Overview

In a new Linux Foundation paper, Technical Debt and Open Source Development co-authored by Ibrahim Haddad, Ph.D. and Cedric Bail, M.Sc., the causes and consequences of technical debt are explored in detail. It includes discussions on identifying technical debt, how to minimize it, the role of open source development, and strategies to address the issue at scale.

The authors worked together within the Open Source Group at Samsung Research and directly experienced minimizing internally carried technical debt via working with upstream open source projects. That experience covered dozens of open source projects used across multiple products and business units with varying degrees of involvement and expertise with upstream development. 

The definition of technical debt

Technical debt, a term used in software development, refers to the cost of maintaining source code that was caused by a deviation from the main branch where joint development happens. 

A broader interpretation of what constitutes technical debt is proprietary code by itself:

• A single organization has developed it.
• It is source code that the organization alone needs to carry and maintain.
• In some cases, the organization depends on a partner’s ability to maintain the code and carry that said debt.

The following symptoms can identify technical debt:

• Slower release cadence Time increases between the delivery of new features
• Increased onboarding time for new developers Onboarding new developers become highly involved due to code complexity where only insider developers are familiar with the codebase. The second manifestation of this symptom is the difficulty in retaining developers or hiring new developers.
• Increased security issues At least, experiencing more security issues than the main upstream branch.
• Increased efforts to maintain the code base Maintenance tasks become more time consuming as the body of code to maintain becomes larger and more complex.
• Misalignment with the upstream development cycle illustrated in the inability to keep pace, be aligned with the upstream development and release cycles.

Consequences of technical debt

Creating and carrying technical debt will have several negative effects on development efforts, including:

• The higher cost of code maintenance. 
• Slower innovation and development cycles.
• Paying interest on the debt — payment of technical debt is in the form of additional development needed to keep up with the main branch, the competition, and the rest of the world.
• Possibly missing on new features in the main branch or having to backport all new development into the forked branch internally. 
• Duplicate work with the main branch arising due to the delta between the internal and public branches being too large.

The worst possible consequence is the effect on the long term maintainability of the code base where organizations often find themselves maintaining their fork.

In many cases, tech debt is unavoidable short term. Carrying technical debt is mostly a decision that developers need to make all the time. The long term goals of any engineering effort should be to minimize and eliminate any tech debt resulting from any development effort. With proper policies, processes, training, and tooling, organizations can help mitigate and guide the engineering efforts towards lowering tech debt.

Open source has a significant role, and aligning your development efforts with upstream open source projects can result in a direct positive impact on the amount of the tech debt an organization carries. Just as financial debt involves paying interest, technical debt has a different kind of interest that needs to be carried: It’s not interest-free!

Technical debt is hindering your development and preventing your new growth, transferring your technical debt to become part of the open source world infrastructure, lowering it, and building on the giant’s shoulder that keeps growing.

To download Technical Debt and Open Source Development click on the button below

Introduction

During COVID-19, we’ve all seen our daily lives, and those of many of our colleagues, friends, and family around the world completely changed. Many are adjusting to working from home and homeschooling their children, or caring for family and those with the virus. At the same time, billions worldwide are connected, sharing, and working together virtually despite their daily routines and working arrangements changing drastically. 

While there’s no disputing that the pandemic will dominate our collective attention for months to come, it’s a natural time to reflect on what is essential. It’s also a natural time as open source developers to consider how we should prioritize the most impactful work, and collaborate on technology development that can influence our world, for the better, after COVID-19. 

We’ve seen an uptick in interest around open source, in particular, as a means of helping humanity through these challenging times. What better way to solve a problem that affects all of us, collectively, than to share and build solutions to our problems, together? 

Here we outline the trends we’re seeing shape technology development in this unprecedented time. We believe this can also provide insight into what a post-COVID world may look like. 

Open collaboration embraces remote work and provides a guide for others

Open source developers have always fostered a sense of adaptability. It’s always been a critical skill needed to work on any open source project — we’re ready to meet the challenges of this moment. All of us hope for a quick return to normalcy, but we know that it will likely be months (hopefully not years). 

The Linux Foundation is also conscious of the economic reality facing the world as economists and accountants tally the cost of this pandemic. Like our communities, we are seeking to optimize for a new reality, but also working to redeploy and transition employees into new areas to fill in gaps where they can be most helpful to our communities. 

Open source communities during this time have been resilient. Open source software development by its very nature happens, and thrives, amongst a distributed group around the world. Many individuals in our communities are already working in a distributed virtual environment on their open source collaboration efforts.

Open source communities are still moving forward. As the world quickly migrated to virtual work environments, the online developer communities familiar with working together virtually had a pretty smooth transition, or in some cases, no disruptions at all. We are seeing many open source communities push forward despite all the challenges around them at home and in their local communities. Given their experience working in virtual environments, many open source community members and organizations are sharing their best practices and helping others adapt to working virtually. 

Developers helping coronavirus response with open source software and hardware solutions

It’s uplifting to see so many in our community contributing to the fight against this virus, whether it be providing supercomputer access to scientific researchers, open source personal protective equipment (PPE), offering bots to help people assess their symptoms, empowering doctors with access to diagnostic tools, supporting families struggling to transition to work and school from home, or contributing to relief efforts. We’ve also seen the medical industry and open source coming together to solve problems, such as an OpenLung project. As locals are starting to “reopen,” contact tracing will become critical, and we’re seeing communities form to address contract tracing application needs.

Governance and trust through applied open source governance models

We believe that the broader technology industry can use open source governance models to address more widespread industry challenges that could not be as easily solved with more traditional, proprietary solutions. Many blockchain open source software projects have arisen over the last few years that are now ready to support industry ecosystem and utility networks. We see early adopters moving beyond just software to addressing challenges with trust and verification in blockchain systems in our recently announced Trust over IP project.

In open source software communities, many organizations leverage nonprofits like the Linux Foundation to have a neutral home for an open governance model that no one company in the industry controls. We see a trend that those same principles apply in the case of the governance of an industry service built on blockchain technology with nodes contributed by multiple organizations. 

We expect to see initial governance communities emerge in 2020, focusing on identity and tracking and tracing use cases. Those initial communities will likely enable new applications and innovations that can be built on top of these industry and ecosystem platforms.

Open source at the edge of the network to address security, safety, and growth challenges

We’re also seeing trends of open source technologies becoming critical systems that are often viewed as the “last mile.” 

With open source becoming pervasive, we now have to think about these technologies as they support critical infrastructures. LF Energy and LF Networking are becoming more focused on economic and financial systems (see FINOS), and also safety systems (see ELISA).

Many other critical infrastructure systems have a severe impact if they fail. With open source software underpinning these critical systems, we need to figure out how to manage these systems. To succeed, our members started with identifying and tracking what software is in a system (see SPDX) and how to maintain software over a very long lifespan (see  Civil Infrastructure Platform). 

Additionally, LF Networking & LF Edge are seeing a significant uptake in Developer contribution as 5G, Edge, IoT, and Network Automation become increasingly crucial in the enterprise.

Securing the software supply chain

Beyond identifying the software (open source or not) in a system, the software supply chain deserves more security attention. We started exploring this issue within our Core Infrastructure Initiative and its Census I and Census II studies, and the practical challenges of managing supply chains in our OpenChain project. Looking out through the end of the year, we expect to explore the problem from the perspective of maintainers. We hope to see additional resources to help fix broken projects, increase the adoption of standards, and help address the entire challenge’s entirety. A challenge this large requires the community to come together and focus its efforts on solving security problems, together. We think the industry is ready and able to take this on.

Embracing and creating open standards

The fourth trend we’re looking at this year is a convergence of standards and open source. This trend has been increasing over the past few years, but we’re now at a point where organizations better understand where standards play a role and where open source plays a role. Standards development is a collaboration that can happen with open source implementations, often trailing an open source implementation, open source software development has turned conventional standards development upside down — and inside out. 

Within the Linux Foundation ecosystem, we have open technical communities building software and specifications. We also have communities that have identified interoperability points, processes, or frameworks for technology or managing technologies, that all benefit from being formally written as specifications. Standards are a natural next step in their journey as ecosystems coalesce around a common specified way of doing things. This year started with the Joint Development Foundation (JDF) being approved as an ISO PAS Submitter, making it possible for our communities to go from a specification repository to an international standard. We expect to see many more communities forming that is focused on a hybrid of standards and open source development. 

In addition to its work with the JDF, LF Networking also has a great collaboration with other established standards development organizations to ensure harmonization of specifications and code in the open source projects that facilitate deployment for carriers globally. 

Conclusion: Life after defeating the virus

Finally, the last trend we wish to highlight goes back to the beginning of this article — we see a pattern of our communities adapting to help society move forward in the face of a pandemic. I’ve already covered some of the COVID-19 response initiatives above, but this is a different point.  

We’re seeing a shift to virtual events, remote work cultures, virtual “happy hours,” and other means of productively working together, virtually. Many of these practices will stick with us post-pandemic. Our organization is already exploring how to use virtual events to augment future physical events (yes, they will exist again). 

Virtual conferences may be a great path to offering more inclusive events where those of us unable to travel to an event physically can still find a way to participate at some level. We’re seeing the impact of virtual training and certifying professionals in freely available open source technologies — and it has a real impact on job prospects and employment. Virtual testing proctors have become an effective way to certify professionals. Similarly, virtual platforms can help facilitate mentorship and enable less experienced developers to find and connect with more skilled developers willing to lend a hand.

The coronavirus has opened the world’s eyes to the needs of systems and plans for pandemic situations. This year we will likely see technology communities and organizations adapt and develop the “playbook” for how the world does business in the face of a pandemic. But many of those practices will likely stay with us long after we defeat COVID-19.