With many eyes looking at code, “All bugs become shallow,” as software developer and author Eric Raymond called Linus’s Law in action. This is one of the reasons behind the popularity of open source: the volunteer communities working to improve and update the code.
And according to a Purdue University study, Linus’s Law does, in fact, work. Open source communities regularly issue patches faster than their proprietary software counterparts. However, Linus’s Law only works when there are enough eyes on the code. And there’s no guarantee that the community behind any given open source project will continue maintaining the code.
Of the 1,200+ codebases examined for “2020 Open Source Security and Risk Analysis” (OSSRA) report, 88% contained open source components that had had no development activity in the last two years.
Now let’s take a trip back in time to glean a few lessons that history has offered. You see, in the early 19th century, “free lunches” were a popular saloon promotion. Patrons had to buy a beer (or drink or alcoholic drink of their choosing) to wash down whatever food the barkeep offered. And there’s the catch.
Profits on whiskey and beer sales more than compensated the saloon for putting out the free lunch spread, which often was little more than soup, crackers and problematic pickled eggs. There’s a price for everything—whether evident or not.
With popular open source code, this price of a free lunch has increased the pressure on those maintaining it—those who handle bug reports, feature requests, code reviews, code commits, etc., for their so-called “free” software. Increasingly, as open source grows in popularity, the price of free lunch has been developer burnout and the abandonment of their open source projects.
It’s the tragedy of the commons in action—a resource growing so much in popularity that it can’t remain viable unless the community shifts to sustenance rather than exploitation. Witness the Twitter thread started by James M. South, creator of several popular open source solutions, who bemoaned the fact that, “#ImageSharp passed 6 million downloads this weekend and I’m a lot less happy about it than I probably should be.”
South goes on in several follow-up tweets, “Over 5 years of development there have only been 98 collaborators, 23 of which have made more than 10 commits. … It’s not about money, it never was and never will be, it’s about sustainability.”
Too few people—and their organizations—who rely on open source software are contributing to the projects they use. If you’re a developer and have a favorite open source component, you can contribute to its development through development, sharing your modifications, bug reporting, crowd-funding, letting the developers know how you are using it and helping others get started. That last may be the most important thing you can do for any open source project—helping build a user community large enough to sustain the project.