Small open source projects pose significant security risks


Open source continues to come of age with stronger institutional backing and increased financial support for maintainers. But developers on smaller projects are often unpaid, which carries security risks when they leave or defect, according to industry experts.

Open source software had a resurgence in the 1980s as a reaction against corporate attempts to control software. Now open source repository GitHub, which started development in 2007 with bootstrapped funding, has $1 billion in annual recurring revenue, according to Microsoft’s first-quarter fiscal year 2023 earnings call in October. Microsoft acquired GitHub in 2018 for $7.5 billion.

Read more…