For the love of...

Open source... A short article on a study by the Open Source Security Foundation and a Harvard Innovation Science lab outlines some of the reasons why people work on open source projects. Head of the list is because they enjoy it... so no surprises there. Money also makes the list but is a lot further down.

Some other takeaways, people do get paid to work on open source and there are more and more female developers contributing, so that's a plus. Issues on the minus side are people not overly thinking about the security of the code or application they work on... No details as to how they got to that conclusion and since it was sponsored by a security group I guess there's a bit of a bias there anyway.

They have some suggestions on how to improve things which is always nice... not sure people are going to pay any attention to them though. E.g. one thought was to rewrite portions or projects with a 'memory safe' language. Given that a lot of projects are written in language 'x' because the lead wants to learn to program in that language I can see that suggestion flying like the proverbial lead balloon.

It's not all bad though... evidence tells us that open source developers and users do take security seriously and major issues get fixed very rapidly. We also know that security considerations should be second nature within the industry, not some sort of special addon thinking and I feel that as people get more experience developing they will automatically write secure code.