《Linux基金會：2023年開源世界：全球焦點調查報告（英文版）（33頁）.pdf》由會員分享，可在線閱讀，更多相關《Linux基金會：2023年開源世界：全球焦點調查報告（英文版）（33頁）.pdf（33頁珍藏版）》請在三個皮匠報告上搜索。

1、In partnership with:October 2023Adrienn Lawson,The Linux Foundation Stephen Hendrick,The Linux FoundationForeword by Sachiko Muto,OpenForum Europe and RISE Research Institutes of SwedenGlobal Spotlight 2023Survey-based insights into the global landscape of open source trends,sustainability challenge

2、s,and growth opportunitiesCopyright 2023 The Linux Foundation|October 2023 This report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License77%of organizations in Europe,71%in the Americas,and 56%in Asia Pacific BELIEVE THAT BENEFITS EXCEED THE COSTS OF OS

3、S USE.OSS VALUEOPEN SOURCE USE AND CONTRIBUTION POLICIES WITHIN ORGANIZATIONS ARE ASYMMETRICAL,leaning toward more permissive use policies and stricter contribution policies.OSS POLICIESOn a global average,90%of organizations surveyed USE OPEN SOURCE AT A MODERATE,SIGNIFICANT,OR WIDESPREAD LEVEL.OSS

4、 USEA total of 68%of respondents believe that OSS IS MORE SECURE THAN CLOSED SOURCE SOFTWARE.OSS SECURITYOrganizations with an OSPO or clear strategy are more likely to FOLLOW A RIGOROUS APPROACH WHEN CONTRIBUTING CODE.OSS CONTRIBUTIONPeople contribute in their personal time for various reasons,be i

5、t for INDIVIDUAL OR COLLECTIVE BENEFIT.OSS CONTRIBUTIONLeading concerns about contributions include LEGAL,LICENSING,AND LEAKING IP ISSUES.OSS CHALLENGESOSS SUSTAINABILITYOnly 24%of organizations surveyed REQUIRE TRAINING IN SECURE SOFTWARE DEVELOPMENT.OSS SECURITYOSS use brings many benefits,includi

6、ng IMPROVED PRODUCTIVITY&SOFTWARE QUALITY,&A LOWER COST FOR SOFTWARE.OSS VALUEThe top action when evaluating a new OSS component is CHECKING THE ACTIVITY LEVEL OF THE PROJECT COMMUNITY.OSS USEOSS contributions ALWAYS OR OFTEN RESULT IN IMPROVED SOFTWARE QUALITY according to 52%of respondents.OSS VAL

7、UEDedicated EMPLOYEE TIME and FINANCIAL SUPPORT are the most popular areas respondents feel need investment to increase contributionsGlobal Spotlight 2023ContentsForeword.4Executive summary.5Introduction.7Regional perspectives.9Asymmetry in open source use and contribution.11Responsibility in open s

8、ource use and contribution.14Value proposition of open source use and contribution.18Improving open source sustainability.22Conclusions and actionable insights.26Methodology.27Appendix.30Acknowledgments.32About the authors.32ForewordAs a long-time advocate of open collaboration-both as a communicato

9、r engaged with European poli-cymakers and as a researcher-it is with pleasure and anticipation that I introduce the World of Open Source Global Spotlight report.The findings not only bring valuable insights to a growing body of knowledge around open source but I hope they can also serve as a foundat

10、ion for further research and informed policymaking.When I was first introduced to open source in 2007,I quickly discovered that talking about my new passion at a dinner party in Brussels was a sure-fire way to alienate people.In the years since,open source has“won”in the market and general interest

11、has certainly increased.Yet while witnessing how open source has transformed the tech industry,I have often found myself underwhelmed by the level of understanding among policymakers about its impact and potential,and disappointed by the level of adoption in the public sector.Thus,having spent close

12、 to 15 years in EU public affairs,I had two main motivations for joining RISE Research Institutes of Sweden last year:I wanted to conduct research that could be used to inform and improve policy discussions around open source,and I wanted to move my main focus from the political to the administrativ

13、e level of government,to better support open source adoption in those organiza-tions that stood to benefit but were lagging behind.The research presented in the World of Open Source series supports both those objectives.Crucially,it represents a valuable asset when communicating with policymakers,pr

14、oviding them with a nuanced understanding of the significance and functioning of the global open source ecosystem.Call me an idealist and an optimist,but I believe that the dissemination of high-quality research can empower policymakers to make better decisions,to craft poli-cies that nurture innova

15、tion,and to foster environ-ments where open source can flourish.In my role as a researcher,I am particularly excited about the potential for the World of Open Source findings to stimulate further investigation.An example of such further in-depth study is The European Public Sector Open Source Opport

16、unity report which was motivated by certain findings in last years European spotlight report.Personally,I am now compelled to dig deeper into the discrep-ancy between open source consumption and open source contribution,which was highlighted in this years report.A closer look at the specific drivers

17、 and challenges that underlie this divide could be trans-lated into practical guidance,ultimately fostering a culture of active participation and collaboration in the open source community.The extension of this years report beyond Europe to include Asia and the Americas allows us to consider regiona

18、l opportunities and challenges.Each conti-nent brings its unique perspective,priorities,and approaches to open source.However,instead of fragmenting our vision,these diversities can serve as a reminder of the immense potential that emerges when we unite our strengths as a global community.I am deepl

19、y appreciative of LF Research for their commitment to advancing our collective under-standing of this dynamic field.Again,it is my hope that this research can serve as more than just an information resource.It has the power to ignite curiosity,to stimulate further research,and to fuel discussions th

20、at transcend geographical boundaries.Sachiko Muto Chair,OpenForum Europe Senior Researcher,RISE Research Institutes of Sweden4WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Executive summaryRegional perspectives on open source trendsOur research reveals that globally,organizations widely adopt open sourc

21、e software(OSS),with over 90%of surveyed organi-zations using it to a moderate,significant,or widespread extent.Organizations in the Asia-Pacific region also use open source extensively,but the figure drops to 84%.Furthermore,a signifi-cant 73%of organizations in our survey exhibit a pro-open source

22、 stance,either actively encouraging OSS adoption or allowing development teams to decide.The European region surpasses the global average with a reported rate of 77%for such pro-open source policies.However,when it comes to contributing to OSS,around 60%of organizations openly encourage or leave the

23、 deci-sion up to each development team.Structured strategies such as Open Source Program Offices(OSPOs)are lacking in over half of organizations across regions.Our study reveals that organizations worldwide recognize the substantial value of OSS to their own operations and their respec-tive industri

24、es,with over 90%agreement in the Americas,close to 90%in Europe,and 73%in Asia Pacific.When assessing orga-nizations where the benefits of OSS use outweigh the costs,the global average stands at 69%,with the highest percentage at 77%reported in Europe.Organizations in the Americas and Europe are exp

25、eriencing an upward trend in the business value derived from OSS,with 57%reporting an increase over the previous year,while Asia Pacific,although currently lagging slightly in perceived value,is showing a more substantial increase(61%),indicating a growing momentum in the region.Responsibility in op

26、en source use and contributionOur survey found that despite the prevailing belief that OSS is more secure than closed source software(68%of respondents agreeing),a substantial 42%of respondents expressed concerns about the security of OSS components when prompted to agree or disagree with factors li

27、miting OSS use in their organization.This suggests that while organizations perceive open source as secure overall,they may still harbor doubts about specific components or projects.When evaluating a new OSS component,most devel-opers opt for proxies(e.g.,activity levels,frequency of releases)instea

28、d of conducting time-consuming direct inspections of the source code.However,even less time-intensive approaches such as automated tools are not yet commonplace in this evaluation process,with only 36%of organizations employing them.In terms of responsible contribution,organizations with a well-de-f

29、ined OSPO or clear strategy demonstrate a more systematic approach to contributing code,as evidenced by their engagement across all the steps outlined in the survey,such as quality and security testing and providing documentation.Value proposition of open source contributionContributing to open sour

30、ce projects offers a wide range of benefits for organizations,including innovation,as 51%of respon-dents believe it often fosters innovation in the IT industry through collaboration and idea sharing.Additionally,52%think that open source contributions frequently improve their organizations work envi

31、ronments by promoting teamwork and skill development.Many organizations also view such contributions as a moral obli-gation,aligning with principles of transparency and community 5WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023support,and they can lead to economic gains through improved software quality.

32、These diverse benefits underscore the multifac-eted advantages of open source contribution,appealing to both the economic interests and the broader values of organizations,ultimately contributing to the collective progress and vitality of the open source ecosystem and the technology industry as a wh

33、ole.Improving open source sustainabilityTo enhance open source sustainability through increased contri-butions within organizations,it is crucial to address the barriers faced by organizations.Our survey found that the most significant obstacle,reported by 43%of organizations,is legal and licensing

34、concerns,coupled with a fear of intellectual property(IP)leakage.This underscores the importance of navigating the legal landscape in open source initiatives.Additionally,38%of organizations cite a lack of policy or training materials as a challenge,highlighting the need for clear guidelines and edu

35、cational resources.Interestingly,while 36%consider a lack of monetary return as a barrier,23%do not view it as a significant obstacle,suggesting diverse perspec-tives within organizations.Our survey findings show regional differences in priorities for advancing open source.In the Americas and Europe

36、,respondents emphasize the government adoption of open source,with 42%and 48%respectively choosing this as a top priority.They also prioritize pursuing open source alternatives to tech monopolies and improving academic education on open source.In contrast,in the Asia-Pacific region,better funding fo

37、r the commercial open source startup ecosystem is the top priority(36%),followed by fostering open source global tech standards(31%),and govern-ment adoption of open source.These regional variations highlight the diverse needs in the open source landscape,suggesting the importance of tailored strate

38、gies and investments for effective adoption and sustainability in each region.6WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Introduction1Colin Eberhardt,Graham Odds,and Matthew Dunderdale,“Europe Spotlight 2023:Exploring the State of European Open Source Innovation,Opportunities,and Challenges,”forewor

39、d by Gabriele Columbro,The Linux Foundation,September 2023.In 2023,the Linux Foundation(LF)Research Team set out to undertake research on the global landscape of open source following the success of the 2022 World of Open Source:Europe Spotlight survey and report.The Global Spotlight 2023 project gr

40、eatly expanded our view of open source participation in different regions,providing valuable insight to better understand and support open source participation worldwide.The research is relevant to decision-makers from all functions and sectors,including managers,executives,policymakers,and others i

41、nvolved in open source initiatives.The 2023 survey contained enough data and information for us to create three reports.The 2023 Europe Spotlight report1,already published,dives further into specific trends within Europe,and the 2023 Japan Spotlight,published later this year,will give special attent

42、ion to the open source landscape in Japan.The Global Spotlight report you are reading now encom-passes the globe,aiming to mentally cross borders while realizing the different needs and priorities of the studied regions.The report gives a special focus to open source sustainability,which refers to t

43、he ability of open source projects to stay main-tained and evolve,ensuring their continued availability and reliability for their users.The main voices of the survey include open source contributors and developers who understand the role of OSS in their organization or within a given industry.The LF

44、 Research team would like to especially thank all participants in the survey who gave us their invaluable time.Your insights have been the backbone of this report and the potential critical discussions stemming from it.Research overviewData collection for the worldwide online survey took place betwe

45、en April and June of 2023.We received 916 valid responses,which are the basis for the analysis presented in this report.The survey included questions in the following areas:demographics,the current state of open source consumption and contribution,benefits and challenges of open source usage and con

46、tribution,the value proposition of open source,and open source sustain-ability.We will introduce the geographic distribution of the sample below,but for more information about the research approach and further demographics on participants and their organizations,see the Methodology section.Geographi

47、c distributionAs the report greatly focuses on the regional differences and similarities in open source trends across the globe,the geographic distribution of the sample deserves special attention.We aimed to gather responses from all parts of the world,but given the Linux Foundations primary presen

48、ce in North America and Europe,we received most responses from those regions.A third-party panel provider supported our efforts to gather data from Asia Pacific.64%of responses from this region came from Japan in order to create a World of Open Source:Japan Spotlight report to be published in Decemb

49、er 2023.Three regions that we segment our data on are the Americas,Europe,and Asia Pacific.More detailed distribution within these three regions is summarized in Figure 1.7WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023FIGURE 1Geographic distribution in the sample of the 2023 World of Open Source:Global

50、Spotlight SurveySource:2023 World of Open Source:Global Spotlight Survey,Q5.Sample Size=9167%OtherEastern Europe33%TheAmericas27%AsiaPacific33%Europe9%South America9%Mexico,Central America,and the Caribbean82%North AmericaChina 10%India 12%Japan 64%Asia(except China,India,Japan)14%90%10%Western Euro

51、pe8WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Regional perspectivesUse and contribution patternsAlthough regional differences persist in the state of open source,overarching patterns can be observed in Figure 2.The adoption of OSS is widespread across organizations globally.More than 90%of organizati

52、ons who participated in the survey report that they use OSS at least at a moderate level(moderate,significant,or widespread use of OSS).The only exception is Asia Pacific,where 84%of organizations reported using open source at least at a moderate level.Beyond the extent of usage,exploring organizati

53、onal policies sheds light on the broader landscape.Across the entire survey sample,a substantial 73%of organizations exhibit a pro-open source stance.This manifests as either active encouragement of open source adoption or a flexible approach that leaves the decision in the hands of individual devel

54、opment teams.The European region exceeds this global average with a reported rate of 77%.When considering what policy organizations have for contributing to OSS,more organizations shy away from permissive policies.Around 60%of companies openly encourage or let each devel-opment team decide on OSS co

55、ntributions.Therefore,in most organizations,OSS contribution is less encouraged than OSS use,and this finding is consistent across regions.A more structured approach to open source policies would suggest the presence of an OSPO or other clear and visible strategies within companies.For most regions,

56、more than half of organizations lack such a strategy.In Europe,16%of organizations were yet unable to leap to a more structured OSS approach while already having permis-sive policies.By contrast,in the Americas,only 5%of organizations with permissive policies are without an OSS initiative.FIGURE 2Re

57、gional differences but an overarching pattern in open source use and contributionSource:2023 World of Open Source:Global Spotlight Survey,Q12,Q13,Q22,Q11,Sample Size=705-916 90%92%93%84%73%73%77%66%59%60%60%55%48%55%44%48%TotalThe AmericasEuropeAsia PacificModerate,significant,or widespread use of O

58、SSOSS use is openly encouraged or up to the development teamOSS contributions are openly encouraged or up to the development teamOSPO and/or clear and visible strategyPercentage of organizations where:9WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Value proposition of open sourceA high-level view of the

59、 value proposition of open source(Figure 3)shows that most organizations realize the value of open source to their organizations and respective industries.There is consensus that open source is valuable to the industry the organization is part of.Perceived value to organizations is almost as high as

60、 value to the industry,both above 90%in the Americas,and almost at 90%in Europe.Although enthusiasm is lower in Asia Pacific,an overwhelming majority of organizations(73%)report value to industry,and 71%see value to their organizations.When explicitly asked about whether the benefits exceed the cost

61、s of open source use,the global average is at 69%,and the highest percentage across regions is at 77%in Europe.Reflecting both backward and forward,it becomes evident that the business value of OSS continues to grow.Remarkably,57%of organizations in the Americas and Europe have reported an increase

62、in the business value derived from open source when compared to the previous year.This upward trajectory suggests that organizations in these regions are recognizing the existing value and capitalizing on it more effectively over time.Interestingly,the Asia-Pacific region presents a nuanced perspec-

63、tive.While a smaller percentage of organizations(56%)currently report that the benefits of open source usage outweigh the costs,they have reported a more substantial increase in value(61%)compared to other regions.This dynamic suggests that while the perceived value of open source may not yet match

64、that of the Americas and Europe,the momentum for its growth is building in the Asia-Pacific region,potentially positioning it to reach similar perceived value levels in the near future.When it comes to open source contributions,the overall increase in benefits is perceived to be less pronounced comp

65、ared to open source usage.However,nearly half of the organizations across regions still report a growing sense of benefits resulting from their open source contributions.FIGURE 3Value of open source recognized across regions with increasing value reported in about half of organizationsSource:2023 Wo

66、rld of Open Source:Global Spotlight Survey,Q37,Q36,Q42,Q20,Q27,Sample Size=599-702Percentage of organizations who:85%94%89%73%84%91%88%71%69%71%77%56%57%57%57%61%46%47%44%48%TotalThe AmericasEuropeAsia PacificStrongly agree or agree that OSS is valuable to their industryStrongly agree or agree that

67、OSS is valuable to their organizationBelieve that benefits exceed the costs of OSS useReport that increased business value of open source useReport that increased overall benefits of open source contribution10WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Asymmetry in open source use and contributionOrga

68、nizations are more likely to lean toward more permissive open source use policies than contribution policiesThe descriptive statistics presented in Figure 4 shed light on the asymmetry in open source use and contribution policies within organizations.It is clear from the data that these policies can

69、 vary significantly,ranging from highly restrictive,where open source use and contribution are not permissible,to those that actively encourage both.Notably,32%of the surveyed organizations have adopted a very permissive stance,allowing both open source use and contribution.Fortunately,only 1%of the

70、 organizations in our sample reported a complete prohibition of OSS usage and contri-bution,although it is essential to acknowledge that this figure could be higher outside our survey sample,as we did not include organizations that had no familiarity with OSS in our survey.These findings underscore

71、the nuanced landscape of open source adoption within organizations.While there is some symmetry in the policies,with a greater emphasis on permissive open source use policies compared to contribution policies,it is evident that there is room for improvement in aligning use and contribution policies

72、by making these policies more permissive.This asym-metry may reflect the differing attitudes and concerns organiza-tions have regarding the consumption and contribution to open source projects.Addressing these disparities could lead to more consistent and effective open source strategies and increas

73、e the sustainability of the open source ecosystem.FIGURE 4Open source use and consumption policies are asymmetricalSource:2023 World of Open Source:Global Spotlight Survey,Q13 and Q22,Sample size:670(DKNS excluded),cells add up to 100%Use of OSS is openly encouraged0%6%5%9%32%Use of OSS is up to eac

74、h development team1%6%2%11%5%Use of OSS is permitted under limited circumstances3%4%6%2%2%No clear policy0%4%0%0%1%Use of OSS is not permitted1%0%0%0%0%OSS contributions are not permittedNo clear policy about OSS contributionsOSS contributions are permitted if required by the open source licenseOSS

75、contributions are up to each development teamOSS contributions are openly encouragedMore permissive open source contribution policy More permissive open source use policy 11WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Insights into the use and contribution to different open source software technologies

76、 within organizationsFigure 5 compares the percentage of organizations using key OSS technologies to the percentage of organizations contributing to these same OSS technologies and shows the extent to which OSS technologies support business-critical activities.OSS technology useFigure 5 shows that 6

77、4%of organizations use Linux in our sample and notes the extent to which Linux has become a core operating system for organizations surveyed worldwide.Equal in stature are OSS cloud and container technologies,which 63%of organi-zations use.Together with Kubernetes,they provide an efficient and cost-

78、effective approach to providing the foundation of cloud native environments.Database and data management tools,which continue today to represent the single biggest investment that organizations make in technology,have attracted many open source SQL,No-SQL,and distributed file system solutions over t

79、he last decade.Collectively,54%of organizations use OSS database and data management tools,which also encompasses OSS pene-tration of DevOps devices,including foundation CI/CD tools for application development.We note that 52%of organizations use web and application development,including web assembl

80、y,with the combination of DevOps/GitOps/DevSecOps seeing use by 50%of organizations.A second leading tranche of technology use includes advanced analytics and data science(43%),Kubernetes(42%),cybersecurity(41%),and AI/ML(40%).While the focus on cybersecurity does not rank higher at present,this wil

81、l likely change as we will see later in this report.OSS technology contributionsFigure 5 also shows the percentage of organizations that contribute to OSS projects by technology area.While we have come to expect OSS contribution to trail the use of OSS,what is surprising is how closely the pattern o

82、f OSS contribution matches OSS use.The correlation when comparing OSS use and OSS contri-bution is 95%,despite how the gap widens as OSS use increases.This means that OSS contribution is indeed occurring everywhere.Figure 5 shows that 43%of organizations contribute to cloud and container technologie

83、s,which could be due in part to the high level of OSS use seen in this market as well as a wide scope of tooling that provides many opportunities for involvement.Beyond cloud and container technologies,OSS contribution is relatively tightly clustered across the leading OSS technologies areas in use.

84、Contributions to web&application development(35%)rank second,but contributions to Linux(34%),advanced analytics and data science(33%),CI/CD and DevOps(31%),AI/ML(31%),DevOps/GitOps/DevSecOps(30%),cybersecurity(29%),and database/data management(28%)follow closely.This list of leading OSS technology a

85、reas where organizations contribute largely mirrors the leading technology areas where OSS is used.12WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023FIGURE 5Open source technologies are used for a wide variety of business critical activitiesSource:World of Open Source Global Spotlight Survey,Q16(OSS use),

86、Sample Size=691,Total Mentions=4,508(DKNS excluded)Source:World of Open Source Global Spotlight Survey,Q24(OSS contribution),Sample Size=488,Total Mentions=2,133(DKNS excluded)In which of the following areas does your organization use/contribute to OSS?(select all that apply)Other(please specify)Man

87、ufacturing,3D printing,and CAD/CAMAugmented/Virtual realityBlockchainOpen source hardwareEdge computingNetworking technologies(5G,SDN,NFV,etc.)IoT&EmbeddedStorage technologiesArtificial Intelligence/Machine LearningCybersecurityKubernetesAdvanced analytics and data scienceDevOps/GitOps/DevSecOpsWeb&

88、application developmentCI/CD&DevOpsDatabase and data managementCloud/Container technologiesLinux8%7%9%15%16%15%16%19%16%31%29%25%33%30%35%31%28%43%34%3%9%10%15%16%20%23%26%28%40%41%42%43%50%52%54%54%63%64%Use OSSContribute to OSS13WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Responsibility in open sour

89、ce use and contributionThorough inspection of code is not common,even though security concerns aboundThe data highlights a significant perception within organizations regarding the security of OSS versus closed-source alternatives.Figure 6 shows that most respondents,68%,believe that OSS is more sec

90、ure.However,when looking further into the security question,the picture is not as clear.Despite the prevailing belief that OSS is more secure than closed source software,Table A1 in the Appendix shows a substantial 42%of respondents expressed concerns about the security of OSS components when prompt

91、ed to agree or disagree with factors limiting OSS use in their organization.This suggests that while there is a perception that open source is secure overall,organi-zations may still harbor doubts about specific components or projects.According to Figure 7,having internal manuals,checklists,or guide

92、lines for the use of OSS(46%)and a formal review process for OSS components(40%)are common ways that organizations seek to mitigate the risk that comes when preparing to use an OSS component.Furthermore,only 24%(a minority of organizations)require development training in secure software practices,po

93、ten-tially leaving software development teams without the necessary skills to effectively mitigate security risks in open source projects.Addressing these disparities between perception and practice,as well as enhancing training initiatives,may be crucial for organi-zations aiming to harness the ful

94、l potential of open source while ensuring security and compliance.FIGURE 668%of respondents believe that open source is more secure than closed softwareSource:2023 World of Open Source:Global Spotlight Survey,Q21,Sample Size=711)FIGURE 746%of organizations have internal manuals,checklists,or guideli

95、nes for using OSSSource:2023 World of Open Source:Global Spotlight Survey,Q14,Sample Size=702,Total Mentions=1,434Dont know or not sureNoYes68%15%17%Do you believe that OSS is more secure than closed source software?(select one)Dont know or not sureNone of the aboveOur OSPO works with developers toe

96、nsure its policies are followedWe engage with outside professionals todetermine what OSS components we should useWe require developer training in securesoftware developmentWe recommend developer training onsecure software developmentWe have a formal review process forevaluating OSS componentsWe have

97、 internal manuals,checklists,orguidelines for using OSSWhat practices does your organization follow regarding the use of OSS?(select all that apply)46%40%32%24%24%18%14%7%14WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Figure 8 shows that when organizations are in the process of eval-uating whether to i

98、ncorporate an OSS component,its evident that they employ various strategies to gauge the components suitability.Primary actions include the assessment of proxies that may or may not be efficient indicators of the components overall health and reliability.Examining the activity level within the proje

99、ct community is a common practice(50%),as it provides insights into the vitality of the project.Additionally,organizations rely on factors such as repository ratings and package download statistics to gauge the quality of the project(42%),while the frequency of releases(39%)helps in assessing the le

100、vel of maintenance and support.It is worth noting that most developers understandably opt for these proxies instead of conducting time-consuming direct inspections of the source code.However,even less time-intensive approaches such as automated tools are not yet commonplace in this evaluation proces

101、s,with only 36%of organizations employing them.Regional variations also exist,with 41%of organizations in the Americas using automated tools,compared to 30%in Europe and 39%in the Asia-Pacific region(Table A2).Furthermore,30%of organizations still rely on manual reviews or inspections of the source

102、code,suggesting that in-depth methods also persist(Figure 8).Its noteworthy that 10%of organizations in the sample do not conduct any formal review of the component at all,potentially posing risks in terms of quality and security.Considering these findings,it becomes apparent that there is room for

103、improve-ment in adopting more automated and efficient evaluation tools and practices,which can help organizations streamline their OSS component assessments and ensure the fulfillment of both quality and security standards.The open source community is encouraging secure consump-tion of OSS component

104、s.The Open Source Security Foundation(OpenSSF)released a working group proclamation,the Open Source Consumption Manifesto,which states:“As consumers of open source,we are responsible for the open source we use,how we consume it,and how we manage the risk associated with that consumption.”FIGURE 8Org

105、anizations tend to use proxies to evaluate new OSS components instead of more thorough inspectionSource:2023 World of Open Source:Global Spotlight Survey,Q15,Sample Size=702,Total Mentions=2,383What actions does your organization usually take before using a new OSS component?(select all that apply)D

106、ont know or not sureWe dont review or evaluate the OSS components that we useWe check the component against a risk policy or risk calculations that we doWe check if the project has a responsible disclosure policy(such as a SECURITY.md)We manually review/inspect the source codeWe evaluate the transit

107、ive dependencies of the OSS code to determine if its too risky to useWe evaluate the source code using automated tools(SCA,SAST,Fuzz Testing,web app scanners,etc.)We look at the frequency of releasesWe look at repository ratings or package downloads statisticsWe evaluate the direct dependencies of t

108、he OSS code to determine if its too risky to useWe check the activity level of the project community(contributors,commits,etc.)50%42%42%39%36%31%30%26%24%10%9%15WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Responsibility for OSS lies with users but also with contributors.It is essential that both parti

109、es establish and maintain policies to ensure responsible usage and contribution.Next,we examine the steps followed when organizations contribute to OSS projects.More steps are followed for contributions when OSPO or other OSS initiatives are presentEnsuring the continued vitality of OSS projects rel

110、ies on respon-sible contributions,where the code contributed upstream meets high standards of quality,security,and ongoing maintenance.Contributions to OSS encompass a wide range of activities.Contribution is not limited solely to code submissions;it also encompasses actions such as opening issues a

111、nd answering queries,contributing to documentation,and providing non-code assets,such as design elements(Table A3).Figure 9 illustrates the distinction between structured and unstructured approaches to contribution.We distinguish the steps taken for contribution based on whether an organiza-tion has

112、 an OSPO or a clear and visible open source strategy in place.Organizations with a well-defined OSPO or clear strategy demonstrate a more systematic approach to contributing code,as evidenced by their engagement across all the steps outlined in the survey.One of the most prevalent actions is peer co

113、de review,with a substantial 70%of organizations with an OSPO conducting it.This percentage drops to 48%for organizations without an OSPO.Organizations with an OSPO are also more than twice as likely to engage in security and vulnerability testing.Figure 9 reveals that 47%of organizations provide co

114、mponent documentation,and this figure decreases further to 22%for organizations without an OSPO.Particularly noteworthy is the“Dont know or not sure”response,which is significantly higher among organizations lacking an OSPO,highlighting a sixfold higher uncertainty among respon-dents regarding the s

115、teps involved in contributing to the OSS code.These insights underscore the advantages of structured approaches to OSS contribution,demonstrating their effective-ness in ensuring code quality,security,and project sustainability,while also highlighting potential areas for improvement in organi-zation

116、s with less formalized strategies.FIGURE 9Organizations with an OSPO or other clear OSS strategy are more likely to follow a rigorous approach when contributing codeSource:2023 World of Open Source:Global Spotlight Survey,Q23 by Q11,Sample Size=288,Total Mentions=875(Filtered for organizations contr

117、ibuting code Q25)What steps are followed for contributing OSS code in your organization?(select all that apply)Has an OSPO or other clear OSS strategyHas no clear OSS strategyDont know or not sureSBOM developmentRecording of time spent contributingComponent documentationLegal/compliance approval and

118、 sign-offSecurity and vulnerability testingFunctional software quality assurance testingCode review by peers70%68%61%51%47%32%26%5%48%38%26%23%22%15%5%30%16WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023All contributions are important,no matter the time spentFigure 10 provides valuable insight into the a

119、llocation of developer time across different types of projects and their contributions.We aimed to understand the time developers spend contributing at work to inner source projects,employer-supported projects,and third-party projects.But we also asked how much time they spend contributing in their

120、personal time.As shown by the heights of the bar charts across the different amounts of time spent contributing,most developers in the survey spend none to four hours per week on contributing.Notably,inner source projects receive the most significant portion of developers contribution hours.Converse

121、ly,third-party projects receive comparatively less attention,with employees dedicating fewer hours to these external initiatives.It is essential to highlight the diversity in the time commitment across the board.Developers contributions can range widely,from devoting just one to four hours per week

122、to contributing more than 40 hours per week.The line in Figure 10 illustrates that the cumulative effect of many developers who undertake frequent,small contributions over time,such as 5 to 10 hours per week closely matches the total hours contributed in a more concentrated 21 to 30 hours per week a

123、ssignment.This implies that even developers with limited time can make a meaningful impact through consistent contributions.This shows that open source talent is being leveraged in various types of job functions and is not limited to full-time assignments.FIGURE 10Time spent on contribution can rang

124、e from none to more than 40 hours per weekSource:2023 World of Open Source:Global Spotlight Survey,Q30-33,Sample Size=604-637 05001,0001,5002,0002,5003,0003,5004,0000%5%10%15%20%25%30%35%40%45%50%None1 to 4 hoursper week5 to 10 hoursper week11 to 20 hoursper week21 to 30 hoursper week31 to 40 hoursp

125、er weekMore than 40hours per weekInner source projectsEmployer supported projectsThird-party projectsPersonal timeTotal hoursPercentage of respondentsHours contributed17WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Value proposition of open source use and contribution2Henry Chesbrough,“Measuring the Eco

126、nomic Value of Open Source:A Survey and a Preliminary Analysis,”foreword by Irving Wladawsky-Berger,The Linux Foundation,March 2023.Clear economic and business values are linked to open source useOur survey results further confirm that using open source brings economic and business value.In 69%of ca

127、ses(as depicted in Figure 11),the benefits of open source exceed the associated costs,demonstrating the positive impact it has on various aspects of business operations.Notably,the distribution of these benefits varies across regions,with Europe reporting higher percentages of positive outcomes(77%)

128、,while the Asia-Pacific region registers slightly lower figures(56%).A preliminary analysis paper on quan-tifying the economic value of open source gives further insight into how benefits exceed the costs of open source use.For instance,the paper shows that the benefit-cost ratio of open source has

129、been improving in the past five years.2Figure 12 presents an overview of the perceived advantages that OSS usage brings to organizations.Foremost among these FIGURE 11OSS benefits exceed the costs for most organizationsSource:2023 World of Open Source:Global Spotlight Survey,Q42 by Q5,Sample Size=59

130、9Which of the following statements best characterizes your organizations use of OSS?(select one)segmented by In what country or region does your organization have its headquarters?(select one)Asia PacificEuropeThe AmericasTotalDont know or not sureCosts exceed the benefitsCosts and benefits are abou

131、t the sameBenefits exceed the costs69%71%77%56%15%17%12%18%9%5%4%18%7%7%7%7%18WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023benefits are improved productivity and enhanced software quality,with a substantial 79%and 75%of organizations always or often experiencing these advantages.Furthermore,open source

132、 adoption contributes to a clear economic benefit through the reduction in software ownership costs.Less vendor lock-in is also important,which allows organizations greater flexibility and autonomy in their technology choices.It is also worth emphasizing that OSS adoption appears to have a positive

133、impact on the organizational environment.It enhances efficiency,reduces costs,and makes the workplace more attrac-tive to employees,which is a crucial factor in talent retention.This multifaceted value proposition highlights the wide-ranging advan-tages that OSS offers to organizations,reinforcing i

134、ts importance in modern business and other organizational strategies.FIGURE 12OSS use brings many benefits including improved productivity and software quality,and lower cost for softwareSource:2023 World of Open Source:Global Spotlight Survey,Q17,Sample Size=702How often does using OSS deliver the

135、following benefits in your organization?(order based on“Always”and“Often”answers aggregated)AlwaysOftenSometimesRarelyNeverDont know or not sureImproved securityLess development time to marketLower cost of IT operationsFacilitates innovationLess vendor lock-inMake the organization a better placeto w

136、orkImproved software qualityLower cost of software ownershipImproved productivity36%41%28%34%39%33%28%28%26%43%34%45%34%29%34%36%35%34%16%15%17%20%19%20%23%22%23%2%4%3%2%5%3%5%4%5%1%1%1%1%2%2%2%2%2%3%5%6%9%6%8%6%9%10%19WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Non-monetary benefits of contributionTh

137、e rationale behind contributing to open source projects may not always be immediately apparent to organizations,but there are numerous tangible benefits that such contributions can bring.These advantages encompass not only monetary gains but also improvements to an organizations work environment and

138、 the broader industry landscape.We can see the results in Figure 13.For instance,51%of our respondents believe that contribution always or often enables the IT industry to be more innovative.Collaboration and the sharing of ideas in open source development can lead to groundbreaking advancements and

139、 novel solutions.Furthermore,52%think that contributions always or often make their organizations a better place to work,fostering teamwork,skill development,and a sense of community among employees.Many organizations also see contributing to open source as a moral obligation,reflecting a commitment

140、 to the principles of transparency,collaboration,and giving back to the community.Additionally,improved soft-ware quality resulting from contributions can be directly tied to economic value for organizations.High-quality software reduces maintenance costs,enhances user satisfaction,and can lead to i

141、ncreased revenue.Lastly,contributions aimed at enhancing the security of open source projects are crucial for the long-term health of these proj-ects,protecting an organizations digital assets and reinforcing overall trust in open source solutions.These diverse benefits underscore the multifaceted a

142、dvantages of open source contribu-tion,appealing to the economic interests and the broader values of organizations,ultimately adding to the collective progress and vitality of the open source ecosystem and the technology industry as a whole.FIGURE 13OSS contributions always or often result in improv

143、ed software quality according to 52%of respondentsSource:2023 World of Open Source:Global Spotlight Survey,Q26,Sample Size=604How often do OSS contributions in your organization deliver the following benefits:(order based on“Always”and“Often”answers aggregated)Improved securityFulfill a moral obliga

144、tion to other OSS consumersEnables the IT industry to be more innovativeMakes the organization a better place to workImproved software qualityAlwaysOftenSometimesRarelyNeverDont know or not sure21%31%22%4%4%18%24%28%21%4%5%4%19%25%26%23%4%18%22%25%21%7%5%5%20%18%27%23%6%20%20WORLD OF OPEN SOURCE GLO

145、BAL SPOTLIGHT 2023Motivators for personal time contributionsAlthough our survey focused on organizations,the dedication of developers who willingly contribute to open source projects during their personal time,often without any financial compensation,may also provide important insight.Figure 14 disp

146、lays the various factors that motivate these individuals when deciding whether to engage in open source contributions.Among these factors,the most significant is the pursuit of learning and personal devel-opment,as it holds great influence for 61%of respondents,and somewhat influential for 26%.Anoth

147、er crucial individual factor is the desire to improve career opportunities through open source contributions.However,it is essential to recognize that collective factors also play a pivotal role.For example,the need to address technological gaps not met elsewhere in the industry is a motivating fact

148、or for many contribu-tors.A strong sense of community and belonging within the open source ecosystem is evident in respondents motivations,as 50%of respondents indicated that the enjoyment they derive from collaborating with their peers and actively participating in the community is a very influenti

149、al motivator.Additionally,respondents feel a sense of responsibility toward the open source movement itself,viewing their contributions as a way to give back and support the broader community.This blend of individual and collective motivations illustrates the diverse reasons why developers choose to

150、 contribute their personal time and expertise to open source initiatives.FIGURE 14People contribute in their personal time due to various reasons,be it for individual or collective benefitSource:2023 World of Open Source:Global Spotlight Survey,Q34,Sample Size=637How influential are the following fa

151、ctors when considering whether or not to contribute your personal time to open source projects?Learning and personal developmentFulfilling a technology need not met elsewhereImproving my career opportunitiesResponsibility toward open sourceI enjoy working with my peers and the communityVery influent

152、ialSomewhat influentialNot influentialDont know or not sure61%26%4%9%57%26%5%12%53%26%4%17%50%28%5%17%50%29%5%16%21WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Improving open source sustainabilityA clear lack of return on investment is not the only inhibiting factor for open source contributions in org

153、anizationsWhen we consider strategies to improve OSS sustainability,partic-ularly in the context of open source contributions,it becomes vital to identify and address the barriers organizations face.Figure 15 shows that the most prominent issue hindering organizations from contributing is not the ex

154、pected lack of a clear return on investment.Instead,43%of organizations cite legal and licensing concerns,coupled with a fear of leaking IP(43%),as significant obstacles.This highlights the importance of navigating the legal landscape when engaging in open source initiatives.Moreover,38%of organizat

155、ions identify a lack of policy or training materials as a challenge,emphasizing the need for well-defined guidelines and educational resources to facilitate contributions effectively.While 36%of respondents consider a clear lack of monetary return on investment a barrier,23%disagree with this statem

156、ent.This suggests that a significant number of orga-nizations do not view the absence of direct financial gains as an important obstacle to their contributions.Respondents also mention technology constraints and chal-lenges(as illustrated in Figure 15)as another hindrance.These may encompass technic

157、al limitations or difficulties in integrating open source contributions into their existing technology stack.Understanding and addressing these diverse barriers can pave the way for increased open source contributions from organizations,ultimately promoting sustainability and innovation within the o

158、pen source ecosystem.FIGURE 15Top concerns about contributions include legal,licensing and leaking IP issuesSource:World of Open Source:Global Spotlight Survey,Q28,Sample Size=604Does your organization agree or disagree that its OSS contributions are limited by:Legal or licensing concernsA fear of l

159、eaking intellectual property(IP)A lack of policy or training materialsA clear lack of return on investmentTechnology constraints and challengesAgreeNeutralDisagreeDont know or not sure43%27%10%20%43%24%9%24%38%26%11%25%36%30%11%23%34%31%10%25%22WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Allocating em

160、ployee time should be a priority to increase contributionsWhen we shift the perspective and inquire about the areas deserving of resources or investment to foster increased open source contributions,several clear solution paths emerge(Figure 16).Foremost among these is the allocation of employee tim

161、e for open source contributions,which ranks as the top priority at 65%.Providing the necessary time and resources enables employees to actively engage in open source projects,enhancing their contribu-tions.Financial support for open source projects is another critical avenue for boosting contributio

162、ns(63%).By allocating funds,orga-nizations can help sustain and advance the projects they rely on,reinforcing their commitment to the open source community.Building on the earlier discussion of legal and licensing concerns,addressing these issues is crucial.A significant 55%of respondents agree that

163、 tackling licensing concerns would significantly increase contributions.This underscores the importance of legal clarity in encouraging organizations to engage more actively in open source initiatives.Additionally,providing clearer and more accessible poli-cies for employees regarding open source co

164、ntributions is essen-tial.Many organizations currently lack well-defined open source contribution policies(Figure 4),which can act as a deterrent.Clarity in this area empowers employees to participate confidently.Educating the organization on the value of OSS is important(62%).While survey responden

165、ts recognize the high value associated with open source,its essential to ensure that this understanding permeates throughout the organization.When management and other stakeholders grasp the significance of open source contributions,they are more likely to support and invest in these initiatives,pre

166、serving the roles of open source contributors within the company.FIGURE 16Employee time for contributions and funding are the most popular areas respondents feel need investmentSource:World of Open Source:Global Spotlight Survey,Q29,Sample Size=637How much would OSS contributions change if your orga

167、nization invested in the following actions:Allocating employee time for open source contributionsFunding open source projectsProviding organization-wide education on the OSS value propositionProviding clearer policies to employeesOpen sourcing its own products or internal toolsAddressing security co

168、ncernsAddressing licensing concernsGetting involved in industry or government policymakingIncreaseStay the sameDecreaseDont know or not sure65%24%8%3%63%25%10%2%62%27%10%2%59%29%10%2%58%25%14%3%56%31%10%3%55%31%11%3%49%31%15%5%23WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023FIGURE 17Government adoption

169、of open source is leading area for further investmentSource:2023 World of Open Source:Global Spotlight Survey,Q41 by Q5,Sample Size=599,Total Mentions=1,507Priorities in investment differ in some regions Figure 17 reveals regional disparities in the priorities for invest-ment and advancement within

170、the open source landscape.In the Americas and Europe,respondents highlight the unique role that governments play in driving open source adoption,with 42%and 48%respectively selecting this option as a top priority.Following closely behind is the pursuit of open source alternatives to tech-nology mono

171、polies,emphasizing the need for increased competi-tion and choice in these regions.Furthermore,respondents from these areas believe that improving academic education related to open source technologies is another essential investment area.Conversely,in the Asia-Pacific region,the priorities differ.T

172、he leading choice here is better funding for the commercial open source startup ecosystem(36%),reflecting the importance of nurturing entrepreneurship and innovation in open source busi-nesses.Fostering open source global technology standards ranks as the second priority(31%),highlighting the role o

173、f this region in setting and promoting industry-wide standards.Government adoption of open source emerges as the third priority.These regional variations emphasize the diverse needs and oppor-tunities within the open source landscape,suggesting that tailored strategies and investments may be necessa

174、ry to promote open source adoption and sustainability effectively in each region.In which areas do you think there should be further investment in open source across your geographic region?(select between one and threeresponses)segmented by In what country or region does your organization have its h

175、eadquarters?(select one)(order based on worldwide average)Dont know or not sureOther(please specify)Additional laws like the Digital Services Act and Digital Markets ActA friendlier legal landscape for open sourceMentorship/internship programsOpen source as“digital commons”public goodIndividual ince

176、ntives(e.g.,grants)to maintainersFoster open source global technology standardsBetter academic educationOpen source alternatives to technology monopoliesBetter funding of the commercial open source startup ecosystemGovernment adoption of open sourceAsia-PacificEuropeThe Americas42%30%36%33%25%28%25%

177、20%14%9%1%5%48%23%37%29%27%22%27%17%15%9%1%4%27%36%15%23%31%22%19%18%16%13%1%6%24WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023AI/ML and other technologies that factor into future OSS useAs part of our research on sustainability,we asked organizations which open source technologies are most valuable to

178、the future of their industry.The intent was to identify and initiate discussions on how best to support these technology areas.Figure 18 indi-cates that five technology areas warrant discussion.These include AI/ML(36%),cloud and container technologies(30%),the Linux kernel(28%),cybersecurity(25%),an

179、d advanced analytics and data science(24%).AI/ML is now showing up frequently as a key issue in LF Research surveys.AI/ML factors heavily into organizational hiring plans,is a high-growth technology area,and is an area targeted by 3Jason Perlow and Stephen Hendrick,“2023 State of Tech Talent Report,

180、”foreword by Clyde Seepersad,The Linux Foundation,May 2023.organizations for OSS development.3 The OSS challenge with AI/ML is determining how exactly the community can add value.Stay tuned for an upcoming research report on the state of open source in generative AI later in 2023.Cloud and container

181、 technologies continue to be a strong focal point for LF activities judging by the lengthy list of CNCF incubating and graduated projects and the high levels of interest and partici-pation in these projects.The Linux operating system has been and will continue to be a key foundational element of LF

182、guidance and support.Cybersecurity rises in importance as a technology area that the OpenSSF gives plenty of attention to.Finally,advanced analytics and data science have become a top five technology warranting greater OSS attention-most likely from the pull through being driven by AI/ML.FIGURE 18AI

183、/ML factors prominently into future organizational plansSource:2023 World of Open Source Global Spotlight Survey,Q38,Sample Size=584,Total Mentions=1,611(DKNS excluded)Which open source technologies do you feel are the most valuable to the future of your industry?(select between one and three respon

184、ses)Other(please specify)Manufacturing,3D printing,and CAD/CAMStorage technologiesEdge computingOpen source hardwareAugmented/Virtual realityNetworking technologies(5G,SDN,NFV,etc.)IoT&EmbeddedBlockchainKubernetesCI/CD&DevOpsDatabase and data managementWeb&application developmentDevOps/GitOps/DevSec

185、OpsAdvanced analytics and data scienceCybersecurityLinuxCloud/Container technologiesArtificial Intelligence/Machine Learning36%25%24%17%17%16%15%14%10%9%8%8%6%6%3%3%2%30%28%25WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023Conclusions and actionable insightsThe current state of OSS use and contributionTo

186、conclude,the open source landscape is marked by the persistence of asymmetrical use and contribution policies,which reflect the various attitudes and strategies of organizations,characterizes the open source landscape.Additionally,dispari-ties exist in the gaps between open source technology use and

187、 contribution,underscoring the need for more comprehensive strategies.Regarding open source use,some organizations may lag in implementing best practices for safe usage.When it comes to contributions,there is room for improvement in terms of testing and documentation when code is being pushed upstre

188、am.While its evident that organizations perceive value in contributions,its noteworthy that this value encompasses both non-monetary benefits and those tied to economic gains.This multifaceted value proposition underscores the diverse motivations for contributing to open source projects.However,cont

189、ributing to open source is not without its challenges.These barriers extend beyond a simple lack of monetary return and encompass a range of factors,including legal concerns,organizational policies,and resource constraints.The open source ecosystem is dynamic and diverse,characterized by a complex i

190、nterplay of policies,practices,motiva-tions,and challenges.OSPOs can help organizations navigate the open source landscapeEstablishing an OSPO is an excellent way to formalize and struc-ture an organizations open source efforts.OSPOs can provide clear policies and guidelines to employees,fostering a

191、 culture of responsible open source engagement.They can also address legal and licensing concerns,ensuring compliance with open source licenses.OSPOs can play a pivotal role in increasing an organiza-tions contributions to open source projects.By providing clear policies,resources,and support,OSPOs

192、empower employees to contribute confidently.Organizations need not navigate the open source landscape alone.Resources such as those offered by the TODO Group may be invaluable.They provide guidance on setting up and managing OSPOs,including best practices and case studies.Such a strategy ensures tha

193、t organizations follow the necessary steps and fosters a culture of collaboration,compliance,and contribution,ultimately benefiting both the organization and the broader open source community.Government adoption of open sourceGovernment adoption of open source could help encourage international coll

194、aboration on software projects.When multiple governments adopt the same open source solutions,it promotes standardization and compatibility,making it easier for organiza-tions worldwide to work together.Government funding provides financial support for open source and signals its importance,encourag

195、ing other organizations and entities to invest in open source development.It could help build a more robust open source ecosystem by addressing the financial challenges that many projects face.Government adoption of open source can create a ripple effect by increasing the prominence of open source s

196、olutions in the market,attracting funding,and encouraging collaborative efforts that advance the open source ecosystem.Further insights into how the public sector is playing and should be playing a role in open source advancement specifically in Europe,26WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023can

197、 be found in the Linux Foundations The European Public Sector Open Source Opportunity report.4Allocating employee time and funding open source projects should be priority solution pathsAlthough monetary factors are not the number one motivator for contributors to work on OSS5,the sustainability of t

198、he open source ecosystem will ultimately rely on whether open source projects can continue without their developers burning out and/or quitting.The financial factor may not be the first that attracts developers to the work but might be the most important factor driving them away from projects if lac

199、king.In the survey results,we have seen that most open source developers think that contributions would increase if organizations allowed employees to contribute during working hours.In terms of directly funding open source projects or contributors,there are various ways to donate,sponsor,and help t

200、he work of maintainers.64Cailean Osborne,Mirko Boehm,and Ana Jimenez Santamaria,“The European Public Sector Open Source Opportunity:Challenges and Recommendations for Europes Open Source Future,”foreword by Gabriele Columbro,The Linux Foundation,September 2023.5Frank Nagle et al.,“Report on the 2020

201、 FOSS Contributor Survey”,The Linux Foundation&The Laboratory for Innovation Science at Harvard,December 2020.6Ashwin Ramaswami,“Open Source Maintainers:What They Need and How to Support Them.”The Linux Foundation,2023 www.linuxfoundation.org/blog/open-source-maintainers-what-they-need-and-how-to-su

202、pport-them?a.7Cailean Osborne,“Open Source Innovation as a Potential Lever for Economic Recovery:Insights from a Linux Foundation Challenge Session at the 9th World Open Innovation Conference,”foreword by Henry Chesbrough,The Linux Foundation,March 2023That being said,to ensure the vitality of proje

203、cts and avoid unnec-essary competition among open source developers,it is best to give open source project communities autonomy over the funding provided.At the same time,open source communities should maintain transparency around the level of corporate involvement and funding in the interest of saf

204、eguarding community interests.7 Autonomy and transparency fosters human-centered open source technological innovation,which companies ultimately rely on.While acknowledging that economic headwinds are at play that divert attention from these efforts,we hope this report serves as evidence that the op

205、en source ecosystem is deserving of a special focus in resources and investment.If you are interested in further discussions around open source innovation as a potential lever for economic recovery,read our report on the key takeaways on the topic.Thank you for reading through and being part of the

206、conversation.MethodologySurvey screening involves the use of four variables to validate the respondent.The respondent needed to answer all the demo-graphic questions.The respondent had to be at least somewhat familiar with how their organization uses and contributes to open source software.The respo

207、ndent needed to self-identify as a real person willing to share their OSS experience and perceptions.The respondent needed to be able to speak for themself and the department,organization,or industry they are working for.The respondent could not be“unemployed and not currently looking for work,”a fu

208、ll-time student,or retired.27WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023A total of 2,165 candidates started the survey.There were 1,249 candidates that we disqualified due to the screening criteria outlined above,and 916 answered a significant number of survey questions or completed all of them.The m

209、argin of error for this sample size was 2.7%at a 90%confidence level.We stratified the data collection by company size and organization type.We also designed the stratification to allow segmentation by these vari-ables and other variables correlated with these.Although respondents needed to answer n

210、early all questions in the survey,there were times when the respondent was unable to answer one because it was outside the scope of their role or experience.For this reason,we added a“Dont know or not sure”(DKNS)response to the list of responses for nearly all questions.However,this creates a variet

211、y of analytical challenges.One approach was to treat a DKNS just like any other response so that the percentage of respondents that answered the DKNS is known.The advantage of this approach is that reports fact the exact distribution of data collected.The challenge with this approach is that it can

212、distort the distribution of valid responses,i.e.,responses where respondents could answer the question.Some of the analyses in this report exclude DKNS responses.This is because we can classify the missing data as either missing at random or missing completely at random.Excluding DKNS data from a qu

213、estion does not change the distribution of data(counts)for the other responses,but it does change the size of the denominator used to calculate the percent of responses across the remaining responses.This has the effect of proportionally increasing the percentage values of the remaining responses.Wh

214、ere we have elected to exclude DKNS data,the footnote for the figure includes the phrase“DKNS responses excluded.”The percentage values in this report may not total exactly 100%due to rounding.Survey designThe 2023 World of Open Source:Global Spotlight Survey comprised 43 questions,including the the

215、mes of open source use,contribution,value,and sustainability.For information about access to the 2023 World of Open Source:Global Spotlight project and survey instru-ment,see the Data.World access heading at the end of this section.Data.World accessLF Research makes each of its empirical project dat

216、asets available on Data.World.Included in this dataset are the survey instrument,raw survey data,screening and filtering criteria,and frequency charts for each question in the survey.LF research datasets,including this project,can be found at data.world/thelinuxfoundation.About this studyThis study

217、is based on a web survey conducted by the LF and its partners in 2023 from April to June.The surveys goal was to provide a global perspective on the state of open source.In the following,we present the study methodology and the demographics of the respondents.From a research perspective,it was impor

218、tant to eliminate any perception of sample bias and ensure high data quality.We handled the elimination of sample bias by sourcing our usable sample from the LF membership,partner communities,social media,and a third-party panel provider.We addressed data quality through extensive pre-screening,scre

219、ening criteria,and data quality checks to ensure that respondents had sufficient open source familiarity and professional experience to answer questions accurately on behalf of the organization they worked for.We collected survey data from end-user organizations,IT vendors and service providers,and

220、nonprofit,academic or government organizations.Respondents spanned many vertical industries and companies of all sizes,and we collected data from geographies including the Americas,Europe,and Asia Pacific.28WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023DemographicsThe demographic data in Figure 19 illus

221、trates some of the consid-erations that we gave to survey stratification.The type of organization,shown in the top left-hand chart,contains the distribution of IT vendors/service providers and end-user organizations.End-user organizations are companies that use IT products and services to support th

222、eir business deliver-ables.We also included nonprofits,foundations,academic institu-tions,and government agencies in the end-user category.The bottom left-hand chart in Figure 19 shows company size as measured by the number of employees.We aggregated the seven categories originally presented in this

223、 question into the three cate-gories shown here.The intention was to ensure that each of these three categories had enough responses so that,when cross tabbed,the results would be reliable.The right-hand chart shows the role that best describes the respon-dent.Approximately 71%of the respondents wer

224、e in technical roles.FIGURE 19Selected Demographics from the 2023 World of Open Source:Global Spotlight SurveySource:2023 World of Open Source:Global Spotlight Survey,Sample Size=916Q7:What option best describes theorganization you work for?(select one)Q10:Please estimate how many employeesyour orga

225、nization has worldwide?(select one)Q6:Professionally,which role do you most closely identify with?(select one)29%17%14%8%6%6%4%3%2%2%2%2%1%0%5%43%End-userorganization57%VendorDont knowor not sure10,000 or more250 to 9,9991 to 24933%38%28%1%Other(please specify)Legal counselBusiness analystSoftware d

226、elivery(packaging,release,QA)Data scientist or machine learningSales and marketingSecurity teamAcademia/EducationOpen source program office(OSPO)teamProduct or project managementSystems operations management-director or vice presidentSoftware development or delivery management-director or vice presi

227、dentC-level(CEO,CFO,CTO,CIO,CISO,CSO)Systems operations,administration,SRE,or ITSMSoftware development(developer,engineer,architect,etc.)29WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023AppendixA1Q18:Do you agree or disagree that OSS use in your organization is limited by:(select one response per row)Agr

228、eeNeutralDisagreeDont know or not sureA lack of understanding of the non-technical value proposition41%23%29%7%Licensing of intellectual property(IP)concerns45%28%21%6%A lack of a clear policy or supporting training and guidance on how to use OSS41%25%27%6%External regulations or other formal restri

229、ctions36%31%25%8%Concerns about the quality of OSS components38%32%25%5%Concerns about the security of OSS components42%29%22%6%A2Q15:What actions does your organization usually take before using a new OSS component?(select all that apply)segmented by Q5:In what country does your organization have i

230、ts headquarters?(select one)TotalThe AmericasEuropeAsia-PacificOtherWe check the activity level of the project community(contributors,commits,etc.)50%55%54%38%55%We evaluate the direct dependencies of the OSS code to determine if its too risky to use42%45%38%42%48%We look at repository ratings or pa

231、ckage downloads statistics42%45%43%34%52%We look at the frequency of releases39%41%41%32%43%We evaluate the source code using automated tools(SCA,SAST,Fuzz Testing,web app scanners,etc.)36%41%30%39%21%We evaluate the transitive dependencies of the OSS code to determine if its too risky to use31%37%2

232、7%32%21%We manually review/inspect the source code30%32%26%33%26%We check if the project has a responsible disclosure policy(such as a SECURITY.md)26%29%24%25%21%We check the component against a risk policy or risk calculations that we do24%28%24%19%19%We dont review or evaluate the OSS components t

233、hat we use10%9%11%11%14%Dont know or not sure9%10%11%4%12%30WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023A3Q25:Has your organization made any of the following OSS contributions?(select all that apply)Opened an issue on an open source project54%Contributed code to an open source project48%Answered queri

234、es relating to an open source project on an online community(e.g.,Stack Overflow,Reddit)46%Helped with open source documentation40%Contributed designs,graphics,or other non-code assets26%None of the above12%Dont know or not sure13%31WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023AcknowledgmentsWe thank a

235、ll the participants of the survey for kindly sharing their insights and experience on the state of open source.Special thanks to peer reviewers and LF colleagues for their involvement in the various stages of the research process:Sachiko Muto,Graham Odds,Colin Eberhardt,Irving Wladawsky-Berger,Maria

236、 Roche,Hilary Carter,Anna Hermansen,Christina Oliviero,Cailean Osborne,and Melissa Schmidt.About the authorsADRIENN LAWSON is a data analyst at the LF.Adrienn obtained a masters degree from the University of Oxford in social data science.She supports LF Research with survey development,analysis,and

237、report writing.Adrienn has previously conducted research at the University of Oxford,the Budapest Institute for Policy Analysis,and the U.K.s Office for National Statistics.STEPHEN HENDRICK is vice president of research at the Linux Foundation,where he is the principal investigator on a variety of r

238、esearch projects core to the Linux Foundations understanding of how OSS is an engine of innovation for producers and consumers of IT.Steve specializes in primary research techniques developed over 30 years as a software industry analyst.Steve is a subject matter expert in application development and

239、 deployment topics,including DevOps,application management,and decision analytics.Steve brings experience in a variety of quantitative and qualitative research techniques that enable deep insight into market dynamics and has pioneered research across many appli-cation development and deployment doma

240、ins.Steve has authored over 1,000 publications and provided market guidance through syndicated research and custom consulting to the worlds leading software vendors and high-profile start-ups.32WORLD OF OPEN SOURCE GLOBAL SPOTLIGHT 2023 Copyright 2023 The Linux FoundationThis report is licensed unde

241、r the Creative Commons Attribution-NoDerivatives 4.0 International Public License.To reference this work,please cite as follows:Adrienn Lawson and Stephen Hendrick,“Global Spotlight 2023:Survey-based insights into the global landscape of open source trends,sustainability challenges,and growth opport

242、unities”,foreword by Sachiko Muto,the Linux Foundation,October 2023.Founded in 2021,Linux Foundation Research explores the growing scale of open source collaboration,providing insight into emerging technology trends,best practices,and the global impact of open source projects.Through leveraging project databases and networks,and a commitment to best practices in quantitative and qualitative methodologies,Linux Foundation Research is creating the go-to library for open source insights for the benefit of organizations the world over.October