coni2k

coni2k, 22 days ago

From the Conclusion:

"Too long has open source operated in the shadows. The government needs to bring open source to national focus and give it the priority and support it deserves as a core component of our critical infrastructure. Beyond that, the government needs to exercise its coercive power because without strong, direct regulation, the private sector lacks any incentive to amend its irresponsible practices and support the delivery of a critical resource."

2/3

coni2k, 22 days ago

"But, unlike roads and bridges, we do not want to federalize open-source development. This robust community has self-governed for decades, innovating rapidly and providing immense value to society. It is already taking every measure to secure itself. Regulation's impact on the open-source community should be minimal in compliance and maximal in assistance to preserve this resource's unique potential to benefit society."

3/3

coni2k, 22 days ago

@Di4na

Thomas, I appreciate your feedback!

"what made foss work is that devs at the lowest level of corp can use it without talking to legal or procurement." That's a valid concern. And indeed, we shouldn't suggest changing the OSS's "free to consume" nature.

What I advocate is that expecting individual OS consumers to voluntarily contribute back to the ecosystem is not a feasible solution due to the Free-rider problem.

1/5

coni2k, 22 days ago

@Di4na

Instead, we should finance the OSS ecosystem with public money by establishing national public funds like the Sovereign Tech Fund. This structure would be similar to how we finance almost all other shared resources of society, like public roads, bridges, parks, and libraries.

2/5

coni2k, 22 days ago

@Di4na

The article also suggests a similar solution (as well as mentioning STF):
"Government donations can supply resources directly and encourage third-party donations indirectly. Congress can appropriate funding specifically for open-source community support. Economics tells us the government plays an important role in subsidizing producers of public goods when the market fails to provide sufficient supply."

3/5

coni2k, 22 days ago

@Di4na

As a next step, I suggest introducing an #OpenSourceTax: increasing the VAT of proprietary software by 1% to generate revenue for these public funds.

The other solutions in the article that I'm highly in favor of:

• Collect SBOMs to build a centralized software database and understand OSS usage (under "Information Gathering").
• Offer tax credits to individuals and companies who surpass a certain threshold of open-source contributions (under "Resource donor").

4/5

coni2k, 22 days ago

@Di4na

We can only have these solutions at the government level, which is a typical way of avoiding the Free-rider problem (volunteer and unorganized participation of the public good consumers).

And none of these solutions suggest changing the nature of OSS consumption.

5/5

coni2k, 3 months ago

"Whole internet economy of the past 20 years has been the beneficiary of a massive externality in acquiring systems that, in the ordinary course of affairs, would have been hugely expensive. Operating systems, databases, language development tools. All were obtained for 0 dollars in capital investment. Google, Facebook, Instagram, YouTube, Airbnb, GitHub, pretty much every billion-dollar startup has been constructed through the slapping together of a vast collection of OSS components."

coni2k, 5 months ago

My initial interest in reviewing responses from known organizations quickly shifted into a semi-professional and purely manual content analysis.

Curious to see the outcome? You can check my first article below to read more about the details with a link to the Results document 👇
https://dev.to/coni2k/the-us-government-open-source-software-and-analyzing-786-pages-of-responses-results-328h

2/5

coni2k, 5 months ago

In the second part, I will share over forty highlights from the following organizations under several topics.

• Amazon Web Services
• Anchore, Inc
• Apache Software Foundation
• Atlantic Council - Cyber Statecraft Initiative
• Carnegie Mellon University - Software Engineering Institute
• Chainguard
• Cybersecurity Coalition Comments
• Datalytica
• Eclipse Foundation
• GitHub
• Google
• Institute for Security and Technology (IST)

3/5

coni2k, 5 months ago

• Microsoft Corporation
• MITRE's Center for Data-Driven Policy
• Open Source Initiative (OSI)
• Open@RIT - Rochester Institute of Technology
• OpenSSF
• OWASP Foundation, Inc.
• Python Software Foundation
• Red Hat, Inc.
• RTX Technology Research Center
• Rust Foundation
• Sonatype, Inc.
• The Open Source Technology Improvement Fund
• Tidelift, Inc.

4/5

coni2k, 5 months ago

I plan to conclude the series by reviewing each category and sharing my remarks about the results. Stay tuned for the updates!

As usual, your feedback is priceless! Don't hesitate to share your comments, questions, or ideas.

5/5

coni2k, 5 months ago

@luis_in_brief

If there is anything specific you want to include, I can do my best!

Let me directly share the Results document here:
https://docs.google.com/spreadsheets/d/1GEG86eB5Eo4CM04RVgvm3i2fiQT8G1aTKWvHpx0pSc8/edit?usp=sharing

I will share the Highlights next week and need to work on the Remarks.