Foreward, Andrew Waafa, Distinguished Engineer, Senior Director Software Communities, Arm
Introduction and Executive Summary, Amanda Brock, CEO and Chief Policy Officer, OpenUK
Open Government, Data, Standards and the UK, The Rt Hon Lord Maude of Horsham and Chairman FME
Building the UK Open Source Business Community, Matt Barker, President & Co-Founder, Jetstack Ltd and OpenUK Entrepreneur in Residence
OpenUK Survey Outcomes: UK Business and Public Sector Usage of Open Source Software
- Types of Software in Use
- Cloud Infrastructure
- Business Use
- The Importance of Collaboration
- Future Outlook – Covid-19, Brexit, Sustainability and Financial Downturn
- Recruitment in Open Source Software Specific Roles
- UK Business Usage of Open Source – Summary of findings
Review of Reports since March 2021
Case Studies in UK Business Adoption
- Starling Bank: Expanding the Role of Open Source
- Department of Finance, Northern Ireland: A Public Sector Perspective into Open Sourcee
- University of Edinburgh: An Open Culture
- Swansea University: Broadening the Scope of Open in Education
- The Alan Turing Institute: Bridging the Gap Between Industry tnd Research
- Anthony Nolan: A Global Impact
Security, OSPO and Governance
- Open Source Program Offices
- Governance and Good Practice in UK Open Source Software
Conclusion, Dr Jennifer Barth, Director of Research and Founder, Smoothmedia
Andrew Wafaa, Distinguished Engineer, Senior Director Software Communities, Arm
Open source software is no longer a niche term for business and government, it is rapidly becoming the de facto method for work today. When it comes to software standards, open source is the way to get it done. Looking at the software industry, many of the biggest businesses are heavily reliant on open source; whether it be cloud vendors, software vendors, healthcare, the financial industry, telecommunications or… the list goes on. Open source software is the foundation for established vendors even when their products are proprietary. It is the
toolbox enabling entrepreneurs and start-ups.
Open source software creating de facto standards is rapidly becoming the norm too, no longer are they worked on and decided behind closed doors. A big advantage of having de facto and approved software standards that are open, is that they remove the appeal of unnecessary differentiation, allowing companies to invest their time, effort and money where it really matters. From a customer perspective, knowing that the investment you are making is built on open standards, de facto or otherwise, allows you the flexibility of interoperability and allows you to either move to another vendor should you wish to, or help improve your Return on Investment by directly influencing the standard.
As the world’s leading semiconductor IP company, Arm has invested heavily in both open source software and open standards. This investment started off small and began by being a consumer of open technologies. It did not take long for the realisation of the potential value to the organisation and our ecosystem to grow in existing markets whilst expanding into new ones.
Arm needed to contribute, not just consume.
With a large ecosystem of hardware partners, having open software standards easily enables a write once, run anywhere, policy. Our partners actively participate and contribute to the de facto standards process, enabling a more rapid adoption of our technology throughout the supply chain. From a software perspective, open source was not a nice to have, it was an absolute must. Open source enabled us to grow and expand our presence, building up large teams across the globe from the US, through Europe, to Asia.
In the current times of COVID, our engineering teams have been able to operate without missing a beat, thanks to the distributed nature of the open source world and to help those less accustomed to remote working get to grips with the changes needed.
After Arm’s conscious decision to increase its investment in open source software, it soon became apparent that there was some internal fragmentation on how to engage and interact with open communities. As with many companies, an Open Source Program Office (OSPO) was created. This helped build solid bridges between our engineering community and our legal community. It helped bring the open source operating methodology inside the business. It drove us to create best practices, unify strategies, educate our staff, and have a central
point for employees to access subject matter experts.
Arm supports OpenUK’s work as it brings cohesion to the UK’s business of open source software, not least through the three phases of this Report, clarifying the UK’s commitment to this area, identifying its utilisation and explaining its value.
Introduction and Executive Summary
Amanda Brock, CEO, OpenUK
“Ingenuity”, NASA’s small robotic helicopter running open source software, completed its first space mission on Mars, on 19 April 2021. In doing so, it brought open source into NASA’s “Mission”. Although the helicopter was sent to Mars with the Perseverance Mission, it was sent as a technology demonstration and not adopted into the “Mission” proper until it succeeded in its flight. This success in 2021, has made it possible for open source software to be included in future NASA Missions. Baby steps, or in this case, baby flights.
Each baby step has led to a bigger step, and bit-by-bit, to giant steps in adoption of open source software. It has led to open source becoming a mainstream technology. The OpenUK survey demonstrates this in both UK businesses and the public sector. Indeed, we have seen a revolution in open source software over the last decade. That’s partly due to the digitalisation of all businesses and infrastructure including Government services and the infrastructure that they provide to their citizens. As a consequence, these have become software defined
services. What that really means, is that a huge proportion of all technology and therefore all services are based on software, and in particular on open source software.
This phenomenon is partly due to the rise of the developer tool Git and the massive uptake in public repositories allowing distributed working like GitHub and Gitlab, over the last decade. 83% of the survey respondents confirmed their usage of these. These public repo’s allow open source software to be adopted in businesses, royalty free, with immediate business access to the software and with the providers and others offering additional services, such as support, at a cost.
An incredible 97% of surveyed respondents use some form of open source software in UK business. For the UK, its excellence in open source software based infrastructure is an important part of this picture. This is likely to develop more in the coming months and years.
In the OpenUK State of Open Report: Phase One, published in March 20211, the accepted value of the UK’s open source software contribution to GDP was established as being up to £43.1bn per annum. The UK’s position as number one in open source software in Europe, generally being the fifth biggest global contributor to open source, and as a huge contributor to the UK’s digital economy, was a clear message.
With this State of Open Report: Phase Two the process of opening up the data around UK business and public sector adoption and utilisation of open source software, is considered. Phase Three will evolve further how open source software is valued from an economic perspective and equally an exploration of the hidden values of open source software, including its improving sustainability, collaboration and skills.
A number of UK case studies are included in this Report and more will follow in Phase Three. I’d like to add my personal thanks to all those who provided the case studies, contributed to both Phases of the Report and who completed the survey. Also thanks to GitHub for its sponsorship of Phase Two and to all of our sponsors who make the work of OpenUK possible. Thanks also to The Rt Hon Lord Maude of Horsham for his support and contribution to this report and to Open Technology in the UK.
The Ingenuity helicopter name was suggested by a high school student, Vaneeza Rupani who said, “Ingenuity is what allows people to accomplish amazing things.” That makes it such a fitting name for an open source software device. Ingenuity is exactly what it has taken for open source to become the runaway success it undoubtedly is today in the UK, and for many of the well known figures in open source software like Liz Rice, Justin Cormack, Alexis Richardson and Matt Barker, to hone their skills in the UK. More interaction with these individuals and many others will be evident in the output of the OpenUK Founders’ Forum.
As we look to NASA in the US, we also see the US Government reacting to software security concerns, and in particular President Biden’s National Order of 12 May 20212 , on Improving the US Nation’s Cyber Security. This document calls out open source software and the need for a Bill of Materials (“BoM”), something that the open source governance community has been working on for over a decade and which can be seen in Software Package Data Exchange (“SPDX”)3 , the Linux Foundation’s de facto standard for open source software BoM’s. SPDX is currently working its way through an accelerated ISO standardisation to join Open Chain as one of the first formal standards
in open source software governance.
The Survey shows that only 18% of UK businesses are aware of Open Chain and 3% have Open Chain governance of Open Source implemented. We also see 58% with open source policies and 54% with procedures for open source. To achieve open source software good housekeeping UK businesses will need to further develop their practices.
“Open Chain is all about traceability of software. People who receive the software, they’re going to know where it comes from.
And the idea is to build trust in the supply chain.”
Andrew Katz, Partner, Moorcrofts and Founder Open Chain UK Work Group
The learning curve around open source software good governance is likely to be accelerated as users become more sophisticated in their interaction with open source and increasingly move to contribution. We already see early stage Open Source Program Offices in the UK and expect those to increase as open source governance and security move up the UK agenda. In this report, Andrew Wafaa, who runs Arm’s OSPO, UK based Dawn Foster of VMware’s OSPO, and Lorna Mitchell who is setting up an OSPO for Finland’s Aiven, explain more about the work of this business function.
The importance of open source software to sustainability will be explored. Its very nature, being open, allows for use by all and recycling and modification of code, in line with the Sustainable Development Goals4 and Digital Principle 65. Open source software is supporting the UK’s journey to carbon negative. We will see more on this in the OpenUK hosted Open Technology and Sustainability Day at COP26 on 11 November 2021, and in Phase Three of this Report, investigating the true value of open source software.
OpenUK plans to repeat this survey on an annual basis. I will be fascinated to see what compartors this creates. For those who did not complete the survey, there is always next year.
Between now and 2022 the UK Digital Strategy and those of the Devolved Nations (to the extent not already delivered) will take shape and reach publication. I hope to see open source software, the UK’s position as Europe’s number one, and as a centre of excellence in this space, enhanced with a recognition of the place of “Open Technology”- open source software, open hardware and open data – in the infrastructure of a digitalised Global Britain.
Whilst OpenUK focuses on the UK, it and the UK’s open source contributors collaborate globally. Collaboration and co-opetition on an international basis are fundamental to the nature of open source software. The Ingenuity helicopter on Mars is a great example of this. Whilst Ingenuity was created by NASA in the US, the UK was the third biggest contributor to the open source software used in Ingenuity for its flight on Mars.
Open Source, Standards and the UK
The Rt Hon Lord Maude of Horsham, Chairman, FMA
From 2010 to 2015, as Minister for the Cabinet Office, I was privileged to have oversight of the UK Government’s digital transformation programme. We set up the Government Digital Service – GDS; co-founded the Open Government Partnership; and after a few years the UK was ranked best in the world for digital government and for open government. Oh, and we saved a shed load of money and delivered much better value to the taxpayer.
“Open” was the word running through all this. Open data, mandatory open standards, open source software: these created the alchemy that enabled us to make the UK a global trailblazer.
Today, the demand for more openness, governance and accountability is stronger than ever. The role of data in our everyday lives has gone up, and the number of organisations that are creating data about us, and for us, has increased massively. The world is more connected, and more data flows around the world, from country to country, every day. At the same time, people want more control over information about them, created by them, and used to make decisions about them.
The world of technology has of course evolved furiously, with new companies entering the market and new opportunities constantly being created. However, the value of openness has not diminished. Indeed, as the previous OpenUK Report demonstrated, open source software can deliver the tools for individuals, businesses and governments to succeed and this report demonstrates that we in the UK are using them with vigour.
In the UK, open source software represents a significant opportunity to carry through on the ideas that have been discussed throughout the past decade. The value of open technology to the UK economy will only increase as more companies and governments take advantage of open source.
In the world after Brexit, the UK has an opportunity to rethink its approach to engaging with the world. We can learn lessons from the world of open technology, where leading in innovative projects and collaborating with others globally is more efficient and more effective. The UK Government has already recognised the importance of this in the NHS Data White Paper in June 2021, stating that new software developments and projects undertaken will be made available under open source licences.
This move offers huge potential for companies and for the NHS, as once these projects are created, they may be shared and used by others. Successful data and software projects at one of the world’s largest healthcare systems would undoubtedly be in demand at other healthcare providers across the globe, providing an opportunity to build out successful businesses based on this.
Alongside this growth opportunity, there will be challenges.
There are requirements around data privacy and security that must be addressed, and individuals and communities must feel that their concerns are listened to. The ethics of how data is used have to be defined, understood and respected and open standards will be essential. Each of these elements can and should be addressed in the open.
As more of our lives move to digital services and as governments around the world seek both digital and data sovereignty whilst improving services to their citizens, open technology can fill the gaps that exist.
The UK Government has led the way around innovation in government based on open, and it must continue to build on that work. By creating and supporting existing and new projects based on open, UK companies can deliver the infrastructure that others around the world can use.
The UK is well positioned to create sustainable and effective ways to process data, to manage industries and to make use of data in healthcare and government.
Building UK open source business community
Matt Barker, President & Co-Founder, Jetstack Ltd and OpenUK Entrepreneur in Residence
It was only 10 years ago that I was looking to countries on the continent to learn from their innovation in adopting and using open source software. Large-scale deployments of linux by the Gendarmes in France, and the adoption of Open Office in Munich were inspirational to someone like me who had firmly decided that open source held the power to deliver better software, and better outcomes for users and businesses.
Although there were some admirable efforts, sadly in the UK we didn’t have the same leading examples. Generally, I felt we were being held back by collective ‘lock-in’ to doing things the way we always had done. On trying to sell the value of open source, I was always met with bemused answers like ‘surely if the code is open it makes it insecure’ or ‘try getting an open source licence through our legal team haha’.
Fast forward a few years, and how times have changed. Thanks to some early pioneers in the UK who were making the most of open source software in their quest to move to the cloud, we witnessed an awakening. Once Brits realised that adopting cloud, DevOp’s practices and open technology could get them to market quicker, more efficiently, and for less money, there was no going back. We saw an explosion of use cases, companies, and meetups which fuelled an emerging ecosystem.
When Government Digital Services kicked off, and we saw the commitment from the public sector to open source in their building of GOV.UK we were really starting to power up and build a world-leading position in open technology.
More recently we’ve seen global adoption of open technology on a scale I couldn’t have imagined. Not only is open source being used to build new businesses, it’s also led to the creation of new business models, and we’ve seen multiple billion-dollar businesses built from one humble code commit on GitHub. I’m certain that it was our quick adoption of open technology, and how committed we have been to embracing it that has helped the UK build more $bn companies than the rest of Europe combined6.
This puts the UK in a phenomenal position, and as open technology becomes the standard on which all software is built, I believe the UK is in a unique place to build a ‘platform for the world’s tech businesses.’
Ultimately, I believe this will create more jobs, more wealth, and more importantly, enable us to create better lives for people through more efficient services.
In my role as Entrepreneur in Residence for OpenUK, I’m trying to help encourage and support open tech founders in order to further this goal. In the process, I’m learning a lot about what it takes to help break down the barriers to getting started. Although we’ve achieved a lot already, there’s so much more we can be doing, and I’m hearing common themes around how we need to build skills, encourage engineers to come to the UK, and then make it as easy as possible for people from all walks of life the chance to build an open tech business.
Having built a successful business on open technology myself in the UK, I understand how this can be done, and I can also see the tremendous power of the opportunity we have at our feet. I look forward to welcoming you on the journey to embracing this.
OpenUK Survey Outcomes: UK Business and Public Sector Usage of Open Source Software
One of the lessons that has emerged from the pandemic has been our high reliance on digital technology to continue working and sustaining social contact in turbulent times. Digital infrastructure expanded at pace to meet higher demand and accommodate digital adoption that has accelerated7 beyond belief – with a lasting effect on the way we live and work. The challenge we take from these experiences is to make access to digital technology not only ubiquitous but equitable and transparent. From an economic perspective, one of the key issues is affordability of digital technologies and digital inclusion.
The Survey findings show a very high utilisation of cloud infrastructure in the UK with much of the provision coming from a handful of large companies. Open source software offers interoperability, and it is far more present in digital technologies and the cloud than many in the C-Suite might think, with most organisations responding to the Survey running open source software.
“Visionary folks inside Google open sourced Kubernetes and they ended up creating the CNCF to be the home for Kubernetes and
related projects. I have definitely seen a lot of anecdotal evidence, particularly for the big players, that the ownership of code by a
foundation makes a big difference to their belief that they can safely participate. That is hugely important to the way that Kubernetes and the whole cloud movement has taken off.”
Liz Rice, Chief Open Source Officer at Isovalent,
Chair, Technical Oversight Committee, CNCF
and OpenUK Ambassador
“Open source is embedded very deeply but very stealthily in the fabric of UK business. If the average C-suiter knew their reliance upon open source, then I think its importance, investment in it, and particularly a company’s commitment to participating in projects would be much more prevalent in the UK.”
Nigel Abbott, Regional Director, NEMEA,
GitHub and OpenUK Ambassador
To understand more about open source software adoption in the UK, we conducted an anonymous online survey which ran from 17 May to 13 June 2021, focusing on adoption of software and cloud technologies, governance, security, recruitment and future outlook in the UK (“Survey”). We gathered 273 responses via random sampling, from all sectors of the economy, all company sizes: small (up to 49 employees), medium (from 50 to 999 employees) and large (1000 employees or more)8. For a detailed breakdown of the sample, see Methodology.
We found that 97% of businesses of different sizes in all sectors of the UK economy use open source software technology. Although resources became a more pressing concern during the pandemic, 64% of businesses in our sample experienced business growth which translated into a high recruitment drive for roles relating to open source software in the past 12 months (see recruitment findings). Further, we find that almost half of businesses surveyed (48%) are using open source software more as digital adoption becomes embedded in organisational culture and business.
Figure 1. Open source software and business growth in the UK for 20209
5.1. Types Of Open Source Software In Use
Use Of Open Source Software
The vast majority of survey respondents use some open source software (97%) across all sectors of the economy. The sector where use of open source software is the most well-established is technology, media and telecommunications. There are high levels of use of open source databases such as MySQL, PostgreSQL, Cassandra, and GitHub, or other public repositories in all sectors in the survey.
Such high levels of use of open source software would not have been possible without more intensive adoption of cloud infrastructure services, an area where we see high concentration of market power in the hands of a few providers. The UK has a particularly strong position in open source software based infrastructure.
Across all respondents, the most common types of open source software used in the UK are open source software languages (86%), open source software tools (84%), GitHub, or other public repositories (83%), open source operating systems (80%), and open source databases (78%) (see figure 2 for the full list of types of open technologies used)10.
Figure 2: Types of open source software used
In the technology, media and telecommunications sector the top four in use are GitHub, or other public repositories (used by 94% in the sector), open source software languages (used by 91%), open source operating systems e.g. Linux (used by 90%) and open source databases (used by 88%).
There is also high levels of use of languages (e.g. Python) that are generally regarded as open source standards and the use of such languages is included in the findings.
Further, we see that large companies tend to use a wider array of open source software. We find that 52% of companies in this category use open source operating systems, open source databases, open source software tools, open source security tools (e.g. Snort, Notary and Trivy), open source observability tools (e.g. OpenTelemetry), open source container technology (e.g. Docker, Kubernetes), GitHub, or other public repositories, as well as other open source software. The wider variety of open source software used in large companies is common in the sector regardless of number of employees.
“Functionality, through collaboration, across competitors within the same industry, enables you to all start from the same, somewhat higher benchmark. You can specialize on the cutting edge, market breaking and the market leading functionality and take everybody in your organisation with you on that journey. And that’s the bit that’s so powerful. For example, in FinTech there are organisations that are galloping ahead with some of their offerings. They’re able to get to market much more quickly through open source.”
Nigel Abbott, Regional Director, NEMEA, GitHub and OpenUK Ambassador
This software is also widely used in the banking, insurance and financial services sector, with 93% of users in the sector using open source operating systems, and 89% of users using open source software languages. The picture is similar in education, where the most used open source technologies are the same: open source software languages by 89%, open source operating systems and GitHub, or other public repositories are both used by 84% of users, while open source databases are used by 79% of users.
In the UK public sector, and the care, health and pharma sectors, open source software languages are used by 89% too, while open source databases are used by 78% of users and 63% use open source operating systems. Findings for professional, legal and consulting services show that they primarily use open source software tools e.g. Jenkins (63%) as well as open source repositories, open source software languages, open source databases and open source operating systems. This slight difference in the most commonly used open source software is indicative of the different needs of businesses (see figure 3)11.
Figure 3: Most used types of open source software
5.2 Cloud Infrastructure
Open source uptake is enabled by the prominence of cloud infrastructure services. In the UK, AWS is used by 65% of respondents, Google by 47% and Microsoft Azure by 45% (see figure 4)12. Large companies are seen to have a strong preference for AWS (74%), Microsoft Azure (68%) and Google (47%). Market share of the three biggest providers is slightly lower in medium and small companies, with a more diverse provision. In medium-sized companies VMware is preferred by 10%, IBM by 7%, followed by OVH, Red Hat and Linode all at 3%. In the small size company market, OVH is used by 12%, Digital Ocean by 6%, VMware by 3%, followed by Red Hat and Hentzer both at 2%13.
“Open source is probably one of the UK’s best hidden secrets. Most enterprise software that’s being deployed or licensed these days have some components of open source technology.”
Leanne Kemp, CEO & Founder, Everledger and OpenUK Ambassador
Figure 4: Use of Cloud Infrastructure services
5.3 Business Use
The development of open source software relies on collaboration and open source software project participation, to improve the quality of code, code sustainability and security. Collaboration may be at a community, project or business level and in industry, open source development may be in co-opetition. At the same time, professionals using open source software develop skills and build a community of like-minded people. These bring tangible benefits to a business via network effects.
“The principles of open source and community-driven environments allow us to collectively gather around a problem statement, solve an industry challenge, and then bring together the right participants, both from engineering and industry perspectives, and then contribute back to the community.”
Leanne Kemp, CEO & Founder, Everledger and OpenUK Ambassador
Figure 6. Business engagement with open source software14
Although 97% of businesses in our sample use a type of open source software, the survey reveals that the vast majority of respondents (89%) run open source software internally in their business, while approximately 2/3’s of respondents (65%) contribute to open source software. The bulk of the contribution comes from the technology, media and communications sector, where 78% of respondents answered that they contribute, while for the non-tech sectors, this averages at 53%15. A bit less than half of the businesses in the Survey develop open source software (49%) and open source their own software (48%). Small companies are much more involved in open source software production, with 61% reporting that they open source their software while 57% develop open source software (See figure 7)16.
Figure 7. What businesses do in relation to open source software
When zooming in to identify the reasons why a business would choose open source software, we find that the primary concern is saving on costs (75%), helping businesses use resources more efficiently. This is particularly true when the software is royalty free although the total cost of ownership considerations including added resources to implement and maintain software need to be considered. The collaborative nature of open source software development allows developers to tap into skills, knowledge and experience that they may not have within their organisation, making collaboration the second most popular reason in our sample (72%) and skills development (64%). Better quality of code (61%) is also a benefit reported in the Survey, while more than half of the respondents argued that their businesses benefit from community building (53%) and security (52%) when using open source software (See figure 8)17. Large companies in addition to saving on costs (76%), cite collaboration (74%), skill development (72%), the quality of code (66%) and security (61%).
Figure 8. Business benefits from engagement with open source software
The UK’s education sector stands out from the rest. The primary benefit in education is not cost saving but it primarily skill development (77%); followed by collaboration (73%) (which speaks to the nature of the sector); and learning via working together and being able to experiment to improve the quality of code and fix bugs (64%) is crucial and can have very strong spill-over effects to other sectors of the economy.
For organisations in the public, care, health and pharma sectors collaboration is the top benefit (75%), followed by cost
saving and skills development (both at 61%).
“Digital skills in open are an entire supply chain, starting at the schools and education, carrying on to university and apprenticeships and there is an urgency in establishing this. For UK start-ups who can demonstrate prowess in open source software, why are we not promoting them on international forums and with investment funds?”
Nigel Abbott, Regional Director, NEMEA, GitHub and OpenUK
5.4 The Importance of Collaboration
The response rate on collaboration as a benefit shows how crucial collaboration is in open source software. We find that more than half of the businesses in our sample (52%) participate in open source community projects, while 2 out 5 of businesses in our sample (40%) participate in open source projects with non-profit organisations and foundations, and a third of respondents (33%) state that their organisation collaborates with academic institutions in open source projects. The top three collaborators for larger companies are open source community projects (60%), non-profit organisations and foundations (46%) and academic institutions (46%)18.
“Open source software in the UK is about focusing locally to enhance our skills and businesses in the UK whilst collaborating globally to create diverse and sustainable code.”
Amanda Brock, CEO, OpenUK
Figure 9. Collaboration networks and participation in open source projects
5.5 Future Outlook – Covid-19, Brexit, Sustainability and Financial Downturn
The Survey indicates that there is overall certainty about open source software remaining unaffected by the current economic shocks (including Covid-19, Brexit and financial downturn). The vast majority of our respondents appear unphased by these changes, reporting that these events had no impact on the use of open source software (figure 10)19. This is not surprising given the very nature of open source – it is a global phenomenon not bound by physical borders, and as such it is much more resilient and may in fact be favoured by changes that affect other areas of the economy and geo-political shift.
An optimistic finding is that respondents believe that the financial downturn experienced in the UK will increase the use of open source software, as will the shift to more sustainable ways of operation as an economy and society. Moreover, an increase in the use of open source was expected as a consequence of Brexit by 5% of respondents and 12% believe that COVID-19 has led to an increase in the use of open source.
Figure 10. Future Outlook20
Although views of respondents in different sectors seem to vary somewhat, the overwhelming message is that external factors, such as Brexit, Covid-19, the ensuing financial downturn and the shift to embrace sustainability will have no (negative) impact on open source software adoption.
These views are shared by respondents from large companies, with the exception of the impact of the financial downturn, where marginally fewer believe that it will increase use (9%) and slightly more believe that it has already increased use of open source (10%), compared to the average 12% and 8% respectively in the sample.
Sector specific findings show that respondents in professional, legal and business consulting services are the most optimistic about future uptake of open source software as a result of the financial downturn (29%) and that the Covid-19 outbreak had a positive effect on adoption of open source software (24%).
Organisations in education appear to be the most certain with all of them responding that Brexit had no impact on open source software adoption, while 23% of them believe that the Covid-19 outbreak will lead to an increase in the use of open source software.
5.6 Recruitment in open source software specific roles
The past year has been one of accelerated reliance on the digital sector to ensure the smooth running of the economy and society. 64% of businesses in the Survey state that they experienced business growth in 2020 compared to 2019 and 48% report an increase in the use of open source software during the same time period. To maintain this momentum of growth, our findings show that there was demand for specific skills to ensure that the necessary digital infrastructure for open source software follows this pattern, with higher demand for back end developers in the past 12 months and for cloud engineers in the coming 6 months. The UK has benefitted from the fact that it offers attractive conditions to talent in the digital sector overall, with recruitment remaining strong and an array of jobs in the digital technologies growing steadily at 1.7% per annum21.
“To increase engagement you need to cultivate a really strong community and also establish this positive
feedback loop, which is much easier to do in open source than proprietary technology, because you can talk
about what you’re doing and everything is open. A lot of the time you’re actively wanting to get strangers
involved in your project in a community based way. If this works for you, it works for me, we can have a
relationship about this project.”
Liz Rice, Chief Open Source Officer at Isovalent,
Chair, Technical Oversight Committee at CNCF and OpenUK Ambassador
The most desirable skill in open source software recruitment was that of back end developers, with 38% of businesses having hired in this role in the last 12 months and 23% planning to hire in the coming 6-12 months. Roles that are complementary to back end developers, such as development leads, full stack developers, front end developers and development operations engineers were hired by 29% of businesses in our sample during the last 12 months, while demand for more senior roles such as development operations architects was relatively lower (14%) during the year of the pandemic.
Given the drive to hire in a variety of roles over the last year respondents expect that there will be a slow-down in the next 6 to 12 months (figure 11)22. Businesses are now adjusting to a slightly more evenly paced digital environment, after an initial rush to increase digitalisation at pace during the early stages of Covid-19, with only 23 businesses (8%) of our sample planning to hire a CTO (or CISO) in the next 6-12 months.
Figure 11. Recruitment in open source software by role
Recruitment overall will slow down in the coming 6 months according to our findings, which may be the result of business adjustment as the market absorbed a large number of employees in these roles quickly with extremely high rates of recruitment last year.
Sectoral decomposition shows that high demand for some specific roles will continue in the coming months. In technology, media and telecommunications we find that recruitment levels will slow down overall and that levels of demand for the most sought-after roles will be lower than in the preceding 12 months. In education, demand for some roles will remain at the same levels and for others it will increase (particularly project managers).
Demand for roles in professional, legal and consulting services will remain strong in the coming 6 months, with an increase in recruitment in a wider variety of roles, showing the need for the entire spectrum of skills as these services expand to accommodate increased digitalisation. An expected increase in the use of Open Source Program Office (OSPO) and enhanced governance in relation to implementation of standards around open source software, including Open Chain and SPDX, alongside a focus on security, will likely see an increased demand for open source legal and governance skills.
Finally, in the public, care, health and pharma sectors as well as in banking, finance and insurance we see that in the coming 6 months primary interest will be in professionals working on cloud infrastructure. (See figure 12)23.
Figure 12. Most in demand open source roles by sector
The demand for these roles indicates that there is growing interest in open source cloud infrastructure in all sectors.
After an organisation’s IT network and services have been established (as seen with the acceleration in open source software adoption) software maintenance becomes vital, hence the need for enterprise architects and OSPO’s too, after a long period of systems’ construction (implied by the high demand for back end engineers in the past 12 months).
5.7 UK Business Usage of Open Source – summary of findings
The findings of the OpenUK Survey illustrate a complex picture of the State of Open Source Software in the UK. On the one hand we find that the overwhelming majority of companies in our Survey sample use some form of open source software. The most commonly used open source software in the UK according to the Survey categories are open source software languages, open source software tools and public repositories, open source operating systems, and open source databases. These are being used alongside use of proprietary software.
The benefits of the use of open source software are widely recognised in our sample, with respondents citing cost reduction, collaboration opportunities and skills development as the top three benefits to their organisations.
The Survey respondents appear optimistic about open source software adoption in the UK, with almost half reporting that they have increased use of open source software in their organisations over the last year. They also appear confident that shocks external to technology (e.g. Brexit, Covid-19, etc) do not adversely affect the use of open source software, with some reporting that they may in fact have a positive effect by increasing future adoption.
6. Review of Reports since March 2021
OpenUK published State of Open: The UK in 2021, Phase One24 on 20 March 2021. Since then three further countries have produced reports, but the European Commission Report continues to be unavailable at the time of publication. Further consideration of the Commission Report will be made in Phase Three, if available. Below we draw the most relevant facts from these new reports. FINOS and the Linux Foundation have also announced State of Open surveys25 which, where relevant, and if published in time, will be considered in Phase Three of this Report.
China has been an aggressive innovator in every area of technology over the last decade, and particularly in open source software, providing much of its cutting edge advantage. According to a recent industry report26, Beijing aims to use open source as an industrial policy tool and as an important part of its push for technological autonomy, to reduce reliance on foreign technologies and to enhance digital sovereignty. The progress made is such that the report argues that Chinese users are the second most prolific group on GitHub after the United States compared with the UK’s fifth position globally. Additionally two of the top five most followed GitHub accounts are Chinese.
A study by the think tank CAICT (China Academy for Information and Communications Technology)27 Open Source Ecology reports that 87.4% of Chinese companies use open source software and highlights the importance of the open source ecosystem in an increasingly dynamic global economic environment. At the same time, we see a high level of participation in the defensive patent organisation Open Invention Network by Chinese companies28.
The impressive growth of Chinese open source software is also manifested by the recent development of HarmonyOS, to replace Android systems as a result of trade wars between China and the USA. The drive to develop open source software is not new in China; it is being led by the Government which has been investing in open source projects and partnerships consistently since the early 2000’s.
In its journey to technological sovereignty, China responds to this challenge with high levels of investment and skill development to reduce its reliance on key US software – whether it is proprietary licensed software such as crucial chip architecture sets from Intel, or Google’s Android operating system, or open sourced tools that are freely available such as programing languages (e.g. Python). The Chinese government is strategically pushing to produce a resilient Chinese open source ecosystem shielded from geo-political actions. To this end, in June 2020 China established its first open source software foundation, the OpenAtom Foundation, created following GitHub’s restriction of access for developers based in US sanctioned Iran, which raised alarm in China’s technology industry. The Chinese government is also turning to open source projects to increase self-sufficiency in hardware, particularly semiconductors.
Open source is crucial to ensuring access to global technology and to China’s aim for technological sovereignty. Consequently, in China, open source software is receiving significant government support.
Japan has been on the technological frontier for decades and, as with China, the Government is taking a leading role (in collaboration with the private sector) to support and promote open source software.
To this end, the Ministry of Economy, Trade and Industry (METI) of Japan published a Collection of Use Case Examples Regarding Management Methods for Utilizing OSS and Ensuring Its Security29, in April 2021. The report summarises the points to note when utilising open source software, and highlights the clear benefits to business in using open source software for commercial and non-commercial purposes. The report is the product of active engagement from corporations such as Toyota, and as such indicates a certain degree of consensus between government and industry as opposed to initiatives around the world which have been much more one-sided (see France below).
The report pays particular attention to governance, stressing the importance of the Open Chain standard, ISO 5230 . This is perhaps unsurprisingly as Open Chain’s lead is based in Japan and a strong community has built around it.
As well as explicit reference to OpenChain it references SPDX in addition to a subset of SPDX created by Japanese companies like Fujitsu, Hitachi and Toshiba called “SPDX Lite,” which can be found as an optional component in SPDX 2.2.1. This may potentially alleviate some of the Software Bill of Material concerns also raised by the Biden administration 12 May Order30 discussed more in the security section.
A recent study conducted on behalf of CNLL, the Systematic Paris-Region cluster, Solibre and Nouvelle Aquitaine Open Source (NAOS)31 surveyed 140 companies and some 20 key figures in the open source software ecosystem in France. It highlights the need for more education of businesses and the public in the benefits of open source software.
The survey finds that while 88.3% of respondents believe that the key principles of open source software can help preserve the digital sovereignty of France, there is a need to explain the added value of open source in terms of digital sovereignty. Contrary to the situation in China, where open source software innovation is led and supported by the government, two thirds of the study respondents believe that the public administration in France does not sufficiently encourage open source software or open formats, despite this being required by Law since 2016, particularly in terms of public procurement, calling into question the impact of this French law.
7. Case Studies in UK Business Adoption
7.1 Starling Bank: Expanding the role of open source
In conversation with Steve Newson, Chief Technology Officer
Starling is a leading digital challenger bank disrupting financial services. It has grown exponentially in the last few years with deposits now running in excess of £6bn from more than 2 million accounts and receiving a total investment of £322 million32 in 2021 with a £1.1bn valuation pre-money. Open Banking has been at the heart of Starling’s success. For clarity, Open Banking has opened up data between banks and was mandated by MIFID regulation in the banking sector. It enables customer choice and the ability to move banks simply.
Starling Bank’s entire infrastructure is based on open source software.
‘Standing on the shoulders of giants’: The origins of ‘Build with Starling’
Finding out what the API is when dealing with an integration to another bank or third party can be a cause of frustration, especially if they are proprietary. There are few sandbox environments to test in, as well as legal restrictions (for example NDA’s) which make communicating difficult and slow down the whole process.
Having open API’s as a consequence of Open Banking has changed all of that Steve explains: “One of the great things about open source and about having open API’s is ‘standing on the shoulders of giants’. The only way I can develop software these days is because there’s 40 or 50 odd years of software development that has gone on before that, that I am benefiting from along with all the tooling and everything else that has built up to this.”
That’s where ‘Build with Starling’ comes in. It’s a differentiator. If you’re a developer with a Starling account, or a registered Third-Party Provider, then you can build something with Starling’s API’s. Used to run the bank, they go beyond industry standards and allow their customers to securely share their data. Developers can use their sandbox to play around and see how it behaves, saving time and paving the way for future interactions. Steve notes that “when it comes to wanting to integrate later on, it’s all just there.”
The benefits of having open API’s
Providing ‘Build with Starling’ as a service to all their customers has meant that anyone who wants to integrate with it (providing they have the technical ability to) can.
Importantly, it allows a space to engage and test before legal and procurement get involved. It makes things more efficient. Steve says, “The reality is if you get legal involved at the start then that cripples most projects because they’re just waiting for legal to go through all the fine details of the contract”. This way, when it gets to the point where legal are involved in contracts, the work is done and that understanding speeds things up. From Steve’s perspective “you’ve got more of a case…we’ve already demonstrated this thing works, we’ve actually got this thing integrated. We’re just waiting on you now. The terms are in there”.
This ability to kick the tyres of open source software by taking the code freely into an organisation on an open source licence, without the need for a procurement or legal process, has been a game changer for open source software over the last decade, and is key to its success today. Proprietary code simply cannot compete with this.
Starling is also very open about their usage of API’s and how it helps their customers.
The ethos of Starling Bank: care less about intellectual property and more about the staff
“In an organisation,” Steve explains, “your intellectual property is not in your source code. Your intellectual property is not in your software. Your intellectual property is in your staff”. Even if Starling’s source code was taken and handed to somebody else it would be useless to them without the staff. It’s the staff that have an inherent understanding of how the code binds together and how it works. In Steve’s opinion the intellectual property in the software itself is just a mechanism by which you integrate your systems. You make money through other mechanisms and services, not the software intellectual property. Starling’s ethos is, “by being the most open and the most accessible, you will get more clients and you’ll ultimately get more money coming in”.
Some larger organisations can fall into the trap of wanting to use open source but consider everything built internally as proprietary and think that where they make their money is embedded in the “super-secret software” itself. Steve disagrees and thinks their perspective needs to shift. He argues that, “it’s the engineers that built that thing and the people that you really need to value.”
Securing investment: the power of open
The fact that Starling’s whole infrastructure is built on open source software is a big driver for investors – in fact Steve says that, “generally speaking they actually like [it] better [than proprietary]”.
One reason is because it reduces the per customer incremental costs. Proprietary software licences generally mean that somewhere down the line there’s a third party that you share a licence with and that you have to pay more money to them as your customers increase. Open source software means licensing royalties for software don’t cut into the long-term profitability of the organisation.
Double the number of customers and your costs don’t double! Steve says, “they don’t even go up by any particular factor…you’re almost flat”.
Starling has 2.3 million customers, and their costs are about the same as they were a year, to a year and a half ago. Investors focus on that, and rightly so. Its significance cannot be understated. Starling’s series D funding round and valuation are testimony to that.
7.2 Department of Finance, Northern Ireland: A public sector perspective into open source
In conversation with Seamus McLean, Head of Enterprise Digital Development
The Department of Finance (DoF) in the Devolved Northern Ireland Government, has the overall aim of securing the most appropriate and effective use of resources and service for the benefit of their community. Their digital team, led by Seamus McLean, consists of 65 people and is a subsection of the DoF Digital Shared Services group. The team supports and maintains a particularly broad range of software applications, currently managing and supporting around 120 of them across different civil service departments using the .Net Core development framework. They also develop and support all of the Civil Service departments’ websites as well as the primary citizen-facing NIDirect site using the open source Drupal platform.
Open as a part of of the civil service’s toolkit
In line with the broader ethos of promoting open governance and sharing, there are concerted efforts to promote the use of open source internally within the Northern Ireland Civil Service (NICS) and the wider public sector. The NICS has a blend of internal digital resources complemented by external contractor resources, but use of external resources has led to increased exposure to a diverse range of tools with new technologies and open source often meeting the department’s needs best. As open source users rather than contributors in the past,
Seamus explains there’s now a move towards contribution, using both the Gov.UK PaaS platform and increasingly making use of GitHub repositories to share code.
The sophistication of open tools: testing as you code and flagging security issues
Testing is fundamental to everything the department does, and many of their chosen products are open, allowing them to respond early to risk and security. Seamus speaks of “shifting left”, “Our aim is to shift the quality and testing process as far to the left to the earliest part of the process of development. You don’t leave it to the very end to test…you try to find out the security issues and the defects right at the very beginning so you can rectify those things at the earliest possible stage.”
Open source software also allows the group to check for vulnerabilities and quality issues and to fix them in real time. Reducing the time from development to delivery is also reducing cost. “It’s not just about providing the tools,” Seamus explains, “resources like the OWASP Top 10 security checks are also telling you what the most critical issues that you should be looking for are. It doesn’t get any better than that really.”
Open source is intrinsically linked with most of the department’s activities and whilst they don’t have an explicit Open agenda or a dedicated team, “open source has become a fundamental part of how we behave and how we work.”
7.3 University of Edinburgh: An open culture
In conversation with Stratos Filalithis, Head of Website & Communication Technologies
The University of Edinburgh is a Scottish public research university with five main campuses, over 44,500 students and 15,000 plus faculty members. They are far along their digital transformation journey and actively interact with open source solutions and contribute to open source.
The major shift from proprietary to open source at the University of Edinburgh was the decision to use Drupal as the platform behind the University’s central web content management system, “EdWeb”. Drupal’s Code of Conduct aligns with the University’s key drivers for open source adoption and working ethics including increased flexibility, efficient collaboration, stronger customisation, knowledge sharing and a view to building common ways of working across the University.
Along with the Code of Conduct, Drupal has a vibrant community that successfully brings like minded people together to solve similar problems. This community helps the University understand the many ways they can leverage the benefits of open source software. Stratos notes, “We are all talking about similar problems and challenges, and a lot of the time the community comes up with a very brilliant idea. Open source allows us to share it. That realisation highlighted how prominent a place open source needs to have in our approach for a better web site for the University.”
Culture of collaboration
A key driver behind their use of open source is to leverage its collaborative characteristics. Each department has their own web presence and makes their own decision on what technologies they use, with no central system guiding them. Stratos and his team focus on the concept of, “communities of practice,” that not only collaborate on specific technologies, but have similar areas of interest. He aims to increase the integration between each department and encourage them to speak with each other. “We want to drive everyone in a similar direction. Not
only in terms of compliance but in terms of creating common approaches, avoiding duplicates, and increasing collaboration with each other. And open source allows us to do all of that.”
Value creation of open source activities is measured by internal productivity. As Stratos explains, “We focus on our own productivity, i.e. how has our productivity increased, how often can we release new features, how we’ve increased community engagement. We have some benchmarks in place and what we’re looking for is to improve and say, well, we have released so many different things and that made the experience better because instead of waiting three or six months to do something, we now, with open source, do it in two weeks to reach our milestone.” The speed, agility and innovation of open source work together to enhance productivity.
The University’s open culture has been expressed in more ways, such as ongoing effort and promotion of Open Educational Resources in their publications and learning & teaching. They host a Wikimedian in residence to empower staff and students to learn new digital skills. Stratos believes that the pandemic has forever altered the educational sector, with universities viewing their virtual estate as a good substitute for their physical premises. The hybrid model of working, teaching and learning is here to stay. Open source platforms will help the University respond.
7.4 Swansea University: Broadening the scope of open in education
In conversation with Prof Tom Crick MBE, Professor of Digital & Policy
Founded in 1920, Swansea University is a leading research-led university based in South Wales, with a strong engineering heritage, having been originally set up as a technical institution to support the industrial needs of the region. With three faculties spread across two campuses, it currently offers about 330 undergraduate courses and 120 postgraduate courses to over 20,000 students, with an international reputation for its computer science and engineering provision.
Open source software and infrastructure, has long supported much of the research undertaken and has become increasingly visible and important for learning and teaching (L&T). Professor Tom Crick splits his time between the £32m Computational Foundry and the Faculty of Humanities and Social Sciences.
Learning & Teaching
Historically, computer science had not been prioritised across the UK’s four education systems, with challenges in developing digitally confident and capable young people, including what it means to engage with open source. For Tom, this begins at school. Tom played a leading role in ensuring young people develop digital and data skills in Wales. He chaired the Welsh Government’s independent review of the ICT curriculum in 2013, leading to the development of a bilingual cross-curricular Digital Competence Framework in 2016.
In January 2020, the new Curriculum for Wales was published which promotes cross curricular digital competence as a statutory skill alongside literacy and numeracy. This underpins the wider interdisciplinary approach and mindset at Swansea University; as Tom says, “our digital world is predicated on open source software and infrastructure… we’re doing our young people a disservice if we don’t teach them that’s how our world works.”
Learning about open source is crucial to this, and it is included as a core part of interdisciplinary STEM-based delivery at the University. Tom says, it’s a “no brainer” that students are exposed to these tools because it has become so prevalent in industry, and their courses are designed with both strong theoretical and technical foundations, as well the needs of future employers at their core.
Open Source in the University
Tom explains that the awareness of open source in connection with research and innovation activities has increased because it is simply, “how research is done” today. The reason you can reuse, adopt and adapt existing tools and data and infrastructure is because they are open source. Tom explains that the benefits are clear across diverse research communities and disciplines.
In line with international initiatives and shifts in policy, research grants from the major UK funding bodies come with the stipulation that the outputs of research should be publicly available. This means that publications and datasets must be deposited and discoverable in open repositories. Increasingly, this also means that computational artefacts must be made available to ensure that research is reproducible and reusable. Using open source helps verify both data generated and the results which underpins the scientific body of knowledge, as well as
potentially speeding up innovation.
Cutting-edge work by computer science students at Swansea in the areas of human-centred AI and data science, cyber security, and computationally-intensive optimisation problems, uses open source software tools and infrastructure. In fact, when it comes to major projects in computer science, Tom says, when “there’s a strong technical/development aspect to that project then most of them would be using or applying some form of open source software, tool or resource.”
7.5 The Alan Turing Institute: Bridging the gap between industry and re- search
In conversation with Dr. Kirstie Whitaker, Programme Lead for Tools, Practices and Systems
The Alan Turing Institute, headquartered in the British Library, London, has worked with open source software since its inception six years ago. As the national institute for data science and artificial intelligence, it is funded through grants from Research Councils, Founder Members and University Partners. The Institute undertakes research to tackle some of the biggest challenges in science, society and the economy, and partners with a wide range of organisations.
‘Tools, Practices and Systems’
‘Tools, Practices and Systems’ (TPS) is an exciting research programme at the Institute, looking at the open infrastructure needed to share knowledge between silos. Dr. Kirstie Whitaker, explained that TPS uses open source software to successfully empower a global, decentralised network of people who connect data with domain experts.
Providing the right guidance and tools to help bridge the gap between academic research and different industries is crucial to The Alan Turing Institute. The Turing Way, an open source community-driven guide to reproducible, ethical, inclusive and collaborative data science, is a resource at the heart of the community that helps facilitate this.
Raphtory in Practice
“Raphtory” is a key open source project with its name based on a play on ‘graph’ and ‘story’. It describes how networks evolve through time, specifically looking at dynamic graphs. In reality, connections between entities are rarely static. Dynamic graphs enable information to be analysed in a way that’s more connected to the real world. Raphtory, incorporates information about the nodes and links at different points in time, and automatically updates as new data comes in.
The law firm Mishcon de Reya, in collaboration with legal data provider vLex Justis, used Raphtory to analyse over 400 years of documents, investigating the evolution of how foreign case law is used to make decisions by judges around the world. At first, they couldn’t install Raphtory, nor get the tool running for their analyses. As Raphtory is open source, they worked with the development team through their GitHub repository to fix the bugs. Data scientists within the law firm have contributed to the codebase and left the project more accessible
and generalisable for future users. Kirstie explains the importance of their work: “Network analysis allow you to look at an ecosystem level. You don’t look at each piece of data individually…seeing the patterns that are across all of them is a much more realistic way of understanding complex patterns in the world.”
Not only adopting, but actively engaging with open source (using Raphtory and many other projects), more than pays for itself and helps the whole research community to flourish.
Kirstie hopes that, “By contributing to other projects, we will also draw in collaborators who, because they know us for being contributors to that project, will establish other collaborations with them, adding new features or using the infrastructure level code that we have in specific data science applications”. This speeds up the research process because the focus is on creating solid foundations and a focus on, “the co-creation practices you need in order to share tools across different research groups.”
Engineers across TPS projects are “doing the work of making sure that outputs are open source, are reproducible, are robust, have documentation, and they’re tested”. Instead of recreating the wheel, Kirstie advocates for “recognising the importance of contributing into open source tools and reusing other people’s work.”
7.6 Anthony Nolan: A global impact
In conversation with Danny Attias, Chief Digital and Information Officer
Anthony Nolan is a UK based charity saving the lives of people with blood cancer, by recruiting potential stem cell donors, funding ground-breaking research and providing the best post-transplant care to patients with its clinical nurses. With a team of 350 people, 30 in digital, the charity has facilitated more than 22,000 stem cell transplants by matching donors to patients in need of lifesaving transplants.
Anthony Nolan’s mission is saving and improving lives. The charity requires a strong digital framework. Using open source, they developed ATLAS, a first of its kind, disruptive project matching patient DNA with stem cell donors. Prior to ATLAS, donor seekers could only search a global database by manually typing in patient details, running searches and waiting for matches which was very time consuming.
Founded in 1974 as the world’s first stem cell register, today, over 100 registers exist globally. A gap in the market of matching patients to donors using APIs, led Anthony Nolan to develop ATLAS, 18 months ago.
Danny Attias, Chief Digital and Information Officer explains, “We needed a search algorithm that could be used as a platform, with a GUI, but also thorough API access for all of the international registries. We developed additional functionality to make it viable for the international community and a predictive algorithm using statistical models to predict the likelihood of matching for those donors.”
Created and managed through GitHub, ATLAS revolutionises the healthcare sector by changing the way donors are matched. Anthony Nolan donated ATLAS to the World Marrow Donor Registry and, being open source, it’s available for anyone to use, especially other stem cell registers.
“If you were to have your DNA typed today as a donor it would be analysed and recorded at a very high resolution, but if you had joined the register several years ago the amount of DNA data that we would have in our database would be more sparse. We developed a predictive algorithm to use statistical models to predict the likelihood of matching for those donors by predicting the likelihood of those gaps being a match,” says Attias.
An innate interest in open source within their workforce meant the digital team had the skills, were able and excited to develop the code using open source. They involved their legal team to ensure the right guidelines and licensing were in place for open source adoption.
A positive global impact
Anthony Nolan’s mission, to identify strangers willing to donate their stem cells to patients with blood cancer or blood disorders, wherever they are located, led to a generic architecture, allowing others to use and benefit from open source platform ATLAS. “It’s not so much that we think we’ve built the best algorithm and want everyone to use it, but because we’ve built what we hope is a very good algorithm, if you use this one, let’s help make it the world’s best algorithm together.” We’ve packaged it well, made it transportable. You get the Terraform scripts
as well as the raw code, to build it all out in the cloud as well as an enormous test database and thousands of test scripts to enable rapid validation.”
The charitable sector can face obstacles when developing digital capabilities, particularly in having the levels of resources that their commercial counterparts might have. This creates a strong case for open source software. Third sector culture means many different organisations have similar missions, work on similar platforms that overlap, yet don’t always communicate effectively. Their joining together and developing open source projects, could save a tremendous amount of charitable money.
8. Security, OSPO, and Governance
Never have governments been more focused on software security than in 2021. Fear of bad actor attacks on software dependent digital infrastructure, both open and proprietary, is at an all time high. The US response in President Biden’s Software Security Order of 12 May, specifically calls out open source software, looking to the use of a Software Bill of Materials (“SBOM”) alongside security standards, tooling and guidance on best practices, touching open source software. Inevitably these requirements enhance the argument for the creation of an Open Source Program Office by all businesses which are significant users, contributors or creators of open source software33.
As the introduction says, “An initial step towards the Executive Order’s goal of ‘‘enhancing software supply chain security’’ is transparency. As the Order itself notes, ‘‘the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.’’ An SBOM advances transparency in the software supply chain, similar to a ‘‘list of ingredients.’’ Further work will be included around this supply chain issue in Phase Three.
“Society’s critical devices now rest on the stability of software assembled from multiple sources. The US Order promotes a closer examination of the provenance and stability of both open and closed source software. In recent years, open source software in particular has become a workhouse of the modern connected economy – relied upon by industry and government and incorporated into innumerable consumer products. The Order should accelerate the growth of professionally managed open source projects, enabling societies to benefit from the know-how transferred through the open source model with confidence in the functionality it provides in our everyday lives.”
Robert Carolina, General Counsel, Internet Systems Consortium and Senior Fellow, Information Security Group,
Royal Holloway, University of London
The OpenUK Survey question on security was drawn from the previous survey for the Linux Foundation Report34, reviewed in Phase One and introducing key challenges around security for the UK. The report questions on security take a deeper dive into security provision in the UK. The findings show a very similar pattern in the hierarchy of provisions to the Linux Foundation FOSS Report (figure 13). We find that the area where there is very high provision is support for SSL/TLS on websites, downloads and infrastructure (reported by 83% of respondents), similar to the findings of the Linux Foundation (76%). This area is identified as the strongest in both studies.
A significant difference between the two studies is that 58% of respondents in the Survey state that they have a security policy in their organisations, whereas the Linux Foundation Report, in 2020, found that this happened in only 11% of the projects in their sample. Overall, as indicated in Figure 13, the scores in the Survey are higher but the order of the areas requiring attention does not change. This may be attributed to the fact that the Linux Foundation FOSS Report had a limited UK sample (N=38) due to its different scope, while our larger-scale study (N=273) may have captured more detail in this aspect and time has passed.
“As a recognised leader in the field of cyber security, the UK should be well positioned to meet the challenges
presented by this and similar initiatives.”
Robert Carolina, General Counsel, Internet Systems Consortium and Senior Fellow, Information Security Group,
Royal Holloway, University of London
Figure 13. Linux Foundation Report and OpenUK Survey results35
“The vulnerabilities and security hacks we see almost daily present a huge opportunity. If I project forward 5 to 10 years, I think we can do for application security what we did for code storage and collaboration. If anybody’s going to crack it, it’ll be us because we have the hearts and minds of the developers.”
Nigel Abbott, Regional Director, NEMEA, GitHub and OpenUK Ambassador
The findings of the security provision question point to the need to shore up security and governance in the UK. As Nigel Abbott aptly suggests, “this is an opportunity for the UK”.
8.2 Open Source Program Offices
Organisations using significant amounts of open source software have identified the need and benefits gained from creating OSPO’s, that manage, maintain and align open source best practices with overall business strategy. The European Commission has set up an OSPO and is planning a network of OSPO’s across Europe36. The creation of OSPO’s is occurring across sectors, and many take an innovative approach to leadership and governance. We highlight three examples of OSPO’s, the well-established VMware OSPO, running since 2016, the long standing Arm OSPO and the newly formed OSPO at Aiven.
VMware: Aligning internal and external best practices
In conversation with Dawn Foster, Director of Open Source Community Strategy VMware, headquartered in California, is a leading innovator in enterprise software that powers the world’s digital infrastructure. VMware actively contributes to open source communities across a wide spectrum of technologies. From Kubernetes to the Linux Kernel, these contributions are evidence of their expanding commitment to open source. In 2016 the Open Source Program Office (OSPO) was formed to further consistent, compliant use of and contributions to open source software.
The need behind an OSPO
Open source is a key part of VMware’s business and innovation strategy. As Dawn says, “open source allows us to build better products and have software that’s more innovative, more interoperable, scalable, and secure.” Currently they maintain hundreds of open source projects and contribute to many more. With this level of usage, they needed to create a focal point that was responsible for creating, managing and maintaining the processes and best practices for seamless open source projects.
VMware’s OSPO in action
Made up of a few dozen people, VMware’s OSPO supports business units through creating clear guidelines around their global projects. As Dawn says, “we have created a Best Practices Guide, which is designed to help anyone at VMware start, run and contribute to an open source project. This is part of how we scale this very small team to provide information about our policies and best practices to employees across the company.” OSPO’s role in VMware involves enabling efficient and effective engagement in and contributions to open source communities to accelerate software development while also enabling product teams to meet compliance obligations.
The Make-up of an OSPO
OSPO’s typically address both the internal management of open source software and the outward facing communications. For VMware, this is organised into three areas: community strategy, engineering and compliance.
Community strategy supports open source community engagement and the overall project health of VMware’s open source project contributions, both with regard to their own and external third party projects. Dawn explains that the focus is really “on mentoring and helping other teams get the resources they need to be successful on their own.”
The Open Source Technology Center is the engineering arm – this team mentors internal groups to increase VMware’s open source competency and expertise, and they lead much of the development of the best practices guide.
“Our OSPO at Arm helps to standardise not only our engagement and interactions with external communities but crucially our internal processes both from an engineering and legal perspective.”
Andrew Waafa, Distinguished Engineer, Senior Director Software Communities, Arm
The compliance team provides tools and processes to help with legal compliance with open source software licenses for projects used within all VMware products and services. This team is also responsible for approving new open source projects, in addition to approving contributions to other projects. Dawn summarises it, “If I have a project that I want to open source, we have a compliance process with a series of approvals from a variety of teams. This set of lightweight processes helps these new projects start off strong, with the right resources and engineering support. This team also manages approvals for contributing upstream to third party projects.”
VMware’s OSPO leads the company’s open source efforts and strategy, driving common values and processes, establishing best practices, and mentoring new community contributors all in service to the many open source communities where VMware participates. A robust OSPO further provides ethical stewardship and helps all of us become respected open source citizens.
“Open source is not a program within Arm but part of our fabric, so we dropped the ‘P’ in OSP. Arm’s OSO is comprised of members of every group within the company, ensuring everyone can participate in open.”
Andrew Waafa, Distinguished Engineer, Senior Director Software
Aiven: An OSPO for the community
In conversation with Lorna Mitchell, Head of Developer Relations
Aiven, headquartered in Helsinki, provides managed open source data technologies on all major clouds, enabling organisations to harness leading open source technology to build an infrastructure that drives innovation along with business results. Having raised $100m in investment in 2021, they are developing their Open Source Program Office (OSPO).
Behind the scenes
Aiven provides managed open source data technologies, like PostgreSQL, M3 and Kafka, on all major clouds and believes that the value of open source is not only in the code itself but lies equally, in sharing information and solving community challenges. As Lorna explains, “It’s quite difficult to separate open source from our business and the wider community, because we’re deeply embedded in those communities and are very close to individuals within those communities. It’s one and the same thing for us.”
Their growing relationship with clients and community alike, has pushed them to formalise their development, management and maintenance of open source software, tools and projects by creating an OSPO team. Aiven’s OSPO will specifically aim to contribute back to the open source projects it has built its business on act as a bridge between different open source communities to drive fixes and features important to Aiven. As Lorna says, “A lot of our engineers, particularly the more experienced ones, are also open source contributors. It’s
very much part of what we do. Because we offer open source projects as a service, we’re dependent on those upstream projects. We’re also part of their ecosystem in terms of fixing things and helping out.”
Aiven’s OSPO: a force for the community
Currently they are aiming to recruit four to five open source developers spanning multiple specialisations, in addition to an open source program manager. A key aspect of their hires will be upstream contributors, as Lorna believes that those people who have a lot of experience in open source projects are going to be highly valuable.
They hope the OSPO will create a seamless path for them to develop their open source community and contributions. As Lorna explains, an “OSPO gives a route for businesses who want to support the open source community to align the goals of those projects and the businesses. Certainly for Aiven as a tech company, it brings together some different threads and really gives us a place to be intentional about the work that we do with open source.”
8.3 Governance and good practice in UK open source software
As we bring our attention to governance of open source software we find that the majority of businesses have a formal engagement with open source (figure 14), with processes, procedures and policies that govern their use of open source software (figure 15). However, according to the Survey, an area that needs to be addressed is raising Open Chain awareness. Open Chain, the supply chain standard for open source software sits alongside the SPDX software bill of materials in open source governance. The Survey found that it is implemented only by 3% of businesses although 18% of respondents were familiar with it. The Open Chain UK Work Group established in 2021 may support the success of this effort.
Figure 14. Businesses with procedures, processes and policies governing use of open source software, and implementing Open Chain38
In large companies in the Survey, familiarity with Open Chain is higher (22%) and implementation is more than in the sample as a whole (5%). The same applies to having processes and procedures that govern the use of open source software (83%) and policies (78%)39, possibly indicating in larger companies there are human and capital resources to implement them.
When we look into sectors, in professional, legal and business services we find the highest familiarity with Open Chain at 33%, however only 5% of organisations in the sample have implemented it. Only half of organisations in this sector have procedures and processes (50%) as well as policies (50%) governing the use of open source software.
In the education sector there is no organisation in our sample that has implemented Open Chain, and only 39% of organisations in this sector have procedures and processes, whereas policies governing the use of open source software are found in 44% of them.
In terms of governance, OSPO, and security there is room for growth and a need to focus on how the UK can demonstrate more leadership in these areas.
Figure 15. Percentage of organisations that have procedures and processes, and percentage of organisations that have policies governing the use of open source software37
Dr Jennifer Barth, Director of Research and Founder, Smoothmedia
Diffusion of Innovations theory40 suggests that innovations are spread through communication among members of a social system. Uptake of innovations is slow at first, barely noticeable, and only prevalent among early adopters. But as it takes shape and proves its value, the innovations gain speed and mature. Broader communities engage and realise its potential. It is this engagement from the tech sector, but also beyond to many other business sectors that this report makes clear. The UK open source social system, or as it is more aptly termed, its ecosystem, is more mature and widespread than has been acknowledged and growing with the innovations made possible by
the people, technologies and businesses that are using, creating and championing its value.
The first of its kind, this report makes visible the current business adoption of open source software in the UK and provides a baseline of what will be an annual review – to capture the growth, shifts and changes of open source software use in the UK in the coming years.
The Survey of 273 respondents found that 97% of businesses use open source software in some way in their operations. 64% of businesses experienced business growth in 2020 over 2019 and 48% of businesses surveyed report an increase in the use of open source software in the same time period.
Cost reduction, collaboration and skills development are among the top benefits identified by Survey respondents, all of which play a role in innovation and job and business growth in the UK economy.
The 7 business case studies included here bring to life the findings of the Survey among banking, finance, education, public and the charitable sectors. The cases make clear the ways that businesses are deepening their use of open source software in the UK. In the case of Starling Bank, it is used as a defining pathway from the start while Lloyds Banking Group is putting a policy stake in the ground on which to build its open source commitment in a highly regulated sector. The Department of Finance, Northern Ireland provides a view to public sector use. We see open source software as part of a broader culture of being open at the University of Edinburgh. The Turing Institute and Swansea University are both examples of the use of open software in education, a sector that stands out in the Survey for both its uptake and its focus on skill development and collaboration – illustrated beautifully in the cases included here. Anthony Nolan uses open source to extend the reach of lifesaving stem cell donation globally.
Innovation can grow from the ground up, where employees suggest its use to propel the organisation forward – or to achieve the flexibility, agility and creativity open source allows. Tensions do exist – in the relationship of using to contributing in some cases, or in the move from IP protection thinking to an open mindset.
In the current digitalisation climate, and amidst President Biden’s Software Security Order of 12 May41, the competitiveness of the solution – security and scalability – becomes paramount. Transparency, good governance and internal and external business guidelines to increase efficiency of open source use and projects are the way forward. We highlighted here an example of VMware’s established OSPO and Aiven’s efforts to put an OSPO in place. Both provide invaluable insight into creating best practices and easing the process.
As a research organisation we love the challenge to quantify that which eludes quantification in commonly held economic terms. Open source software has long been the seed of growth in the UK economy – this State of Open: The UK in 2021 Phase Two report makes clear its diffusion through businesses of all sizes and sectors.
Phase Three will value open source software’s contribution to the UK economy and suggest a sustainable way forward. The recently published Dasgupta sustainability report notes that, “When developing the economics of biodiversity, we [must] keep in mind that we are embedded in Nature”42. Understanding how to calculate an aspect of the economy that we are embedded in is precisely the challenge we are taking up.
The research was led by Dr Jennifer Barth, Research Director at Smoothmedia Consulting Ltd in partnership with OpenUK in 2021. The independent team of economists, psychologists, data scientists and social scientists included Dr Eurydice Fotopoulou, Areej Ahsan and Emily Naylor.
Phase Two is sponsored by GitHub. OpenUK has a large number of financial and in kind supporters to all of whom it is grateful and the following major supporters Arm, Google, Huawei, Microsoft and Red Hat, without whom OpenUK’s work would not be possible.
Thanks for their contributions to our Creative Director and graphic designer, Georgia Cooke, Web developer Elefteria Kokkinia at Civic, and Support Manager, Amy Howlett.
Cover image depicts Mars Helicopter Ingenuity during a test flight on Mars.
Courtesy of NASA/JPL-Caltech <iframe src=’https://mars.nasa.gov/embed/25287/’ width=’100%’ height=’400′ scrolling=’no’
- OpenUK. (2020). State of Open: the UK in 2021. Retrieved from: https://openuk.uk/wp content/up
loads/2021/03/openuk_stateofope2021_report_FINALCHANGES_08.pdf (OpenUK, 2020)
- The White House. (2021). Executive Order on Improving the Nation’s Cybersecurity. Retrieved from: https://
tions-cybersecurity/ (White House, 2021).
- Coughlan, S. (2021). What is an SBOM?. The Linux Foundation. Retrieved from: https://www.linuxfounda
- UN Department of Economic and Social Affairs. (2021). The 17 Goals. Retrieved from: https://sdgs.un.org/goals
- Principles for Digital Development (2021). Retrieved from: https://digitalprinciples.org/
- CityAM. (2021). Unicorn nest: UK hits milestone of 100 $1bn tech companies, more than rest of Europe combi
ned. Retrieved from:https://www.cityam.com/unicorn-nest-uk-hits-milestone-of-100-1bn-tech-companiesmore-than-rest-of-europe-combined/
- McKinsey and Company: How COVID-19 has pushed companies over the technology tipping point—and trans
formed business forever [5 Oct 2020],https://www.mckinsey.com/business-functions/strategy-and-corporatefinance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transfor
med-business-forever# [Accessed 15 June 2021].
- Due to the technical nature of the study, we expected high representation of the technology, media and telecom
- Figure 1. OpenUK survey findings: Q3. 97% is percentage of organisations that use any open source software;
Q19 (a) expected business growth in revenue, 64% is percentage of companies that experienced any business
growth (revenue) in tax year ending March 2021; Q19 (b) use of open source software, 48% is percentage of
companies that reported an increase in use of open source software in tax year ending March 2021.
- Figure 2. OpenUK survey findings Q3.
- Figure 3. OpenUK survey findings, Q3 by sector, percentage of the most common technology reported source
software technologies (OpenUK Survey findings, Q3 by sector, percentage of the most common technology
- Figure 4. OpenUK survey findings, Q5
- Other services too small to report.
- Figure 6. OpenUKsurvey findings, Q7. Percentage of responces
- The percentage of contribution may appear high in our sample overall possibly because due to the nature of our
survey we got much more interest (and consequently responses) from organisations already familiar with open,
which may have resulted in this finding.
- Figure 7. OpenUK survey findings, Q7
- Figure 8. OpenUK survey findings, Q8
- Figure 9. OpenUK survey findings, Q9
- The response to each of these questions was an option between: “has increased use”, “will increase use”, “No
impact/ I don’t know”. Given the very low prevalence (approx. 10%) of “I don’t know” answers throughout the
report, we assume that the latter category comprises predominantly “No impact”
- Figure 10. OpenUK survey findings, Q15, (a) Impact of Brexit on open source software use, (b) Impact of the
financial downturn on open source use, (c) Impact of the Pandemic on open source use, (d) Impact of sustainabili
ty on open source use
- ONS user requested data: Number of jobs in London and the UK by Science and Technology category (data avai
lable from 2010 to 2018), published 5 June 2019, Office for National Statistics. https://www.ons.gov.
- Figure 11. OpenUK survey findings Q6
- Figure 12. OpenUK survey findings, Q6 answer to “We plan to hire” analysed by role and by sector
- OpenUK, 2020
- FINOS Announces 2021 State of Open Source in Financial Services Survey”, published 10 June 2021 https://
vey/ [Accessed 11 June 2021].
- China bets on open-source technologies to boost domestic innovation, MERICS, published 19 May 2021 https://
merics.org/en/short-analysis/china-bets-open-source-technologies-boost-domestic-innovation [Accessed 1
- White Paper on Open Source Ecology (2020) CAICT, Published Oct 2020 http://www.caict.ac.cn/english/re
search/whitepapers/202010/t20201028_360767.html [Accessed 20 June 2021]
- Open Invention Network. (2021). Community – Listings. Retrieved from:https://openinventionnetwork.com/di
- Collection of Use Case Examples Compiled Regarding Management Methods for Utilizing Open Source Software
and Ensuring Its Security, METI, Published 21 Apr. 2021. https://www.meti.go.jp/english/press/2021/0421_003.
html [Accessed 29 May 2021]
- White House, 2021
- Results of the survey on the state of the open source industry in France 2020/2021 https://cnll.fr/news/resul
tats-etude-filiere-open-source-france-2021/ [Accessed 15 June 2021].
- Starling Bank. (2021). Goldman Sachs invests £50m in Starling Bank. Retrieved from: https://www.starlingbank.
- White House, 2021
- 2020 FOSS Contributor Survey – Linux Foundation https://www.linuxfoundation.org/resources/publicati
- Figure 13. OpenUK survey findings Q14
- The EU open source policy summit. (2021). Final results: European Commission Open Source Study. Retrieved
- Figure 14. OpenUK survey findings,Q11, “yes, implemented” answer and Q12-13, “yes” answer
- Figure 15. OpenUK survey findings Q12-13, “yes” answer
- OpenUK Survey findings, Q12-13, “yes” answer, calculated by size.
- Rogers, E. (1983). Diffusions of Innovations: Third Edition. Retrieved from: https://teddykw2.files.wordpress.
- White House, 2021
- Open Government Licence. (2021). The Economics of Biodiversity: The Dasgupta Review. Retrieved from:
The research used a mixed method approach to build an understanding of the current state of open source business adoption in the UK economy including an in-depth review of academic publications, industry literature and media to understand the context within which open source software is currently being adopted in the UK.
We conducted interviews with industry leaders (5) and organisational heads of large, medium and small organisations in the UK (9) included as case studies of business adoption of open source.
The first of its kind Survey was run online (multiple choice questionnaire) from the 17th of May to the 13th of June 2021. It contained 24 questions on business size, revenue and growth, proprietary and open source technology, the business environment in the UK, security, awareness of different types of open source governance (e.g. Open Chain), open source recruitment, collaboration, engagement with open source software and basic demographic information. See appendix for the complete list of questions. We gathered 273 responses to the Survey via random sampling, from all sectors of the economy, all sizes. Due to the technical nature of the study, we expected high representation of the technology, media and telecommunications sector, as this sector has been championing the use of open source technology.
As in the questionnaire respondents often had the choice to answer “I don’t know”, although 273 respondents answered all questions, it was not unlikely that in some questions they gave “I don’t know” as a response. In this case “I don’t know” answers were subtracted by each question and the percentage recalculated to correspond to the number of people who had answered an option other than “I don’t know”. In all such cases the total number of answers was always >30.
The Survey comprised industrial sectors, which were then merged by relevance to reduce extreme fragmentation of the sample. The resulting categorisation is below.
Demographic information of sample
Location of head office of respondents: England 62.3%, Northern Ireland 5.5%, Scotland 8.1%, Wales 1.1%, International 23.1%
Personal location of respondents at time of response: England 79.5%, Northern Ireland 7.7%, Scotland 11%, Wales 1.8%
Age of respondents: 1.8% was 25 years old or younger, 12.1% was 26-34 years old, 33% was 35-44 years old, 30.8% was 45-54 years old, 14.3% was 55-64 years old, 2.9% was over 65 years old, 5.1% preferred not to say.
Gender of respondents: 11.7% identify as female, 76.9% as male, 1.1% as non-binary, 10.3% preferred not to say.
Ethnicity of respondents: 63.7% identify as English/Welsh/ Scottish/ Northern Irish/British, 11% as Irish, 13.9% as an other White background, 0.4% as White and Black African, 1.1% as White and Asian, 1.1% as any other mixed/multiple ethnic background, 1.1% as Indian, 0.7% as Pakistani, 0.7% as Chinese, 0.4% African, 0.4% any other Asian background, 0.7% any other Black, African, Caribbean background, 1.1% as any other ethnic group, 10.6% preferred not to say.
1. What is your role within your business?
a. C Suite (CEO, CFO, CTO, CIO, GC etc)
b. Non Executive
c. VP or Director
d. Senior Manager
2. What sector is most applicable to your business?
b. Banking, Insurance and Financial Services
c. Education (Secondary and below)
d. Higher Education (Tertiary, including research institutes)
e. Energy and Utilities
g. Hotels and Hospitality
h. Healthcare and Pharma
i. Professional Services
j. Public sector
l. Technology, Media and Telecoms
m. Travel and Transport
3. Does your business use any of the following?
a. Open source operating systems e.g. Linux
b. Open source databases e.g. MySQL, PostgreSQL, Cassandra
c. Open source software languages e.g. Python
d. Open source software tools e.g. Jenkins, Git
e. Open source security tools e.g. Snort, Notary and Trivy
f. Open source observability tools e.g. OpenTelemetry
g. Open source container technology e.g. Docker, Kubernetes
h. GitHub, Gitlab or other public repositories
i. Other open source software
j. We don’t use any open source
k. I don’t know
4. Which of the following has your business stopped or reduced using due to use of open source software alternatives?
a. Apple OS
c. Microsoft Windows
d. Microsoft Office
e. Microsoft IIS/Sharepoint
f. Oracle databases
g. SAP ERP
5. Does your business use cloud infrastructure services from any or all of the following providers?
e. Microsoft Azure
g. Red Hat
j. I don’t know
6. Has your business recruited, or does it plan to recruit the following roles to work on open source software?
a. Agile Lead/Scrum Master
b. Back End Developer
c. Cloud Engineer
d. Cloud Architect
e. CTO/Heads Of
f. Development Lead
g. DevOps Engineer
h. DevOps Architect
i. Enterprise Architect
j. Front End Developer
k. Full Stack Developer
l. Non-Engineering e.g. design, documentation
m. Project Manager
n. Solution Architect
p. Support Roles e.g. legal and governance
q. System Administrator
7. Does your business: (choose all that apply)
a. Contribute to open source software projects
b. Develop open source software
c. Manage open source software projects
d. Open source your own software
e. Run open source software in your business
f. Do not use open source software at all
g. I don’t know
8. Does your business benefit from any of the following by using open source software? (choose all that apply)
b. Community building
c. Cost saving
e. Influence feature development
f. Influence projects otherwise
g. Quality of the code
i. Skill Development
j. I don’t know
k. None of the above
9. Does your business participate in open source projects with: (choose all that apply)
a. Academic institutions
b. Non-profit organisations and foundations
c. Open source community projects
d. Other private organisations of the same market size
e. Other private organisations of larger market size
f. Other private organisations of smaller market size
g. Public sector organisations
h. None of the above
i. I don’t know
10. Does your business collaborate in open source projects with organisations? (choose only 1)
a. In the UK
c. In the UK and internationally
d. None of the above
e. I don’t know
11. Are you familiar with Open Chain, the supply chain standard for open source software?
a. Yes, no, Yes, implemented in my organisation, Don’t know
12. Does your business have an open source software policy?
a. Yes, no, I don’t know
13. Does your business have procedures and processes governing use of open source software?
a. Yes, no, I don’t know
14. Does your business have the following with respect to open source software?
a. A maintainer or core participant with a security focus
b. A security policy (a definition of what it means to be secure for this system)
c. A threat model for the project (a practice of identifying and prioritizing potential threats & security mitigations)
d. A vulnerability disclosure policy (guidelines for reporting vulnerabilities and processing those reports)
e. Support for SSL/TLS on website, downloads, and infrastructure
f. Use of a dynamic analysis tool (a tool that analyzes source code for security vulnerabilities by executing it, e.g., fuzzing tools, American Fuzzy Lop, OWASP ZAP)
g. Use of a software component/dependency analysis tool (a tool to identify dependencies with known vulnerabilities,
h. Use of a static analysis tool (a tool that analyzes source code for security vulnerabilities without executing it, e.g.,
i. I don’t know
15. What impact have the following had on your use of open source software?
b. Financial Downturn
16. What was your business revenue in the following tax years?
17. What percentage of your business revenue comes from: (choose 1 answer per table row)
a. Open Source Software
18. What percentage of your business revenue comes from: (choose 1 answer per table row) [UK]
b. International (outside the UK)
19. In tax year 2021, compared to tax year 2020, do you foresee that the:
a. Expected growth rate in business revenue
b. Use of open source software
20. What size is your workforce?
a) Where are you personally located?
b) Where is your head office located?
22. What is your age?
23. What is your gender?
24. What is your ethnicity?
Subject Matter Experts
Business Case Studies
Dr. Jennifer Barth
Dr Jennifer Barth is an experienced ethnographer and social researcher, with a DPhil from the University of Oxford. Her work is informed by empirical research on the intersections of emerging technologies and socioeconomic change. She provides companies with thought leadership and media engagement opportunities on global issues impacting and shaping our current and future socio-cultural lives.
Smoothmedia looks beyond the surface and behind the curtain of the fundamental innovations and trends shaping our society, markets, culture, and values. We are academics and researchers looking at the intersections of emerging technology and socioeconomic impact, producing independent research for thought leadership and PR.
Smoothmedia’s mission is to share and grow knowledge about everyday lives. We want to understand the past, present, and future of human interaction with emerging technologies and socioeconomic changes—from behaviour to context, nature to nurture, origin to experiences—so we can help our clients engage their clients and the public imagination.
Smoothmedia is a limited company, company number 08216995 with its registered office at 41 Great Portland Street, London W1W 7LA. Contact email@example.com.
OpenUK is the organisation for the UK’s business of Open Technology, being open source software, open source hardware and open data. As an industry organisation, OpenUK gives its participants greater influence than they could ever achieve alone.
OpenUK is committed to promoting UK leadership in Open Technology and supporting collaboration between businesses, public sector organisations, government and communities to expand the opportunities available to all around Open Technology on a global basis. OpenUK creates a visible Open Technology community in the UK, and uses that community’s impact to ensure that the UK’s laws and policies work for Open Technology whilst encouraging the future community in the business of Open Technology through learning.
OpenUK is a not-for-profit company limited by guarantee, company number 11209475 with its registered office at 75 Kenton Street, St Pancras, London WC1N 1NN, www.openuk.uk, contact firstname.lastname@example.org