Coding new features, improving tools, and working on new ideas are the top-3 activities that motivate open-source developers to continue coding. At the bottom of the list? Security.
In a survey of 603 free and open-source software (FOSS) contributors, the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard University (LISH) discovered that the average FOSS developer only spent 2.3% of their time on improving the security of their code. While the contributors expressed the desire to spend significantly more time on their top-3 activities, they did not feel compelled to spend additional time on security, according to the 2020 FOSS Contributor Study released this week.
Developers’ opinions of security and secure coding—calling it a “soul-withering chore” and an “insufferably…