In the last 20 years, software development has fundamentally changed. While companies used to write almost every line of code by hand, this is no longer the case. In fact, 99% of codebases audited in 2019 contained open-source components, according to Synopsys’ 2020 Open Source Security and Risk Analysis Report. To learn more about open source at PEAK6, we sat down with PEAK6 CTO Brad Boven and Director of Open Source Jeff Luszcz.
Let’s start with the basics. What is open source?
Jeff: Open-source software allows for worldwide shared development of high-quality, free, reusable, continually updated software components that get better with every release. Small amounts of distributed work add up to these amazing libraries available for almost any possible use. As of January 2020, GitHub, a popular platform for hosting open-source projects, reports having over 40 million users and at least 28 million public repositories. The scale and potential impact is astounding and has changed how we work as engineers. It allows us to extend our reach. We have 300+ developers across businesses who can leverage the work of hundreds of thousands of person-hours of software development efforts with the flick of a switch.
That sounds like a no-brainer for developers. Is there a downside?
Jeff: The flip side is that, while it’s free of actual costs, open source is not free of legal and compliance obligations. If we use it, we have to honor the expectations of the original authors. As a company that prides itself on compliance and ethics, it is important for PEAK6 to properly manage our use of open-source technology.
For example, some open-source licenses require all your source code to also be shared with the community or prevent certain uses. Other times there are no or few strings attached. Unexpected requirements to share source is something that many companies worry about. A number of companies that have used open-source software incorrectly have later been sued, because one block of code required them to make their software available to the public. It’s important to understand what you sign up for when you decide to use a certain piece of open source! It can be very expensive to fix open-source problems after they are deployed.
Another growing issue is security.
If you don’t know what’s in your code, you risk stumbling into a legal or vulnerability problem.
What does a director of open source do? What does the new role entail?
Jeff: My role is to help define our usage policies based on my experience working with the open-source community, technology startups and some of largest companies in the world. I’ll help our development teams understand what open source they are using, respond to security issues, and work with our customers (both internal and external) on the questions they have about our open-source usage. I’ll also help us contribute back to the open-source community, while protecting our intellectual property and trade secrets.
Why hire a director of open source? And why now?
Brad: Our plan for open source at PEAK6 is three-pronged. Use. Contribute. Influence. We are big users of open source, and we make improvements to almost everything we use. We’re leaning in on this. Jeff joining us is a clear indication that we’re also investing as contributors back to the open-source community. Open source matters to PEAK6 because we have limited resources, but we pull things into our ecosystem and can go much faster and accomplish more because we can use open-source technologies. We want to proliferate the open-source communities we have, and we want to give back into those communities. We also want to share some of improvements we’ve made to open-source we use, to ensure it stays high quality, secure and fast. Our developers care deeply about contributing to open source. It’s a source of pride and morale.
How does one become a director of open source? What’s your background?
Jeff: I started out as a developer, first helping NASA build artificial vision models and LCD simulation technology, then helping a startup create software development tools for distributed systems. While helping to build these products, I noticed how open source was becoming more and more popular. I also saw the mistakes and difficulties companies were having with security and compliance responsibilities. I started Palamida, which was one of the first tools designed to scan for and manage open source. Since then, I’ve helped many of the world’s largest and best-known companies get a handle on their open-source use. After building and selling that company (now part of Revenera), I joined PEAK6 to build out its open-source management program and its Open-Source Office.
How prevalent is open source in fintech?
Brad: It’s relatively new over the last several years, but it’s really taken fintech by storm. We want to be on the ground floor of that and control our destiny. Organizations that don’t pay attention to where open source is coming in and understand which technologies it’s replacing can lose their markets. We also want to see certain features and capabilities move ahead, and we can help influence those products.
Want to join our team of open-source contributors? Check out our open positions.