As the host of the Open at Intel podcast, I've had the privilege of speaking with numerous open source leaders about the unique challenges maintainers face in today's landscape. Beyond just writing code, maintainers navigate complex security demands, community dynamics, and technical evolution. In honor of Maintainer Month, I'd like to share some of my favorite episodes featuring open source maintainers.
The Burden of Security in Software Maintenance
In my conversation with John Kjell of TestifySec, we discussed the significant security challenges maintainers face. John maintains several projects under the Cloud Native Computing Foundation (CNCF), including Witness and Archivista, giving him firsthand experience with these pressures.
John highlighted an important reality when he noted that "maintainers have many burdens placed on them, and we're adding to their load by asking them to do more from a security perspective." This observation resonated with me, as it acknowledges the growing expectations placed on maintainers. We explored how tools like OpenSSF Scorecard can be both beneficial and overwhelming, providing helpful security visibility while also potentially adding to a maintainer's workload. John's perspective offers a thoughtful balance between security necessities and maintainer wellbeing, recognizing that sustainable security practices need to account for the human elements of open source work.
That Open Source Maintainer Life
My discussion with Sarah Christoff, software engineer and lead maintainer of Porter, was a very real discussion of both the challenges and rewards of being an open source maintainer. This was one of those episodes where I wished we could have kept chatting for hours over coffee. Sarah brought a breath of fresh air to the "maintainer struggle" conversation.
Sarah emphasized the importance of human connections in navigating maintainer roles effectively, and she shared advice for aspiring maintainers about showing up consistently and building relationships within the community. We discussed common challenges like resource limitations and project adoption, with Sarah offering practical perspectives from her experience with the Porter and Zarf projects. What I found particularly interesting was the parallel she drew between her open source work and her animal rescue activities—both require community building, patience, and dedication to a larger purpose. Her approach demonstrates how successful maintainers often integrate various aspects of their lives while serving their communities.
Falco: A New Approach to Security and Visibility
Speaking with Loris Degioanni was particularly exciting, given his significant contributions to open source security. As the creator of Wireshark and Falco, and as CTO and founder of Sysdig, Loris has pioneered innovative approaches to security visibility that are reshaping how the industry approaches these challenges.
Loris's perspective is that "the future of security is open." He observed that security has traditionally operated in silos, with limited information sharing, but open source is transforming this dynamic by enabling communities to collaborate on security solutions. Loris explained the industry's evolution from packet-based to system call-based security via eBPF, providing maintainers with useful context on emerging security trends. His discussion of Falco's community-driven rule set was especially relevant, demonstrating how distributed expertise can create more robust security solutions than any single organization could develop. This collaborative approach offers an inspiring and practical model for how open source can address complex security challenges.
The Path to Stronger Open Source Security Processes
Emily Fox, security lead in emerging technologies at Red Hat, shared wisdom learned over the course of an interesting career, spanning from creative director at an entertainment company to security lead. Her unique background provides a fresh perspective on integrating security into development processes. Our conversation left me rethinking everything I thought I knew about security.
Emily addressed the often challenging relationship between security and development teams, offering thoughtful approaches to make security feel like a natural part of the development workflow rather than an obstacle. What particularly resonated with me was her emphasis on reducing barriers for new contributors, especially in complex projects. She posed important questions like, "How do we make it easier?" and "How do we decrease the barrier to entry?" that get to the heart of community growth challenges. Emily's perspectives on balancing security requirements with accessibility and inclusivity provide maintainers with practical guidance for creating secure yet welcoming projects that can attract and retain diverse contributors.
Fine-Grained Authorization with OpenFGA
My conversation with Andres Aguiar about OpenFGA highlighted an important open source initiative for fine-grained authorization management. As a product manager at Okta, Andres brings deep expertise to the challenge of implementing authorization systems that are both secure and manageable.
Andres explained how OpenFGA helps developers implement more sophisticated authorization in applications beyond traditional role-based access control. This addresses a critical security area where developers commonly encounter difficulties—in fact, the OWASP Top 10 vulnerabilities for APIs lists broken fine-grained authorization as a primary concern. Andres noted that authorization is "difficult to implement and developers make a lot of mistakes there. It's hard to have it consistent across your application," highlighting why specialized tools are valuable for maintainers. The episode underscores how targeted open source security tools can solve common implementation challenges while reducing maintainer burden. As a CNCF sandbox project, OpenFGA's growing community adoption demonstrates the value of collaborative approaches to complex security problems.
Balancing Technical Excellence with Community Needs (Maintainer Life Isn’t Just Coding)
These conversations have reinforced an important observation: successful open source maintenance requires balancing technical expertise with community development and human factors. The most effective maintainers navigate security responsibilities, foster inclusive communities, adopt innovative approaches, and create accessible contribution pathways—all while delivering technical excellence.
What stands out across these discussions is the genuine commitment to sharing knowledge within the open source community. Despite the challenges inherent in project maintenance, these leaders continue to develop better tools, share their insights, and welcome new contributors to their projects.
Whether you're addressing security challenges, building community, preventing burnout, or implementing robust authorization patterns, I hope these conversations provide both practical guidance and reassurance that others are navigating similar challenges.
I invite you to join us at the Open at Intel podcast where we continue these important conversations with leaders across the open source ecosystem. You can find our episodes at Open.intel.com/podcast.
Katherine Druckman, an Intel Open Source Evangelist, is a co-host of podcasts Reality 2.0 and FLOSS Weekly. A long-time Drupal enthusiast and former Director of Digital Experience for Linux Journal, she's a 15-year veteran of the marvelous world of open source software.