|Bloomberg Supports FOSS With Funding|
|Written by Nikos Vaggalis|
|Friday, 26 May 2023|
Having realized that the open source community is what makes the web work, Bloomberg, a major player in the global financial markets as well as a major source of financial news and analysis, has pledged its support by establishing a sustainable funding scheme.
That statement above is so true. Open Source Software powers everything, from modern servers, to IoT, to the desktops at work.
The discovery of the Heartbleed bug was a wake-up call for the world about the security of open source software. It also revealed the extent of our reliance on open source software and this realization motivated big industry names to support open source with proper funding.
It is amazing to think that the OpenSSL Software Foundation which is responsible for the maintenance of the OpenSSL library, the cornerstone of safe transactions on the Internet used by millions of websites and organizations, was receiving just $2000 of donation money per year and had only ONE full-time employee working on the library.
This is not an isolated incident, but rather a reflection of the broader issue of underfunding in the open source community. Open source projects are often run by volunteers who donate their time and expertise, but there are many instances where some amount of money would be most welcome, such as when:
After Heartbleed, an official EU Bug Bounty initiative was launched as part of the Free and Open Source Software Audit (FOSSA) project, thanks to Julia Reda MEP of the EU Pirate Party, who started the project thinking that enough is enough after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. This prompted her to involve the EU Commission in contributing to the security of the Internet.
In February 2022, the European Commission's Open Source Programme Office took the initiative one step further by deciding to offer bug bounties on popular open source software. What better way of acknowledging OSS's importance than by a state-driven sponsorship?
Patrice-Emmanuel Schmitz, legal expert of Joinup (a venue that enables public administrations, businesses and citizens to share and reuse IT solutions and good practices across Europe) added:
Like bread and beer, free software development is not for free: developers need some incentives, let’s say just the money they need for purchasing their bread and beer or for ensuring their family a decent way of life.
In order to provide these incentives, the European Commission has launched around 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.
A bug bounty is good to have but better still is sustainable and continuous funding poured into OSS, driven by security hardening or otherwise. The latter part is where Bloomberg has intervened by launching the FOSS (Free and Open Source Software) Contributor Fund:
First piloted by employment website Indeed in 2019, a FOSS Fund is a mechanism that enables a company’s employees to nominate open source software projects they rely on (or participate in) every day.
The idea is to identify open source projects that are important to an organization and encourages its employees to participate more directly in the funding decisions the company makes.
Voting has been essential in deciding which projects to pledge support on as Alyssa Wright of Bloomberg’s OSPO in the Office of the CTO explains:
You can’t see everything within a large organization, which is why the nomination and voting process is so crucial. It is a “creative way of gaining visibility” into open source infrastructure needs.
Once the votes had been tallied, three open source projects integral to Bloomberg’s operations and beyond were chosen as the recipients of the company’s inaugural FOSS Contributor Fund grants:
Going forward, the new FOSS Contributor Fund will award up to three grants of $10,000 each quarterly voting cycle.
It is important to note that other organizations such Microsoft, Johns Hopkins University, Salesforce, Sentry, Zeiss, already operate funding programs like this one too.
In the end, the importance of OSS as well as its under-funding is getting acknowledged and the industry that depends upon it is finally providing the means to sustain it.
or email your comment to: email@example.com
|Last Updated ( Saturday, 27 May 2023 )|