There is a need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors. According to the Report on the 2020 FOSS Contributor Survey, respondents spend, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time.
The report, released by the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH), details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software.
The new survey reveals that the top three motivations for contributors are non-monetary. While the overwhelming majority of respondents (74.87 percent) are already employed full-time and more than half (51.65 percent) are specifically paid to develop FOSS, motivations to contribute focused on adding a needed feature or fix, enjoyment of learning and fulfilling a need for creative or enjoyable work.
As more contributors are paid by their employer to contribute, stakeholders need to balance corporate and project interests.
The survey revealed that 48.7 percent of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
The report added that companies should continue the positive trend of corporate support for employees’ contribution to FOSS.
The FOSS contributor survey and report follow the Census II analysis released earlier this year.
The FOSS Contributor Report & Survey is expected to take place again in 2021.