open.intel
Explore Intel’s open platform and community advocacy contributions
23 Discussions

Open Source Policy: Why It's Not Just For Wonks Anymore

Nicole_Martinelli
0 0 4,931

There was a time when tech reporters had to stretch to find an open source angle on a story.  

Those days are gone: In 2022, you'd be pressed to find a major news story that didn't involve open source. Russia - Ukraine war? Protestware. Supply chain issues? Yep. Thrumming inflation and climate change? Open source might be a hedge against it. Layoffs? Check. 

While we’re not so keen on broad predictions – anyone else remember that 2020 was supposed to bring the revival of downtowns and robot co-workers? – it’s worth keeping tabs on headline-level issues. 

Open.Intel talked to three experts about what they see on the horizon – hint: not a single mention of the Magentaverse. All of them put policy front and center. There are tectonic shifts afoot globally, and this time they’re not just by, for and about wonks.

Untangling Supply Chains, Taming Artificial Intelligence

The most notable trend for open source we’ve seen this year has been the visible acceleration of interest in open source by governments around the world,” says

Deb Bryant, US Policy Director, Open Source Initiative.  

Partially, it’s a question of maturity: the public sector around the world (see also: the World Health Organization launching an Open Source Program office in 2022) recognizes that they rely on open source as a wellspring of innovation with other inherent benefits. At the same time, the tech sector is under greater pressure to help solve some of the most complex challenges facing society today, open source included, she adds. 

What’s next? This coming year says we’ll see an acceleration of public policy development globally in two domains that will affect open source: Cybersecurity and artificial intelligence. 

Cybersecurity will continue to be top-of-mind for the software industry. The open source ecosystem - communities and contributors, companies, academia and others - will sort through supply chain strategies and consider how to address the full collaborative lifecycle of software development that characterizes open source software.   

While companies will likely improve their own practices, debate will continue over who bears the cost of improvements in the commons and where those investments may be made - which should shake out by 2024. 

2022 brought an explosion of AI and machine learning (ML) models, some which have been released under open source licenses. In 2023, as public officials consider what policy may be needed to protect the public from potential abuse of AI, the potential conflation of OSD-compliant licenses and the accompanying data used for training in the models may create some confusion on what may be subject to legislative action.   

It’s not all about security breaches and robot overlords, though.

Bryant notes that following its first full year of operation for the Digital Public Goods Registry, in 2022 the Digital Public Goods Alliance made significant progress in identifying open source software as critical to public infrastructure.  “We’ll see more adoption of the Digital Public Goods framework in the public sector and perhaps its inclusion in acquisition consideration.

Policy Across the Pond

These shifts aren’t limited to the United States, either.

All members of the broader open source ecosystem should keep an eye on the European Cyber Resilience Act, which will be negotiated during 2023,” says Astor Nummelin Carlberg, Executive Director at OpenForum Europe. 

The original proposal includes language relating to open source products and their liability under different circumstances and might have far-reaching consequences for big and small players alike, he adds. 

On a more positive note, the Interoperable Europe Act, also under negotiation in 2023, aims to foster more cross-border and cross-sector interoperability between government digital services. 

“Open source communities and solutions will play a big role in making this happen, just as they did to make the EU Digital Covid Certificate a success, which, as he points out, was “the biggest digital government service project in history, delivered fast and at scale by open source!”

Taking it to Hoodie Level

And if you’re still thinking this is just chatter between the blue-suits in stuffy government offices, think again. It goes down to the heart of open source, let’s call it hoodie-level: maintainers.

“Open source project maintainers are going to feel more pressure to fully account for their software supply chain risk. You’ll see this pressure from government policy makers as well as corporate CIOs who are consuming—and at times, funding—OSS projects,” says Pieter VanNoordenen, Senior Director, Growth, at Slim.AI, a company commercializing atop and contributing to the Docker Slim open source project.  

“Maintainers will increasingly be asked to account for their code provenance in new ways, like SBOMs and signing, and they’ll have to manage vulnerabilities and dependencies along the way.” He predicts that this will have an “outsize impact” on the organizations that ship software to customers packaged as containers or that maintain their own open source projects and that “the impact will also be felt in places where open source is a component technology in a proprietary stack. No one is immune.” 

 

About the author

Nicole Martinelli
Editorial Director, Open.Intel

Nicole is a journalist, active contributor to OpenStreetMap and founder of Resiliency Maps, an open source toolkit that helps people navigate disasters and emergencies. Californitaliana.
You can find her on Mastodon at: @nmar@hachyderm.io or her website.

 

Photo by T A T I A N A on Unsplash