The Top 5 Open Source News Stories of 2023
This is the first of a two-part series; Part 1 is a retrospective of open source news and key events from 2023 and Part 2 includes predictions for open source trends in 2024.
As 2023 comes to an end, it is time to take a moment to review some of the open source highlights of the year, as well as make a few predictions for the open source space for 2024.
We started the year off publishing the 2023 State of Open Source Report, which showed that from cloud-native and databases to DevOps tools and AI technologies, open source is growing at a rapid pace. There are more open source projects, more users, and more organizations being strategic in their investment and contributions to open source than ever before.
Let's review some of the most pivotal open source news and events of the past year.
OpenAI’s ChatGPT
In this wonderful era of technological innovations, we would be remiss to not highlight OpenAI’s ChatGPT (Generative Pre-trained Transformer) as one of the biggest news stories of the year. While it exploded in popularity at the end of 2022, it was in 2023 when adoption expanded, including an extensive number of use cases.
ChatGPT 4 was launched on March 14, 2023, with even more impressive improvements as it expanded into images and video capabilities. ChatGPT and other generative AI tools, such as GitHub CoPilot, have become the next generation of developer tools, and these tools have significantly impacted software development velocity, from code generation to testing to providing documentation that explains the code. This certainly had an impact on open source developers and they are taking advantage of these new tools to improve their craft.
In ChatGPT’s own words, “OpenAI is not an open source company in the traditional sense." While the company has open sourced some of their software and made it available for free, ChatGPT and its large language models (LLM) are not open source because OpenAI maintains ownership of the infrastructure, i.e. the code cannot be accessed or modified.
Back to topDefining Open Source AI and LLMs
An LLM is designed to understand, generate, or predict human language. It uses statistical patterns, machine learning (ML), and deep learning (DL) with neural networks to process and generate a response. They earn the label "large" due to their hundreds of millions of parameters and because they are pre-trained with massive amounts of data.
Despite some misguided claims, the most prominent LLMs have not been released as open source. The lack of transparency on the trained data used and limited accessibility, in some cases just via APIs, makes them free LLMs, but not open source.
As AI revolves around data, trained models, inference code, and algorithms, the applicability of the open source definition isn't immediately apparent. In 2023, the Open Source Initiative (OSI) led global efforts to define open source AI, considering not only code and algorithms but also data. Through a series of workshops, webinars, and discussions, OSI has made progress drafting the initial stages of a definition for open source AI. This is definitely something to watch for and contribute to this upcoming year.
Back to topGovernment Initiatives for Open Source Security
In November 2022, the U.S. Senate introduced the Securing Open Source Software Act of 2022, later updated as the Securing Open Source Software Act of 2023 in March, followed by an amendment in May 2023. The bill, which hasn't yet been discussed or voted on, introduces legislation to improve open source security and best practices in the government. The White House published the National Cybersecurity Strategy on March 1, 2023 with several sections dedicated to open source software, while the Office of the National Cyber Director issued a request for information (RFI) on open source software security and memory-safe programming languages in August.
All of these developments highlight great momentum in raising awareness by the U.S. government. They underscore the acknowledgement that open source plays a key role beyond software development, and that it is of national security relevance.
A focal point in the new U.S. government initiatives revolves around assigning liability for insecure software, indicating that accountability shouldn’t fall on end users or open source developers whose components are integrated into commercial products. This crucial aspect was overlooked in the European Union's Cyber Resilience Act (CRA), which despite many good guidelines for securing software and hardware sold in the EU, imposed liability and penalties to all creators of software.
The open source community and all major foundations rallied, advocating for changes to CRA. Following extensive feedback and collaboration, and amid media attention, the Open Forum Europe announced on December 4 that EU co-legislators agreed to update the CRA, stating that open source software that is not monetized by their manufacturers isn’t considered commercial activity, clarifying and preventing obligations. This development is good news for open source as the year concludes and we’ll be looking forward to reading the final version of the legislation in 2024.
Back to top"Linux Wars"
No one predicted so much controversy, criticism, and competition heating up this year around various Linux distributions seeking to fill the void left by the end-of-life (EOL) of CentOS Linux. It started on June 23, 2023, when Red Hat abruptly announced CentOS Stream as the sole repository for public RHEL-related source code releases. This action restricted access to RHEL source code for non-Red Hat customers, impacting derivative Linux distributions such as Rocky Linux, AlmaLinux, and Oracle Linux, which now must seek alternative means to update their source code and publish compatible versions. The dust has started to settle with the release of version 9.3 across these different distributions; nonetheless, this shift has spurred heated discussions around GPL licenses and led to the formation of an association, OpenELA, by SUSE, Oracle, and CIQ to share RHEL packages.
Adding fuel to the fire is the fact that thousands of CentOS deployments have already reached EOL (CentOS 6 and CentOS 8) or will become EOL on June 30, 2024 (CentOS 7). Organizations have to make serious migration plans or seek long-term CentOS support to extend the life of CentOS post-EOL.
Back to topStay on CentOS Longer With Support From OpenLogic
Get patches for EOL CentOS up to 5 years past end of life so you can take the time you need to migrate. Don't wait until you fail a compliance check; click the button below to learn more!
From Open Source License to Source Available License
Every time there’s news of an open source license change, it feels like déjà vu, as articles inevitably appear questioning the future of open source. 2023 brought us HashiCorp making headlines by moving its open source projects —Terraform, Consul, and Vault — to a Business Source License (BUSL). This "source available" license prohibits activities like resale, offering as a service, or bundling with commercial software.
It's important to note that this isn't an entirely novel occurrence — and it represents a small minority of cases within the vast landscape of open source software. When Elastic and MongoDB both made the change to Server Side Public License (SSPL), the media started making predictions about major changes for open source. These stories get clicks but in reality, companies driving open source projects are not rushing to change their licenses to “protect” their investments. As a result of Hashicorp's license change, a new community doing it “the open source way” created a Terraform fork, OpenTofu. It’s possible that another company will decide to change their open source license in 2024, but it won’t be the end of open source; it will just mean another round of recycled "is this the end of open source?" articles.
And speaking of 2024, be sure to check back in January for Part 2 of this series, which will focus on where open source is headed in the coming year! And subscribe to the OpenUpdate newsletter to get weekly open source news and security updates in your inbox.
Additional Resources
- Blog - Open Source Trends and Predictions for 2024
- Blog - Open Source and AI: Using Cassandra, Kafka, and Spark for AI Use Cases
- White Paper - The Decision Maker's Guide to Enterprise Linux
- Blog - The Long-Term Support Outlook for CentOS 7
- Blog - How Does Open Source Licensing Work?
- Webinar - Exploring the Post-CentOS Landscape with AlmaLinux and Rocky Linux
- Video - Open Source Security