Skip to content
Published on

2022 - The Year in Open Source

Categorized
Articles

Open Source Software is a big place, a very broad domain that addresses the technologies that support and drive almost every field of human endeavor.  And 2022 was a busy year for open source, with over 150M participants contributing to tens of millions of projects.

This blog calls out the highlights of 2022 – key statistics, notable investments and important progress – ongoing challenges in security and IP – and how they impact the business and operation of test automation.

Adoption Trends

Project hosting site GitHub, home to the OpenTAP project and millions of other open source repositories, provides an excellent indicator of adoption trends.  Following are highlights from the company’s Octoverse Report:

  • 94 million developers possess GitHub accounts, up 27% year over year and 34-fold from 2.8 million a decade ago

  • Those developers made a total of 413 million contributions in 2022

  • Over 90% of companies use open source

  • 90% of Fortune 100 companies use GitHub

  • More than 30% of Fortune 100 companies now boast Open Source Program Offices (OSPOs)

Other positive indicators for the open source ecosystem come from the largest open source foundations –  The Apache Foundation, The Eclipse Foundation, and  The Linux Foundation – all report bumper crop years for membership, projects hosted, contributions, and events.

What do these trends mean for Test Automation?

  • Your company is increasingly likely to be adopting open source and should be looking to the benefits of an open source test automation platform (if they aren’t already)

  • Your legal department is going to be more familiar and comfortable with open source software licensing

  • Your experience with OpenTAP and other open source software will enhance your reputation as a developer and increase your value to your current employer

Open Source and Security

Organizations of all types and sizes have expressed deep concerns over the state of open source software security.  Indeed, forty-one percent of the more than 500 organizations surveyed by The Linux Foundation and Snyk don’t have high confidence in the security of the open source software they use (the New Stack). These concerns arise from a litany of high-impact vulnerabilities in key open source projects (Log4js in particular) and from the number of vulnerabilities in open source packages reported year over year in the National Vulnerability Database, the Open Source Vulnerability Database, and elsewhere.

To address these concerns about open source, 2022 saw an abundance of government and industry initiatives, including

Securing Open Source Software Act

In September of 2022, The U.S. Congress introduced the Securing Open Source Software Act (SOSSA) on September 21, 2022. The proposed bill suggests the U.S. Government should play a supporting role in long-term open source software security, with requirements for federal agencies under the authority of the Cybersecurity and Infrastructure Security Agency, or CISA. Learn more.

Executive Order 14028

In response to high-profile security breaches and the ongoing need to enhance software security, The White House issued an executive order in May 2021. The order seeks to improve the nation’s cybersecurity and has significant implications for U.S. companies and the open source community. Mentioned in the order are

  • Using automated tools to maintain the integrity of source code and checking for vulnerabilities and remediating them

  • Maintaining audit data n the origin of software components, and utilizing secure software development practices

  • Ensuring and attesting to the integrity and provenance of open source software used in any portion of a product. 

Alpha-Omega Project

In February 2022, the Open Source Software Security Foundation (OpenSSF) launched the Alpha-Omega Project, to improve the security posture of open source software.  To date Alpha-Omega has issued over
$2 million in grants to Node.js, jQuery, the Eclipse Foundation, the Python Software Foundation, and the Rust Foundation. 

“Alpha” works with the maintainers of the most critical open source projects to help identify and fix security vulnerabilities, and improve security posture. “Omega” has identified 10,000+ widely deployed OSS projects to apply automated security analysis, scoring, and remediation guidance to open source maintainer communities.

Google OSV Scanner Tool

In December 2022,  Google announced the availability of OSV-Scanner, an open source scanner that provides easy access to vulnerability information across a range of projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect project dependencies with the vulnerabilities that affect them.  Learn More.

And dozens of other cybersecurity efforts in and for open source.

Open Source Software Security and Test Automation

Today, most test automation software runs in test labs, behind firewalls and often not even connected to corporate networks – practically air-gapped.  As such, test equipment and devices under test (DUTs) present few or no attack vectors, even if the test software and/or software under test contain vulnerabilities or other security issues. But as test benches become more integrated with DevOps frameworks, manufacturing systems and other parts of enterprise networks, mitigating risks presented by all types of test automation software (open and closed) rises in importance. And as these same systems migrate to private and public clouds, securing them becomes downright urgent.

How does the security of Open Source compare to Proprietary Software?

Of course, vulnerabilities and bugs are regularly discovered in all types of software.  Because open source code is available to everyone, all issues tend to be published quickly, but does that mean it is less secure than proprietary software?  The Red Hat State of Open Source report 2022 found that 89% of IT leader believe enterprise open source is as secure or more secure than proprietary software.

OpenTAP Milestones in 2022

OpenTAP as a project came a long way in 2022.

Multiple Releases

The OpenTAP developer community kept busy in 2022, releasing three new versions of the test automation platform:

These releases include myriad new features, performance improvements and bug fixes, with contributions from a range of community members.

Migration to GitHub

In March 2022, the OpenTAP project moved from its prior home on GitLab to the popular GitHub site.  The move brought the OpenTAP community

  • better performance for builds and other repository processes

  • interface to a broader OSS community-wide audience of developers and end-users

  • ready access to dozens of tools and utilities hosted on GitHub and in the GitHub Marketplace.

Learn More

New OpenTAP.io web site

In 2022, the OpenTAP community launched a new website, with a new look, enhanced content and streamline navigation.  In the course of the year, the OpenTAP team published dozens of blogs and news items, two new white papers and five newsletters.

Find Yourself in the OpenTAP Ecosystem

A new area of interest is “Find Yourself in the OpenTAP Ecosystem”.