Earlier this year, we launched our first professional open source survey. Our goal? To gain deeper perspective about what can be done to make open source—especially as it is used in professional settings—work better for everyone. We wanted to understand what professional users of open source look like and what matters to them. And we wanted to understand the needs, problems, and passions of those who create and maintain the software they use.
Our hope was that we could find some common ground, a win-win for both those who use and maintain open source software.
We received over 1,200 responses, and now we’re sharing our key findings and more details about our dataset. In our first post, we shared data that backs up what many of us already suspected or knew to be true: open source is now everywhere. Today we’ll look more closely at data that shows how professional users evaluate open source libraries, and what criteria are most important in their decision-making processes.
Insight 2: Professional users want maintenance, an active community, timely bug fixes, and security—in that order
One thing we really wanted to understand from this survey is how professional users of open source evaluate open source libraries. What do they care about most? And do those who currently pay for commercial open source distributions value different things than those who don’t pay?
When looking at the overall sample, our respondents consistently ranked the same four factors as the most important when evaluating open source libraries. Here’s what they want:
- Software that is reliable and well maintained
- Software that has an active community
- Software that is secure
- Software with maintainers who provide timely bug fixes and security releases
The chart below shows how they ranked each of the factors we asked about:
We found it interesting that respondents were less worried about the overall popularity of the project (so long as it is maintained), and, in fact, strongly differentiate between an active project and a popular one, rating an active community as being over 20% more important than the popularity of a project. This came as a surprise, as activity is often a function of popularity.
Taking this further, respondents placed the least weight on licensing and IP assurances, timely new feature releases, and developer support and consulting. But the story is not that simple, so we looked into these factors a bit deeper...
In the graphic below, you can see the three relatively-bimodal curves. Although the mean importance ratings rank at the bottom of our list, for each of these curves there seem to be two groups of respondents, one who sees that factor as less relevant and one who sees it as rather important. This is especially the case for for licensing and IP assurances, which a number of respondents rated as being nearly crucial.
Looking first at support and new features, we see that only a small group of respondents saw these two factors as top reasons to select an open source package: only 9% and 13% of respondents ranked either of those, respectively, within their top three most important factors. So despite their bimodal distributions, neither evoked particularly strong opinions when selecting an open source package.
More interestingly, however, was the variance in responses about the importance of licensing and IP assurances. Unlike support and new feature development, there was a large contingent of respondents who considered legal assurances to be crucial: 24% of respondents ranked this factor as their most important (or tied for their most important) criterion when evaluating open source libraries.
Diving into this group of respondents who really value legal assurances, we see something quite compelling: within the third of respondents who ranked licensing and IP assurances the highest, we find 55% of ALL respondents who work for companies with development teams larger than 500 people.
What does this mean? There may be a wide range of responses when it comes to the importance of licensing when evaluating open source libraries, but it is disproportionately important to large companies looking to guarantee organizational compliance.
One additional thing we were interested in looking into more deeply was whether people who pay for open source care about different things than those who don’t. We found no significant differences between the two groups—both those who do and don’t pay agreed on the order of every single one of these evaluation criterion. Maintenance, active community, security, and timely bug fixes are, by and large, the most important factors for commercial users when evaluating open source libraries.
But when it comes to incorporating these libraries into their applications, how do companies do it? Do they have processes in place to manage their open source packages, or does each developer decide to judge an open source package based on their own personal ranking of the criteria mentioned above? We’ll dive into this in our next post! In the meantime, let us know if you’d like to receive updates, and follow us on Twitter.