2020 was a big year for open source. Sixty million new repositories were created last year, and more than 56 million developers are now on GitHub, according to GitHub’s October report. This prompted Microsoft to lay out a few things developers can do to improve their engagement with open source moving forward.
The first lesson Microsoft sees improvement with working with open source is to seek different perspectives and feedback from other community members. Microsoft explained the company experienced this first hand when they received many requests for the portable runtime Dapr to have a streamlined API to retrieve application secrets. Although the team did not plan on adding it during that cycle, the volume of requests made it clear that this feature was needed.
Another lesson is to find the balance between policy and autonomy. This allows the company to set policy while also empowering employees to do the right thing regarding consuming and participating in open source, according to Microsoft. Methods that help address this balance include cross-functional groups, setting easily understandable policies, investing in tooling, and providing rewards and motivation.
The third lesson is securing every link in the supply chain as open source can contain security defects since attackers can become maintainers and introduce malware. To address this last year, Microsoft joined with GitHub, Google, and IBM to create the Open Source Security Foundation (OpenSSF) to provide developers with access to find these vulnerabilities. Last but not least is that communication is critical, especially in a remote work environment. One way to foster this is through chat rooms. However, sometimes they are not enough.