Bloomberg Supports FOSS With Funding
Written by Nikos Vaggalis   
Friday, 26 May 2023

Having realized that the open source community is what makes the web work, Bloomberg, a major player in the global financial markets as well as a major source of financial news and analysis, has pledged its support by establishing a sustainable funding scheme.

That statement above is so true. Open Source Software powers everything, from modern servers, to IoT, to the desktops at work.

The discovery of the Heartbleed bug was a wake-up call for the world about the security of open source software. It also revealed the extent of our reliance on open source software and  this realization motivated big industry names to support open source with proper funding.

It is amazing to think that the OpenSSL Software Foundation which is responsible for the maintenance of the OpenSSL library, the cornerstone of safe transactions on the Internet used by millions of websites and organizations, was receiving just $2000 of donation money per year and had only ONE full-time employee working on the library.

This is not an isolated incident, but rather a reflection of the broader issue of underfunding in the open source community. Open source projects are often run by volunteers who donate their time and expertise, but there are many instances where some amount of money would be most welcome, such as when:

  • Getting paid to contribute to open source is the only way some people can participate, either because the project requires it, or for personal reasons.
  • Maintaining popular projects can be a significant responsibility, taking up 10 or 20 hours per week instead of a few hours per month.
  • Some people cannot afford to spend unpaid time on open source projects, based on their current financial position, debt, or family or other care taking obligations.

After Heartbleed, an official EU Bug Bounty initiative was launched as part of the Free and Open Source Software Audit (FOSSA) project, thanks to Julia Reda MEP of the EU Pirate Party, who started the project thinking that enough is enough after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. This prompted her to involve the EU Commission in contributing to the security of the Internet.

In February 2022, the European Commission's Open Source Programme Office took the initiative one step further by deciding to offer bug bounties on popular open source software. What better way of acknowledging OSS's importance than by a state-driven sponsorship?

Patrice-Emmanuel Schmitz, legal expert of Joinup (a venue that enables public administrations, businesses and citizens to share and reuse IT solutions and good practices across Europe) added:

Like bread and beer, free software development is not for free: developers need some incentives, let’s say just the money they need for purchasing their bread and beer or for ensuring their family a decent way of life.

In order to provide these incentives, the European Commission has launched around 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.

A bug bounty is good to have but better still is sustainable and continuous funding poured into OSS, driven by security hardening or otherwise. The latter part is where Bloomberg has intervened by launching the FOSS (Free and Open Source Software) Contributor Fund:

First piloted by employment website Indeed in 2019, a FOSS Fund is a mechanism that enables a company’s employees to nominate open source software projects they rely on (or participate in) every day.

The idea is to identify open source projects that are important to an organization and encourages its employees to participate more directly in the funding decisions the company makes. 

Voting has been essential in deciding which projects to pledge support on as Alyssa Wright of Bloomberg’s OSPO in the Office of the CTO explains:

You can’t see everything within a large organization, which is why the nomination and voting process is so crucial. It is a “creative way of gaining visibility” into open source infrastructure needs.

Once the votes had been tallied, three open source projects integral to Bloomberg’s operations and beyond were chosen as the recipients of the company’s inaugural FOSS Contributor Fund grants:

  • Apache Arrow- a project that makes data transfer and analytics lightning-fast for a number of data-intensive applications. At Bloomberg, there’s a particularly engaged community around this project, which includes regular meetings and communication channels.
  • Curl, a ubiquitous tool used to interact with web services that’s implicitly part of billions of interactions every day — yet is still essentially developed by one lead and a tiny group of contributors.
  • Celery, a primary task management tool in the Django and Python ecosystem that is used broadly within the company.

Going forward, the new FOSS Contributor Fund will award up to three grants of $10,000 each quarterly voting cycle.

It is important to note that other organizations such Microsoft, Johns Hopkins University, Salesforce, Sentry, Zeiss, already operate funding programs like this one too.

In the end, the importance of OSS as well as its under-funding is getting acknowledged and the industry that depends upon it is finally providing the means to sustain it.

 bloomberglogo

More Information 

Bloomberg Launches FOSS Fund to Support Free and Open Source Projects

Related Articles 

New Initiative For Taking Open Source Software Security Seriously
Professional Open Source Software Management

The Open Source Guides To Managing Open Source Software Projects

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Microsoft Open Sources Drasi
18/10/2024

Microsoft has announced the open source availability of Drasi, a data processing system designed to simplify the detection of and reaction to critical events within complex event-driven infrastructure [ ... ]



CouchDB 3.4 Strengthens Password Hashes
03/10/2024

CouchDB 3.41 has been released with stronger password hashes, a Lucene-based full text search implementation, and QuickJS as a JavaScript option.


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Saturday, 27 May 2023 )