What is managed open source?

Donald Fischer
by Donald Fischer
on June 27, 2019

Take yourself back in time for a minute. It is 2007, and you’ve just finished building your new J2EE app. You get a message on your Blackberry from the guy in procurement, “Where do you want me to ship these Dell servers?”

Crap. You realize you still haven’t made a call on which colo facility to use. A good friend told you about one in Phoenix he really likes, but you have zero interest in flying 5 hours to Phoenix in the middle of the summer every time a server fails.

Now bring yourself back to 2019, same situation. Except this time you don’t have to worry about any of that stuff. When your Node app is ready to go, type a few commands, and you’ll have it up and running at your favorite cloud hosting provider in minutes. No airplanes, no hardware, no running around cold rooms plugging and unplugging cables. No procurement. 

When it comes to getting your app launched out there in the world, things are infinitely simpler than they were a decade ago.

Yet when it comes to building apps by integrating open source components life can still be, well… difficult. Let’s count the ways you waste time managing your open source dependencies:

  • Staying up to date with the latest bugfix versions.
  • Porting to new, incompatible major versions of frameworks—when the upstream project has no bandwidth to support old releases.
  • Dealing with issues caused by missing or unreliable package maintainers: you get to waste your team's time porting to a replacement package (best case) or risk a nasty trojan (worst case).
  • Handling requests from your legal department to list every package you're using, along with their licenses.
  • Documenting everything you use for your security team, and addressing live vulnerabilities.

Our research shows that in modern application development, almost every application includes open source dependencies, and developers spend as much as 30% of their time on maintenance, with 25% of that time related to the open source components they use.

Much like the cloud computing movement revolutionized the way apps were hosted in the early 2000s, we see a revolution happening in the way apps are built in 2019.

It’s called managed open source.

So what is managed open source?

In short, managed open source is a way to free yourself and your team from the time you currently spend wrangling open source dependencies. And—just like you outsource your hosting responsibilities to Amazon or Google or Microsoft, now you can outsource the care and feeding of your open source components to the experts who know them best—the maintainers who created them—through Tidelift.

Here’s a short video with my take on managed open source and why I think it may be the answer to getting your team out of the business of dealing with open source dependency-related trivia. With managed open source, you can get back to what really matters—building your own app.

Take a look, and if you want to learn more, download the Tidelift guide to managing open source.

What is managed open source_ (4)
2018 open source survey results