Recent Developments and Outlook
Both organizations and the open source ecosystem are confronted with new challenges and opportunities, driven by regulatory changes, evolving licensing models, and increased public sector engagement. This chapter delves into the open source aspects of these challenges, shedding light on common situations and pain points that are shaping the future of how organizations integrate open source in their operations and technology stack.
Sustainability of Stewards in OSS
Content has been curated from the OSPOlogyLive Apeldoorn Roundtable Discussion and based on the CRA (Cyber Resilience Act) definition of Steward.
Government Funding Challenges
🏛 Social-Gov-Oriented
An ongoing challenge in governments is the inherent difficulty governments face in allocating funds for resources that are available for free. There is a strategic interest from governments to support open source software, but hurdles exist, including the potential complications arising from direct financial requests. This underscores the need for exploring alternative support infrastructures for stewardship organizations without directly soliciting government funding.
The Commons Dilemma
🏛 Social-Gov-Oriented
The tragedy of the commons is notably present in the open source world, where disproportionate consumption by certain users exacerbates sustainability issues. Discussions suggested the need to strengthen infrastructure support to mitigate these disparities and ensure a more balanced contribution and consumption model within the open source community.
Community Norms and Funding Strategies
🏛 Social-Gov-Oriented
Establishing community norms around the costs associated with SBOM delivery and compliance has been proposed as an idea. This could involve suggesting a donation model based on organization size to account for the rising costs of compliance. Additionally, the role of risk mitigation as a motivation for organizations to invest in open source was discussed, alongside the potential for government agencies to contribute indirectly to open source projects through third parties.
Policy and Funding Initiatives
🏛 Social-Gov-Oriented
The possibility of the EU mandating open source as a requirement for Horizon Europe funding suggests a growing recognition of the value of open source at the policy level. There is an ongoing discussion on strategic funding models, like the German sovereign tech fund, and the potential for government roles in supporting open source.
Note: Horizon Europe is the EU’s key funding programme for research and innovation.
Challenges in Open Source Sustainability
📈 Business-Oriented
The underfunding of crucial projects like the Python package, Django, and the broader issue of maintainers being underpaid or volunteering, underscores the sustainability challenges within the open source ecosystem. The critical role of vulnerability management and the need for corporate contributions to open source have been highlighted as areas requiring attention and action.
Training and Education as Funding Avenues
🏛 Social-Gov-Oriented
The potential for integrating training about open source within government contracts is seen as a means to provide both funding for open source organizations and valuable training for employees. This represents an approach to leveraging existing procurement processes to support open source sustainability.
OSPOs for Container Capabilities
Content has been curated from the OSPOlogyLive Apeldoorn Roundtable Discussion and based on the adoption of open source software (OSS) for container orchestration, particularly Kubernetes, and its implications for IT strategy in organizations.
OSPOs working with Container Hosting Infrastructure Teams
Teams dedicated to this infrastructure, focusing on aspects such as image repositories and platform enablement, collaborate closely with OSPOs to support container infrastructure and capabilities. Initiatives like Container Platform Enable Team (CPET), a team at the Dutch Tax Administration’s Generieke Facilities unit, have been highlighted for their efforts in publishing self-built operators, such as the Project as a Service (PaaS) Operator, which automates tasks like initiating namespaces or projects on Kubernetes platforms.
Commercial vs. Open Source for Kubernetes Deployment
A central point of debate was the choice between adhering to premium advisors' recommendations for using commercial services for Kubernetes deployment versus exploring open source alternatives. Given the wide array of Kubernetes distributions, this decision involves complex considerations. The discussion emphasized the importance of finding a middle ground that appreciates the advantages of OSS while also recognizing the ethical imperative to contribute to its sustainability.
Choosing Additional OSS Capabilities
🏛 Social-Gov-Oriented
The criteria for integrating additional OSS capabilities into commercial Kubernetes platforms include the popularity of the OSS, the contributor community’s size, vendor support, adherence to standards such as OpenTelemetry, and alignment with the Cloud Native Computing Foundation (CNCF) ecosystem. Concerns are raised about copyright control and the potential pitfalls of centralized code ownership.
Maturity and Reliability of OSS for Enterprise Use
📈 Business-Oriented
Ongoing discussion on the maturity and reliability of OSS for meeting enterprise needs for speed, robustness, and reliability. It has been acknowledged that while commercial vendors might offer support, success is not guaranteed. The necessity for organizations to have skilled teams capable of navigating the complexities of container orchestration and Kubernetes to maintain operational resilience was stressed.
Sustainable IT
🏛 Social-Gov-Oriented
📈 Business-Oriented
Content has been curated from the OSPOlogyLive Apeldoorn Roundtable Discussion and based on what constitutes sustainability, especially in terms of its impact on the climate.
The concept of sustainable IT has recently surged to the forefront of strategic discussions within governments and enterprises, emphasizing the need for a cohesive understanding and implementation of sustainable practices within information technology systems.
A core challenge highlighted was the difficulty in defining what precisely constitutes sustainability in the IT domain, particularly concerning its impact on the climate. Key issues discussed included:
- The environmental footprint left by IT systems and the critical need for sustainable resource utilization.
- The potential of optimizing code and power usage, alongside fostering collaboration, to significantly advance sustainability goals.
- The invaluable role of open source software in facilitating the sharing of algorithms and knowledge, thereby improving the efficiency of resource use.
To address these challenges, the participants from the roundtable proposed several key strategies for enhancing sustainability in IT:
- Recognizing and rewarding government efforts that promote sustainability.
- Advocating for the standardization of sustainable hardware use across governmental bodies.
- Stressing the importance of embedding sustainability into policy frameworks and accountability measures to ensure long-term commitment and integration.
Recommendations
-
Addressing the lack of concrete data:
- Implement continuous monitoring of power usage and workload distribution to reduce idle time for machines.
- Improve reporting and feedback mechanisms focused on energy consumption to support informed policy-making.
-
Elevating sustainability as a policy objective:
- Embed sustainability considerations into annual reports and accountability frameworks to underscore its significance.
- Champion sustainability as a critical agenda item for government officials and agencies.
-
Overcoming resistance to change:
- Set clear sustainability benchmarks for agencies to encourage the adoption of green practices by simplifying the transition.
-
Advocate for a reevaluation of the current demand for computing power to identify areas where reductions are feasible and beneficial.
- Implement dashboarding and raise awareness at all organizational levels to foster a culture of sustainability.