Research Shows Open Source Program Offices Improve Software Practices
Using open source software is commonplace, with only a minority of companies preferring a proprietary-first software policy. Proponents of free and open source software (FOSS) have moved to the next phases of open source adoption, widening FOSS usage within the enterprise as well as gaining the “digital transformation” benefits associated with open source and cloud native best practices.
Companies, as well as FOSS advocates, are determining the best ways to promote these business goals, while at the same time keeping alive the spirit and ethos of the non-commercial communities that have embodied the open source movement for years.
As we learned last year in our first survey on this topic, purpose-built program offices and less formal initiatives play an important role in helping companies create policies that will increase adoption of open source components into commercial software products, promote open source culture, and guide corporate citizenship within open source communities.
In partnership with The Linux Foundation’s TODO Group and co-sponsored by VMware, The New Stack conducted its second annual “Open Source Programs in the Enterprise” survey to investigate how and if these open source programs are succeeding. We found an emerging consensus about how best to manage and promote open source initiatives.
Over 2,700 people participated in the survey. Company size was broadly represented, with 21% of respondents working at large companies with more than 10,000 employees, and 39% from small and mid-size companies with 250 or fewer employees. Developers and software engineers represented 43% of respondents, with at least another 36% holding an IT-related role.
This article starts with the study’s key findings, proceeds to charts and analysis and concludes with a discussion of the study’s methodology.
- Adoption of open source programs and initiatives is widespread and goes beyond early adopters. More than half (52%) of the 2,700 study participants either have a formal or informal program or their company is planning to create one, which is one percentage point less than last year. Despite tripling the study’s sample size, many of the study’s findings as well its demographic profile remained remarkably similar compared to last year. We see this as a validation of last year’s report.
- Expectations for open source program management have begun to crystalize. Fostering an open source culture continues to be the top responsibility of these programs. However, the results show culture is less likely to be seen as a benefit when defined as interactions between departments as opposed to general digital transformation and agility. Compared to last year, facilitating the effective use of open source in commercial products and services rose from the fifth to the second most cited responsibility.
- Hiring of open source developers is a more prominent concern. Mentions of developer recruitment and retention as a primary benefit of open source programs rose from 31% in 2018 to 36% in the latest study. Forty-two percent of companies planning a program say they are at least sometimes hiring developers to work on an open source project, up from 33% in 2018.
- Code quality is associated with open source software practices. Forty-one percent of participants with OSS management initiatives say these programs are responsible for ensuring high quality and frequent releases to open source communities. In open-ended questions, many respondents discussed how code review processes instituted by OSS programs had a positive impact on code quality.
- There is no consensus about the impact of open source citizenship on buying decisions. Twenty-nine percent say their perception of a company’s open source participation is very influential on their organization’s buying decisions but 32% say it is slightly or not at all influential.
Open Source Remains Commonplace in the Enterprise
More than three times as many people participated in the 2019 survey as compared to last year, but many of the findings remain consistent year-over-year. This indicates that the 2018 results were not skewed by a significant over-representation of early adopters involved with The Linux Foundation’s TODO Group. In other words, the survey represented a wide cross-section of enterprises and not just those that were already part of what might be considered a tight-knit group of like-minded open source fans. Overall, the data’s consistency provides confidence that the findings are not the result of self-selection bias.
Over 85% of respondents said their company at least sometimes uses open source components for noncommercial or internal reasons, which was a drop from last year’s 88% figure. This high level of adoption is consistent with many other studies’ findings, even those that are not open source focused surveys. Sixty-nine percent are at least sometimes using open source code in commercial products, with that figure jumping to 83% among technology companies. Just like with non-commercial use, adoption of open source in commercial products actually dropped from 72% the year before. The stability in these figures indicates that the next big changes in open source within the enterprise will be regarding the scope of its use and the degree to which enterprises emphasize giving to the community.
Participation in the open source community is significantly higher among technology companies. For example, 56% of respondents at tech companies say their organizations sometimes or frequently contribute code upstream as compared to 43% among the full sample.
A company’s size is also correlated with its open source footprint. Although big companies are often accused of not giving back to the open source community, the data says otherwise. Organizations with more than 10,000 employees are frequently contributing code upstream 41% of the time, while only 14% of companies with 2 to 50 employees are doing so.
The largest companies, many of which are internet-scale technology firms, have the resources to dedicate to projects that may not be directly generating revenue. Although smaller firms often use open source code in their commercial products, they are sometimes more focused on their own company’s projects as opposed to those on which they rely.
Demand for Open Source Programs and Initiatives
Overall, the percentage (36%) of the survey with an open source program remained constant compared to last year. The number of survey respondents with an open source program or initiative rose from 280 to 960, indicating that last year’s survey (Open Source Programs Are a Best Practice Among Large Companies) was not skewed by an over-sampling of early adopters.
In general, companies with open source programs are further along in their open source journey, which typically sees a company moving from just consuming open source to actually contributing code upstream, and then eventually initiating and creating their own projects. Following this logic, it is unsurprising that just like last year, open source programs are more likely to exist at companies that also recruit open source developers and include open source dependencies in commercial projects.
Companies that maintain 1 to 10 open source projects are more likely to be planning a program — 21% are planning programs versus the study average of 16%. Going forward, we believe that companies that maintain open source projects will increasingly view open source programs as essential.
With this year’s larger sample size, we are able to more confidently assess how popular open source programs are across different industry verticals. The industries with the largest representation in the study saw little variation with technology and telecommunications-related companies seeing one and two percentage point drops compared to 2018. Furthermore, most (79%) Internet-scale technology companies with more than 10,000 employees already have an open source management program, which is a slight increase compared to last year.
Industries that typically do not attempt to monetize open source were the least likely to have an open source program, with less than 22% of respondents in Defense, Education, Insurance, Retail and Manufacturing saying these programs exist.
Companies with Existing Open Source Programs
As existing open source programs mature, there is growing agreement about what they are supposed to do. This increasing certainty over the program’s role within a company resulted in many of the answer choices seeing a drop in the percentage of users mentioning them. This was primarily because about 10% fewer checkboxes were ticked for several “select all that apply” questions.
Increased innovation rose to become the most cited benefit of open source programs. Lower support costs were also more likely to be seen as a benefit. However, people have become less optimistic about the programs’ impact on development speed and a company’s ability to quickly bring new products to market.
Culture change dropped dramatically as a benefit of open source programs, but that is mostly because last year we asked people to think about culture change in terms of progress towards digital transformation, openness and agility. Since many of these changes are included in other benefit categories, the latest study just asked about how culture change improves interaction among departments.
Despite a drop in people citing it as a benefit, fostering open source culture within an organization continues to be the top responsibility of an open source program or initiative. Facilitating the use of open source in commercial products saw a tick down but actually rose in relative prominence, going from the fifth to the second most mentioned responsibility of a program. Overall, open source programs are moving towards engagement of developer communities and see involvement with external projects as a benefit unto itself.
Maintaining OS license compliance reviews and oversight is less likely to be a primary responsibility of open source programs, going from #2 to #5 on the list. This does not mean license compliance is less important. Instead, fewer companies are requiring open source groups to work on a day-to-day basis with Legal and Compliance departments.
Open source programs are improving how software development is handled. In response to one of our new questions, 81% of respondents say their program has had a positive impact on their company’s software practices. In an open-ended follow-up question, code reviews and license-compliance processes were repeatedly cited as specific practices that were improved as a direct result of the program. Furthermore, code quality and reduced costs were often cited as specific benefits coming from improved software practices.
While there are many positives associated with these programs, there are also challenges. Top among them is finding and recruiting open source developers, a challenge that is becoming more difficult, with 38% seeing it as a top challenge they face, up from 32% last year. With recruitment increasingly being seen as a program benefit, so has the imperative to execute in this area.
Tool selection has also risen as a challenge even though fewer people think setting up infrastructure and tooling is a primary responsibility. This is possibly because open source programs are being asked to decide which projects the company should invest in.
Companies Without an Existing Open Source Program
As mentioned earlier, companies with plans to create an OSS management program are increasingly hiring developers to work on open source projects. In addition, they are more likely to view developer hiring and onboarding as a way to measure success. One area where they are seeing declining expectations is time to market, with those seeing this as a good key performance indicator (KPI) for open source programs going from 32% to 20%. Those with existing programs and people planning programs have a declining expectation that development speed in and unto itself will be a benefit of open source programs.
Even people with no plans for an open source program are citing fewer objections to creating one. Awareness of open source programs has increased, while at the same time those thinking their company would benefit from an open source program declined from 70% to 63%. However, this also means that the remaining companies with no plans are more likely to be receptive to an open source program. Thus, those that haven’t even considered the option declined from 43% in 2018 to 37% in 2019. Even more significantly, time or resource constraints are the reason for no plans for 30% of this group, down from 42% the year before. These findings indicate that there are fewer barriers to creating an open source program.
When asked hypothetically how they would approach creating a program, many people were skeptical that the business culture would be supportive of open source, let alone an open source program. Overall, there was a consensus that getting executive buy-in is essential, and can be done by doing a cost-benefit analysis or creating a proof of concept. One respondent suggests this would entail, “First starting an open source project in my organization, and once done we can use the best practices that we learned from this project to create an open source program office in my organization.”
Thus, the path forward often means starting with an informal open source group, and then creating a more formal program once executive buy-in is achieved.
Views on Open Source in General
We asked participants to rate the top benefits of open source in general and found that some, but not all are related to the perceived benefits of operating an open source program office. Development speed, technology flexibility and total cost of ownership are the top three benefits of using open source code, regardless of a company’s plans to have an open source program office. Security and support continue to be least likely to be viewed as a top benefit of using open source software.
Security and software compliance are areas in which open source program offices are helping to mitigate some of the pain points associated with open source.
We expect more and more people will see code quality as an open source benefit. Forty-one percent of participants with OSS management initiatives say these programs are responsible for ensuring high quality and frequent releases to open source communities. While “quality” is often hard to define, many respondents say newly instituted code reviews have been a specific positive impact on their company’s software practices.
The study also asked a series of questions about open source corporate citizenship. Although pundits make big claims about how important it is to give back to the community, a majority say open source perception won’t affect business wins and losses. Specifically, 32% say a company’s participation in, and contributions to, the open source community has little to no influence on their organization’s buying decisions, while 29% say this is a very influential factor.
A forthcoming follow-up article will cover in more detail our findings on the perception of 11 companies’ open source citizenship in terms of contributions, collaboration and leadership on open source projects and initiatives within the open source ecosystem.
What to Look for Next
In addition to diving into perceptions about specific companies, future articles will provide details about the prevalence of policies meant to support open source contributors. In addition, we’ll present adoption findings on software composition analysis tools (e.g., GitLab, Sonatype), code repositories (e.g., GitHub, Bitbucket) and compliance methodologies promoted by organizations like FOSSology and ClearlyDefined.
The benefits of open source software cannot be achieved overnight, but companies with initiatives to promote open source overwhelmingly say these efforts are improving their companies’ software practices. The New Stack and its partners will continue to gauge how effective these and other policies are in promoting the sustainable growth of open source projects and their unique way of doing things. Hopefully, our research will enable enterprises to justify increased contributions to a healthy community of software maintainers, contributors and end-users.
Over 2,700 responses were received, and over 1,600 completed the survey. One hundred and thirty responses were excluded because they appeared to come from the same company (based on email address, name of company or IP address). The data cleaning allows us to more confidently interpret the data as being from individual companies rather than just individual respondents.
The survey was conducted on July 8 – 29, 2019. Respondents were solicited via social media and with emails to The Linux Foundation, TODO Group, and The New Stack email lists.
The full dataset can be found here.