The third lesson is securing every link in the supply chain as open source can contain security defects since attackers can become maintainers and introduce malware. To address this last year, Microsoft joined with GitHub, Google, and IBM to create the Open Source Security Foundation (OpenSSF) to provide developers with access to find these vulnerabilities.
Last but not least is that communication is critical, especially in a remote work environment. One way to foster this is through chat rooms. However, sometimes they are not enough.
“While chat rooms are the new water cooler, they are temporal and transient. They are not the new announcement email or document repository. In the same way that no one is expected to know what happened in every meeting or conversation in the office kitchen, few people read the history of chat rooms when they return to their desk,” Sarah Novotny, an open-source leader in the Azure Office of the CTO at Microsoft in, wrote in a blog post that outlined the four open-source lessons for success. “Understanding how communication has changed and what expectations are set for every medium allows internal communication to remain a critical support of a good collaborative culture.”
The lessons also aim to address the new ways developers and companies interact with the open-source pandemic. Microsoft found that while enterprise developer activity dropped on weekends and holidays (as expected), open-source contributions actually jumped as a trend on GitHub.
This year brought several new challenges as the way developers worked was entirely changed to remote working. While many open-source developers already had experience in this working style due to the global collaboration nature of this type of coding, companies still struggled to integrate their open-source software experiences and development models, Novotny explained.
