We ❤️ Open Source

A community education resource

December 24, 2024

How the connection between security and sustainability shapes open source projects

Discover how security challenges in open source directly impact sustainability.

By ATO Team

Seth Larson, a security developer and resident at the Python Software Foundation (PSF), sat down with the All Things Open team to share his involvement in both the security and sustainability of open source projects. He maintains several significant open source libraries like urllib3 and is also a fellow of the PSF. In his discussion, Seth highlights the close relationship between security and sustainability in open source, emphasizing that the challenges of keeping projects secure are often social in nature.

Subscribe to our All Things Open YouTube channel to get notifications when new videos are available.

Seth shares more about his role at the PSF, where much of his work revolves around collaboration with other security working groups, maintainers, and standards bodies. His focus is on fostering consensus within the ecosystem to create actionable guidelines for securing open source software. He stresses the importance of publicizing these efforts to ensure that future developers and maintainers can benefit from the resources built today, making security and governance more accessible to everyone in the ecosystem.

One of the tools that Seth recommends for improving open source security is a strong focus on smaller, less visible projects that are often overlooked despite their significant contributions. He encourages developers to think about the supply chain of their dependencies, consider contributing back to smaller projects, and seek ways to help sustain them, even with small contributions. This approach not only helps to balance the workload across the ecosystem but also makes the entire open source space more resilient.

Key takeaways

  • Security and sustainability in open source are deeply interconnected; maintaining a secure project requires a sustainable and adequately resourced infrastructure.
  • Social challenges, like organizational will and governance, are often the most difficult obstacles to overcome in maintaining secure open source software.
  • Developers can help by contributing to smaller, less visible projects in addition to larger ones, ensuring these projects receive the support they need.

Conclusion

Seth Larson’s insights shed light on the social and organizational challenges of securing and sustaining open source projects. While technical tools and practices for security are in place, it’s the community-driven effort of maintainers, developers, and organizations that makes a meaningful impact. By contributing to both large and small projects, developers can play a key role in securing the future of open source software.

More from We Love Open Source

About the Author

The ATO Team is a small but skilled team of talented professionals, bringing you the best open source content possible.

Read the ATO Team's Full Bio
Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.

The opinions expressed on this website are those of each author, not of the author's employer or All Things Open/We Love Open Source.

Want to contribute your open source content?
Get Started

Contribute to We ❤️ Open Source

Help educate our community by contributing a blog post, tutorial, or how-to.

Get Started

Join us next year for All Things Open 2025!

Be sure to save the date for All Things Open 2025: Sunday, October 12 through Tuesday, October 14.

Save the Date!

Open Source Meetups

We host some of the most active open source meetups in the U.S. Get more info and RSVP to an upcoming event.

All Things Open RTP Meetup Open Source South Carolina Open Source Charlotte