker lineups, accessibility considerations, and inclusive facilities.
3. Conduct regular DEI audits: Regularly assess the state of diversity, equity, and inclusion in open source projects and organizations, using data to drive improvements and measure progress.
4. Promote inclusive design: Encourage "inclusion by design" in open source projects, considering diverse perspectives in all stages of development and decision-making processes.
5. Invest in education and outreach: Develop and fund programs that introduce open source to underrepresented groups early in their careers or education, creating pathways for diverse talent to enter the ecosystem.
   
   

d. Impactful

The potential for open source to drive significant global impact was a recurring theme throughout the conference. Open source solutions are actively contributing to various SDGs, from addressing climate change to improving food systems and advancing scientific research.

Ruth Suehle presented several impactful open source projects in tackling SDGs related to climate action, sustainable agriculture, life below water, and biodiversity conservation

• The Open Food Network provides open-source software for managing online farmers' markets, offering free resources to farmers, producers, and community food enterprises. This initiative supports sustainable agriculture and food systems.
• The Woods Hole Oceanographic Institution's Ocean Observatories Initiative (OOI) delivers 90 terabytes of data from over 800 instruments, freely available online and built with open source components. This project, described as "monitoring critical organs of the earth," contributes significantly to climate and ocean research.
• The Global Biodiversity Information Facility (GBIF) makes biodiversity data open and accessible, supporting crucial scientific research. The platform's impact is evident in its daily citations in scientific papers and its substantial return on investment in terms of societal benefits.

Among the opportunities from the merger of FINOS and OS-Climate is bridging such projects with climate-aligned finance and creating common tools for ESG reporting to further their impact  

Calls to action:

1. Increase funding for open source projects addressing SDGs: Establish dedicated funding streams and investment mechanisms to support open source projects that directly contribute to achieving the SDGs.
2. Foster cross-sector partnerships: Encourage collaboration between open source communities, academic institutions, governments, and private sector entities to leverage diverse expertise in addressing global challenges.
3. Prioritize digital inclusion: Develop strategies to bridge digital divides, ensuring that open source solutions are accessible and beneficial to underserved communities worldwide.
4. Enhance impact measurement: Create standardized metrics and reporting frameworks to better quantify and communicate the impact of open source projects on SDGs.
5. Promote knowledge sharing and replication: Establish platforms and processes for sharing success stories, best practices, and replicable models of impactful open source projects across different regions and sectors.
   
   

Looking ahead

The workshop painted an optimistic picture of the future of open source. It's clear that open source is not just about software development – it's about people, culture, and its power as both a tool and a mode of collaboration to tackle global challenges. 

As we reflect on the discussions at the United Nations symposium and the “What’s Next for Open Source” workshop, it's evident that the open source community stands at a pivotal juncture. The calls to action–to make open source more secure, accessible, inclusive, and impactful–provide a roadmap to guide the community's future efforts. To explore these themes further, we encourage readers to take a look at the Linux Foundation's "Open Source Software for Sustainability" report, which not only showcases the current impact of open source across the 17 SDGs but also offers valuable insights into future directions.

As we move forward, it's crucial for everyone–developers, organizations, and users alike–to engage with these initiatives and support the open source community in its mission to support a more sustainable and equitable world.