Encouraging open source contributions lowers your security risks

18 Apr, 2022
Xebia Background Header Wave

How can you justify — from a business perspective — your team involvement in open source projects?

Why should they spend company time becoming familiar with, and contributing to, open source libraries?


There are many reasons:

  • Retention: People love leaving their mark on things used by 1000s of companies. Knowing that code I’ve written resulted in a 10x speed up in a library used by millions of people, is satisfying. A company fostering open source contributions has an edge in the overheated job market.
  • Lead the way: in open source, if you find a library misses some features you need, you can add them.
  • Grow: contributing to open source improves your coding and sharpens your communication. You learn about new things when people review your code. You interact with people from different cultures and parts of the world. It’s an enriching experience!
  • Be seen. We are the first training partner of dbt labs in Europe. They spotted us for our work on dbt, from 2019. Many customers contacted us because they saw GDDers contributing considerably to the tools they were using.
  • Go faster: sometimes there are edge cases resulting in bugs, and you can fix them quickly.

A special case though — which I’d file under Go Faster — is security.


Last December, we were all painfully reminded of how actual XKCD 2347 is

In fact, the now infamous Log4j vulnerability made the news.

The Apache Foundation reacted quickly and released an emergency update closing the vulnerability.

But what if your company is relying on code written by overworked maintainers? Will it result in Heartbleed where we found out that internet was protected by two guys named Steve.

If Steve cannot fix the bug timely, troubles await, especially if nobody steps up. (Vendors are not better off. Software such as popular data visualization tool Tableau was also affected by the Log4j vulnerability).

Enhanced security through open source contributions

You can mitigate all these risks if your employees contribute to the libraries you’re using though.

They can fix vulnerabilities in the code they use as they’re familiar with how it works, how the code is structured, and they have worked through the testing, committing, packaging loop more than once!

If a developer stops maintaining software you rely on — or downright corrupt it, as it happened in January to two popular Javascript libraries — you can always ask your team to take over (or to lead the take-over efforts with the community).

GoDataDriven ❤️ Open Source

At GoDataDriven, we couldn’t be more proud of all the work we do with open source. Until 2020 we wrote a periodic post with all our contributions. They were so many though, we decided to use the write-up energy to contribute even more!

This is good news:

  • If you’re an open source lover, we’re hiring in Amsterdam, Zürich, and Eindhoven!
  • xebia

  • If you’re looking for a team to help you kickstart your efforts, we got some of the best minds out there. Get in touch!!

Get in touch with us to learn more about the subject and related solutions

Explore related posts