We recently released this year’s state of the open source maintainer report, with 12 big headlines about the data we collected from over 400 open source maintainers. Some findings align with what we know already, but there are some new and surprising stats!👀
What’s the TL;DR? This webinar explored questions like these:
- What security and maintenance practices are most maintainers implementing today (and which practices are they not implementing)?
- Are paid maintainers doing more critical security and maintenance work than unpaid maintainers?
- How many maintainers have quit or are considering quitting?
- Are maintainers aligning their projects to security standards like OSSF Scorecards and the NIST Secure Software Development Framework (SSDF)?
- How do maintainers feel about AI-based coding tools?
- Are maintainers less trusting of contributors in the wake of the xz utils hack?
Tidelift CMO and resident data nerd Chris Grams dove into the survey results with friends Gary Gregory (Apache Commons and Log4j maintainer), Jeffrey A. Clark (Pillow maintainer), Seth Larson (urllib3 maintainer), Lauren Hanford (Tidelift VP of product), and Luis Villa (Tidelift co-founder and general counsel).