Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2539 from krisfreedain/2024-01-trustblog
Trust in open source blog
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| --- | ||
| layout: post | ||
| title: "Trust in open source software" | ||
| authors: | ||
| - apasun | ||
| - krisfreedain | ||
| date: 2024-01-24 | ||
| categories: | ||
| - community | ||
| meta_keywords: community trust, OpenSearch community trust, OpenSearch NPS, trust in open source | ||
| meta_description: Apply findings of this OpenSearch Project 2023-Q4 survey focusing on open-source community trust and how practical involvement in the community and physical presence can boost trust. | ||
|
|
||
| --- | ||
|
|
||
| An open-source project enhances community trust in multiple ways. [Strategies recommended by the Linux Foundation](https://www.linuxfoundation.org/blog/12-ways-to-improve-the-effectiveness-and-impact-of-enterprise-open-source-development) to enhance community trust include seeking out influential peers and mentors, practicing in an open and collaborative environment, adopting flexible IT infrastructure that is supportive of open-source development, tracking metrics that are designed for an open-source environment, adopting a tailored but lightweight approach to code contributions, sharing information, contributing to products and services to remain relevant and up to date, and supporting maintainers. Also important are reduced technical debt, the development of internal talent, mentorship programs, and participation in technical discussions in order to increase visibility. In 2023-Q4, we measured trust in OpenSearch project. In this blog we share some of our findings and we detail how the practical involvement of community and being physically present can help boost community trust. | ||
|
|
||
| ### Transparency | ||
|
|
||
| While transparency is a key pillar of open-source projects, questions regarding trust are often raised. [Critics of open-source code question whether contributors demonstrate a sufficient level of self-critique, which, if lacking, could result in “bad faith” commits](https://fleker.medium.com/dont-trust-open-source-software-it-s-inherently-insecure-f2d87cdb76d4). Critics also question whether the open-source system is designed for security, given the reduced amount of accountability, the vulnerability of developers to hackers, and other risks. Because the source code is available to anyone to modify or distribute, developer trust in the project is important. [Individual developers and companies alike trust open-source software because using it is easier than developing code from scratch](https://www.makeuseof.com/reasons-trust-open-source-software/). | ||
|
|
||
| ### Findings from our survey | ||
|
|
||
| The Linux Foundation suggests ways to measure [security awareness](https://openssf.org/blog/2023/05/17/we-want-to-hear-from-you-take-the-openssf-software-security-awareness-survey/) and the [success of an open-source](https://www.linuxfoundation.org/resources/open-source-guides/measuring-your-open-source-program-success) program. That said, there are other ways to measure organizational trust. [The core foundation of organizational trust](https://quip-amazon.com/dXW4AMSGm2A8/2023-November-Ubuntu-Summit#temp:C:INI3011cd950fe84e75acd602795) is the quality of the relationship between individuals and the organization. Trust is essentially a multi-level construct that is culturally rooted, dynamic, multi-dimensional, and is an outcome of organizational communication. Trust also has a measurable financial impact on an organization. | ||
|
|
||
| We hosted the survey on [OpenSearch.org](http://opensearch.org/) in 2023 Q2 and Q3. We made sure to highlight the study with partner communication and community meeting. We had 36 community members who participated in the study. 91.7% of the sample indicated that the used OpenSearch in a self-service capacity, most of the sample 66.7% identified as Infra users, and 63.9% of the sample used OpenSearch to power they log analytics use case. This sample had a relatively positive image of OpenSearch with an NPS of 64 (as compared to 57.8 in Q1). The users who took the survey represented a wide variety of companies, with 22% part of large organizations of over 10,000 employees. | ||
|
|
||
| <img width=350 src="/assets/media/blog-images/2024-01-24-trust-in-open-source-software/Trust Presentation Graphs-01.png"> | ||
| <img width=350 src="/assets/media/blog-images/2024-01-24-trust-in-open-source-software/Trust Presentation Graphs-02.png"> | ||
| <img width=350 src="/assets/media/blog-images/2024-01-24-trust-in-open-source-software/Trust Presentation Graphs-03.png"> | ||
| <img width=350 src="/assets/media/blog-images/2024-01-24-trust-in-open-source-software/Trust Presentation Graphs-04.png"> | ||
|
|
||
| The key measure we were interested in capturing was on Trust in OpenSearch. The sample indicated a 7.4 on 10 average score on Trust. This measure comprised of the 6 measures. We used K D Paine & Partners 6 factor scale. Aspects of this measure included perceived dependability (4 item; 7.8; alpha =.89), perceived sense of control mutuality (3 item measure; 7.4; alpha = .96), perceived commitment (5 item measure; 7.5; alpha = .94), satisfaction, (5 item measure; 7.1, alpha = .95) communal relationship quality (2 item measure; 7.5, alpha = .77) and, importantly, exchange relationship quality (single item; 7.5). Depending on community perception, an open-source project can [enhance trust in multiple ways](https://www.linuxfoundation.org/blog/12-ways-to-improve-the-effectiveness-and-impact-of-enterprise-open-source-development). | ||
|
|
||
| <img src="/assets/media/blog-images/2024-01-24-trust-in-open-source-software/Trust Presentation Graphs-05.png"/>{: .img-fluid } | ||
|
|
||
| ### How the OpenSearch Project approaches community building and trust | ||
|
|
||
| One of the ways that we build community trust is by holding twice-monthly [community meetings](https://forum.opensearch.org/tag/community-meeting) where we invite those interested in the project to come and present what they’ve been building and how they’ve used OpenSearch. We hold them at 8 AM or 3 PM Pacific to enable more of the community to attend in person. They are also recorded and added to the [OpenSearch Project YouTube channel](https://www.youtube.com/c/OpenSearchProject). Our development teams have also begun holding [triage meetings](https://opensearch.org/events/) in public. We received feedback from community members that they would like to be more involved—not just through asynchronous communication on GitHub but also in person with the team of maintainers that determines prioritization of work. This has further enabled community members to volunteer to work on specific issues. Also available to the community is a [blog platform](https://github.com/opensearch-project/project-website/issues/new?assignees=&labels=new+blog%2C+untriaged&projects=&template=blog_post.md&title=), the project’s [social](https://www.linkedin.com/company/opensearch-project/) [media](https://twitter.com/OpenSearchProj) channels, a [forum](https://forum.opensearch.org/), and a public [Slack](https://opensearch.org/slack.html) instance, all of which facilitate conversations around the world. We also speak at conferences, continue to enable user groups, and hold [OpenSearchCon](https://opensearch.org/events/opensearchcon/) each year. This allows the community to come together in different ways and in different locations throughout the year. | ||
|
|
||
| {%include youtube-player.html id="__7vf2AdPDM " %} | ||
|
|
||
|
|
||
| [Presentation slides available here](https://github.com/krisfreedain/files/blob/main/presentations/2023-11-05%20Ubuntu%20Summit%20Presentation.pdf) | ||
|
|
||
| #### References | ||
|
|
||
| 1. Paine, K. “[Guidelines for Measuring Trust in Organizations](https://www.claytonschools.net/cms/lib/MO01000419/Centricity/Domain/2/NSPRA2009/2003_MeasuringTrust.pdf)” | ||
| 2. King, B. “[You Don’t Trust Open-Source Software? 6 Reasons Why You Should]( https://www.makeuseof.com/reasons-trust-open-source-software/)“ | ||
| 3. Felker, N. “[Don’t Trust Open-source Software. it’s Inherently Insecure](https://fleker.medium.com/dont-trust-open-source-software-it-s-inherently-insecure-f2d87cdb76d4)” | ||
|
Check failure on line 49 in _posts/2024-01-24-trust-in-open-source-software.md
|
||
| 4. Linux Foundation. “[12 Ways to Improve the Effectiveness and Impact of Enterprise Open Source Development](https://www.linuxfoundation.org/blog/12-ways-to-improve-the-effectiveness-and-impact-of-enterprise-open-source-development)” | ||
| 5. [The Amazon Effect on Open Source](https://thenewstack.io/the-amazon-effect-on-open-source/) | ||
| 6. [The Open Source Strategy of Amazon Web Services](https://thenewstack.io/the-open-source-strategy-of-amazon-web-services/) | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.