GitHub releases results of 8,400 open source development surveys, highlighting increased emphasis on security and increased use of AI
GitHub, a software development platform, has published the results of 8,400 surveys conducted by its users, sharing data on security issues in open source projects, AI-related issues, and more.
Seven years of open source: A more secure and diverse ecosystem - The GitHub Blog
Open Source Survey 2024
https://opensourcesurvey.org/2024/
Below is information taken from the 2024 survey:
When considering whether to use open source software, how important are the following items?
The items are as follows, from top to bottom. Also, from left to right, the colors indicate 'very important,' 'somewhat important,' 'neither important nor unimportant,' 'somewhat unimportant,' and 'not sure what this is.'
Active development
Responsible maintainers
・Open source license
- Secure by design
A welcoming community
・Contribution Guide
- Widespread use
·code of conduct
・Contributor License Agreement (CLA)
When considering whether to contribute to open source software, how important are the following factors to you?
'Secure by Design' seen in the two questions above is a joint guidance that encourages software manufacturers to take the necessary emergency measures to ship securely designed products and revamp their design and development programs to ship only securely designed products to customers. The question on secure by design was introduced in 2024, and GitHub noted that '82% of users consider security essential when deciding to use a project, and 62% consider security important when choosing whether to contribute. Improving the security of a project is an important motivation for contributions.'
◆Which best describes your employer's policy on incorporating open source AI models into their code base?
The options, from left to right, are 'recommended,' 'allowed with appropriate tools,' 'unsure,' 'no firm policy,' and 'sometimes allowed.'
◆Which most closely describes your employer's policy regarding incorporating open source dependencies into your code base?
Based on these two responses, GitHub concludes, 'While 35% of employers do not allow the use of open source AI models, only 17% express similar uncertainty about traditional open source dependencies. Interestingly, a higher percentage of developers are unsure about their ability to use AI models compared to traditional open source dependencies.'
How often do you engage in or observe each of the following activities?
The items are as follows, from top to bottom. Each color represents, from left to right, 'frequently,' 'occasionally,' 'seldom,' and 'never.'
・Writing code and documentation with the assistance of AI
Use AI assistance for other tasks that support software development
Contribute to projects that use publicly available AI models to provide AI-powered features.
Contribute to projects that develop AI infrastructure (models, datasets, orchestration, evaluation, etc.)
Contributing to projects that use AI models that are not publicly available (e.g., accessible only through an API) to provide AI-powered functionality.
- Be aware of and follow applicable ethical, governance, responsibility, safety and security practices when doing any of the above
Additionally, narrowing down the list to only those respondents who contribute to projects that use AI models or AI infrastructure, here is the percentage of those who answered 'I am aware of and follow applicable ethical/governance/responsibility/safety/security practices when doing any of the above.' Among those who contribute to projects that use AI, the percentage of those who answered 'never' decreased and the percentage who answered 'sometimes' increased.
Based on the above, GitHub reported that 'developers who contribute to AI projects report an overall higher awareness of responsible AI practices and best practices. 73% of people have used AI tools compared to 74% who have never contributed to an AI project, making use more common than contribution.'
◆Are you currently living in a country other than the one in which you were born?
The items are as follows.
No, I live in the country where I was born.
Yes, I intend to live there permanently.
Yes, I don't know about my future plans.
Yes, I intend to stay temporarily.
◆ Considering the country in which you were born, are you a member of an ethnicity or nationality that is considered a minority in that country?
·no
·yes
・I don't really understand
I don't want to answer
Regarding diversity in the community, GitHub reported, 'Diversity within the open source community has steadily increased year over year. In 2024, 30% of respondents identified as immigrants, up from 26% in 2017. Additionally, the percentage of respondents who do not identify as a minority in their home country decreased from 79% to 70%, reflecting a wider range of perspectives and backgrounds in the community.'
◆How did you respond when you were recently harassed? Please select all that apply.
Did not respond/ignored
- Blocked a user who was harassing me
- Asked the user to stop harassing them
Reported it to the project maintainer
- Seeked support from other community members
- Reported to hosting service or ISP
·others
Consulted with legal advisors and lawyers
Contacted law enforcement
GitHub said, 'The survey revealed a significant shift in the community's approach to harassment since 2017. In 2017, 49% of respondents said they ignored harassment, but that dropped to 38% by 2024. This change highlights an increase in proactive behavior within the open source community, indicating that more individuals are taking steps, such as blocking or reporting incidents, to directly address harassment.'
◆How old are you?
What's interesting is that the number of people who chose not to disclose their age has decreased significantly since the first survey in 2017.
◆Which of the following most closely describes your beliefs about attribution in software development?
Dark blue is 'People who wish to remain anonymous should be able to contribute code without attribution' and light blue is 'Authorship logging should be mandatory so that end users know who created the source code they are working with.'
◆Which of the following best describes your sense of belonging?
The options are, from left to right, 'I state my real name,' 'I contribute using a consistent pen name that is easily linked to my real name online,' 'I contribute using a consistent pen name that is not linked to my real name online,' and 'I try to use a different pen name for each project.' Regarding this series of questions, GitHub said, 'Respondents who support anonymous code contributions have fallen from 60% to 51%, and more people are posting under pen names. These changes highlight the importance of secure, privacy-respecting tools and processes to foster inclusive collaboration.'
When it comes to funding open source, how often do you do or see each of the following being done?
From top to bottom, the responses are: 'Investors in my country provide funding to startups that contribute to open source,' 'The government financially supports open source projects,' 'The government supports open source projects in kind,' 'My employer supports open source projects in kind,' 'I financially support other people's open source projects,' and 'My employer financially supports open source projects.'
GitHub said, 'In 2024, we surveyed the levels of financial and in-kind support for open source from employers, governments, and investors. While only a small minority of people said they support it frequently or at all, only 50% said they don't support it at all in most categories, indicating there is room for growth and potential investment in open source sustainability.'
Finally, GitHub said, 'To move open source forward, we call on organizations, governments, and funders to invest in the ecosystem through funding, resources, and direct collaboration with the open source community. Together, we can shape a stronger, more diverse, and safer open source future.'
Related Posts:
in Posted by log1p_kr