Open Source Software is a big place, a very broad domain that addresses the technologies that support and drive almost every field of human endeavor. And 2022 was a busy year for open source, with over 150M participants contributing to tens of millions of projects.
This blog calls out the highlights of 2022 – key statistics, notable investments and important progress – ongoing challenges in security and IP – and how they impact the business and operation of test automation.
Project hosting site GitHub, home to the OpenTAP project and millions of other open source repositories, provides an excellent indicator of adoption trends. Following are highlights from the company’s Octoverse Report:
94 million developers possess GitHub accounts, up 27% year over year and 34-fold from 2.8 million a decade ago
Those developers made a total of 413 million contributions in 2022
Over 90% of companies use open source
90% of Fortune 100 companies use GitHub
More than 30% of Fortune 100 companies now boast Open Source Program Offices (OSPOs)
Other positive indicators for the open source ecosystem come from the largest open source foundations – The Apache Foundation, The Eclipse Foundation, and The Linux Foundation – all report bumper crop years for membership, projects hosted, contributions, and events.
What do these trends mean for Test Automation?
Your company is increasingly likely to be adopting open source and should be looking to the benefits of an open source test automation platform (if they aren’t already)
Your legal department is going to be more familiar and comfortable with open source software licensing
Your experience with OpenTAP and other open source software will enhance your reputation as a developer and increase your value to your current employer
Open Source and Security
Organizations of all types and sizes have expressed deep concerns over the state of open source software security. Indeed, forty-one percent of the more than 500 organizations surveyed by The Linux Foundation and Snyk don’t have high confidence in the security of the open source software they use (the New Stack). These concerns arise from a litany of high-impact vulnerabilities in key open source projects (Log4js in particular) and from the number of vulnerabilities in open source packages reported year over year in the National Vulnerability Database, the Open Source Vulnerability Database, and elsewhere.
To address these concerns about open source, 2022 saw an abundance of government and industry initiatives, including
Securing Open Source Software Act
In September of 2022, The U.S. Congress introduced the Securing Open Source Software Act (SOSSA) on September 21, 2022. The proposed bill suggests the U.S. Government should play a supporting role in long-term open source software security, with requirements for federal agencies under the authority of the Cybersecurity and Infrastructure Security Agency, or CISA. Learn more.
Executive Order 14028
In response to high-profile security breaches and the ongoing need to enhance software security, The White House issued an executive order in May 2021. The order seeks to improve the nation’s cybersecurity and has significant implications for U.S. companies and the open source community. Mentioned in the order are
Using automated tools to maintain the integrity of source code and checking for vulnerabilities and remediating them
Maintaining audit data n the origin of software components, and utilizing secure software development practices
Ensuring and attesting to the integrity and provenance of open source software used in any portion of a product.
In February 2022, the Open Source Software Security Foundation (OpenSSF) launched the Alpha-Omega Project, to improve the security posture of open source software. To date Alpha-Omega has issued over
$2 million in grants to Node.js, jQuery, the Eclipse Foundation, the Python Software Foundation, and the Rust Foundation.
“Alpha” works with the maintainers of the most critical open source projects to help identify and fix security vulnerabilities, and improve security posture. “Omega” has identified 10,000+ widely deployed OSS projects to apply automated security analysis, scoring, and remediation guidance to open source maintainer communities.
Google OSV Scanner Tool
In December 2022, Google announced the availability of OSV-Scanner, an open source scanner that provides easy access to vulnerability information across a range of projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect project dependencies with the vulnerabilities that affect them. Learn More.
And dozens of other cybersecurity efforts in and for open source.
Open Source Software Security and Test Automation
Today, most test automation software runs in test labs, behind firewalls and often not even connected to corporate networks – practically air-gapped. As such, test equipment and devices under test (DUTs) present few or no attack vectors, even if the test software and/or software under test contain vulnerabilities or other security issues. But as test benches become more integrated with DevOps frameworks, manufacturing systems and other parts of enterprise networks, mitigating risks presented by all types of test automation software (open and closed) rises in importance. And as these same systems migrate to private and public clouds, securing them becomes downright urgent.
How does the security of Open Source compare to Proprietary Software?
Of course, vulnerabilities and bugs are regularly discovered in all types of software. Because open source code is available to everyone, all issues tend to be published quickly, but does that mean it is less secure than proprietary software? The Red Hat State of Open Source report 2022 found that 89% of IT leader believe enterprise open source is as secure or more secure than proprietary software.
OpenTAP Milestones in 2022
OpenTAP as a project came a long way in 2022.
The OpenTAP developer community kept busy in 2022, releasing three new versions of the test automation platform:
These releases include myriad new features, performance improvements and bug fixes, with contributions from a range of community members.
Migration to GitHub
In March 2022, the OpenTAP project moved from its prior home on GitLab to the popular GitHub site. The move brought the OpenTAP community
better performance for builds and other repository processes
interface to a broader OSS community-wide audience of developers and end-users
ready access to dozens of tools and utilities hosted on GitHub and in the GitHub Marketplace.
New OpenTAP.io web site
In 2022, the OpenTAP community launched a new website, with a new look, enhanced content and streamline navigation. In the course of the year, the OpenTAP team published dozens of blogs and news items, two new white papers and five newsletters.
Find Yourself in the OpenTAP Ecosystem
A new area of interest is “Find Yourself in the OpenTAP Ecosystem”.