2020 was a big year for open source. Sixty million new repositories were created last year, and more than 56 million developers are now on GitHub, according to GitHub’s Octoverse report. This prompted Microsoft to lay out a few things developers can do to improve their engagement with open source moving forward.
The first lesson Microsoft sees improvement with working with open source is to seek different perspectives and feedback from other members of the community. Microsoft explained the company experienced this first hand when they received many requests for the portable runtime Dapr to have a streamlined API to retrieve application secrets. Although the team did not plan on adding it during that cycle, the volume of requests made it clear that this feature was needed.
Another lesson is to find the balance between policy and autonomy. This allows the company to set policy while also empowering employees to do the right thing with regards to consuming and participating in open source, according to Microsoft. Methods that help address this balance include cross-functional groups, setting easily understable policies, investing in tooling, and providing rewards and motivation.
The third lesson is in securing every link the supply chain as open source can contain security defects since attackers can become maintainers and introduce malware. To address this last year, Microsoft joined with GitHub, Google, and IBM to create the Open Source Security Foundation (OpenSSF) to provide developers with access to how to find these vulnerabilities.
Last, but not least, is that communication is key, especially in a remote work environment. One way to foster this is through chat rooms. However, sometimes they are not enough.
“While chat rooms are the new water cooler, they are temporal and transient. They are not the new announcement email or documentation repository. In the same way that no one is expected to know what happened in every meeting or conversation in the office kitchen, few people read the history of chat rooms when they return to their desk,” Sarah Novotny, an open source lead in the Azure Office of the CTO at Microsoft in, wrote in a blog post that outlined the four open-source lessons for success. “Understanding how communication has changed and what expectations are set for every medium allows internal communication to remain a critical support of a good collaborative culture.”
The lessons also aim to address the new ways in which developers and companies interact with open source as of the pandemic.
Microsoft found that while enterprise developer activity dropped on weekends and holidays (as expected), open-source contributions actually jumped as a trend on GitHub.
This year brought a number of new challenges as the way developers worked was entirely changed to remote working.
While many open-source developers already had experience in this working style due to the global collaboration nature of this type of coding, companies still struggled to integrate their open source software experiences and development models, Novotny explained.