Free and open source software has become a critical part of the modern economy, says the Linux Foundation. At the same time, however, there is a lack of maintenance and there is also a need for improvement in terms of security, for which the foundation sees companies in particular as having a responsibility. Especially external contributors, usually IT companies and users with IT departments, could get more involved with audits and bug fixing, wish open source developers.
93% male, mostly from Europe or the USA
The 2020 edition of the FOSS Contributor SurveyFOSS Contributor Survey, themed "How can we improve the maintenance and security of the most widely used open source projects??" underpins some prejudices, but also provides reliable facts and statistics on the motivation and origins of the independent developer community.
The majority of OSS developers (93% male) are located in Europe (EMEA, 53%) and the Americas (35%), with the United States (28%), Germany (12%), and France (7%) accounting for the largest share of the survey participants. 37% are employed in software development, 17% in system administration, 7% each in "Technology Hardware" or financial and insurance services. Most are employed full time, about half are paid by their employer for their OSS work – 64 percent of US participants, 59 percent of German participants are paid for their FOSS work.
1900 participants want more input from companies
Even if a majority would like to see better financial support for the projects, the reasons given to motivate FOSS developers to participate are generally not monetary in nature. Special attention should be paid to the topic of security, demands the Linux Foundation: Less than 3 percent of the time that freelance developers contribute revolves around security ies.
Among the six most frequently mentioned external contributions that are perceived as valuable, the security topic is at the top five times. People really appreciate the audits and security fixes, but need more of them, and this is where companies could get much more involved. For that to work, it’s a good goal to simultaneously improve security practices and limit the barriers to entry and obligations for contributors, the Linux Foundation recommends.
For this study, the foundation received responses from nearly 1,900 developers, of whom about 1,200 answered the questions completely. The appendix to the almost one hundred page study contains the complete text of the questions and answer options, as well as a list of the names of the study participants.