<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Finding #9: almost half of organizations have open source contribution policies. We learned what they cover.

Chris Grams
by Chris Grams
on December 1, 2020

Don't miss the latest from Tidelift

Tidelift's annual managed open source survey explores how technologists use open source to build applications at work. Over 600 people shared how they use open source software today, what holds them back, and what tools and strategies would help them use it even more effectively.

In this post, we share the last of nine key findings. If you want to see all of the results in one place, you can download the full survey report right now at the link below.

Get the report

Should organizations contribute to open source? Old question. Today, the benefits of contributing to open source are better understood than ever. And as we found in last year’s survey, the vast majority of respondents (84%) already contribute to open source projects more than once a year.

Today, the more interesting question is how should organizations contribute to open source. When it comes to managing the contributions of their employees, is it better to take a more formal or informal approach? Should they allow contributions to projects that don’t directly impact the organization’s interests? And where does responsibility for and ownership of this work begin and end?

In this year’s survey, we touched on some of these questions. In particular, we wanted respondents to share more about how their organizations manage open source contributions today. 

We learned that almost half (49%) have at least one policy in place to govern open source contributions (respondents could select more than one option), while 41% do not have a formal policy and 10% don’t know.

49% of organizations have policies governing employee contributions to open source

Worth noting here—as Heather Meeker has pointed out—organizations without an open source contribution policy actually just don’t have a written policy.


“You have a policy, whether it is written down or not. It could range from ‘no open source at all’ to ‘anything goes.’ The question is: does anyone follow it? Is it sensible for your business? Written policies are useful to communicate your expectations about use of open source in your organization, particularly to outsourced developers or engineers in subsidiaries and affiliates, whom you may not see every day.”

For those that do have written policies, what do the policies cover? Are they intended to restrict open source contributions? Are they designed to minimize organizational risk? Or are they designed to encourage open source contributions?

What do organizations’ open source contribution policies cover

Sixty-two percent of survey respondents report that their organizations’ policies permit contributions to projects the organization uses, but doesn’t manage or sponsor; 56% of policies permit contributions to projects the organization manages or sponsors; and 37% permit both.

Many organizations’ policies also cover contributions to personal projects. When it comes to contributing to non-job-related (personal) projects, 24% of organizations have policies about making these contributions on personal time, while 13% have policies covering contributions during work hours. 

For a deeper understanding of the motivations behind these different sorts of policies, and the characteristics of the best policies, see Tobie Langel’s excellent presentation Open Source Contribution Policies That Don't Suck.

One thing this data made clear to us: we have only scratched the surface of this line of questioning. In future surveys, we’ll plan to explore contribution policies in more detail. Do technologists view their organizations’ policies positively or negatively? Are the policies seen as restrictive or permissive? And most importantly—are they helping organizations contribute to open source more effectively?

You’ll be the first to know when we have more data to share.

Want the full survey results in one report? Get them here now.

Read more about how we conducted the survey, see the survey demographics, and learn why we call it the managed open source survey.

New call-to-action