By: Ruth Suehle, ASF President
Today I am honored to step up as the Apache Software Foundation’s new president and am appreciative of David Nalley’s service in the role over the last four years. It’s an extremely interesting time in the history of software, and I’m excited to help lead the ASF into that future.
In a sense, the Apache Software Foundation is almost as old as open source itself. The term “open source” was coined in February 1998, and the ASF, already an active group of collaborators, was officially incorporated as a US 501(c)(3) in June 1999. Of course, the pieces that coalesced into the open source movement had been growing for many years before that, and likewise, so had the work that eventually became the ASF.
For the 25-plus years since, open source software (including the hundreds of ASF projects) has quietly become integral to nearly everything we do in our businesses and our lives, from streaming video into your home to detecting credit card fraud, in medical services and on satellites. Open source software is powering everything today, and the ASF and other foundations have played an important role in making that happen. But today the open source ecosystem is at an inflection point. A recent Harvard study was just the latest to estimate that rebuilding open source software from scratch would run into the billions, and the effect on our lives if it all disappeared would be incalculable. And now this increasing global reliance on open source software has drawn the attention of regulatory bodies and legislators, particularly regarding security.
Thus our purpose as a foundation must continue to evolve, as it always has, to meet the changing needs of our projects in meeting our mission of software for the public good. At one time, our purpose was largely driven by the fact that at the time, it was more difficult than it is today to simply build a project and get it out in the world. Then came other needs, like creation of the Apache license. The open source ecosystem also continued to grow around and with us, and our next phase of growth is no longer as an activity seen as a niche hobby, but as the home of globally critical software doing so with the whole world watching.
At the top of the list is how we address security issues. Three years to the day since the Log4Shell vulnerability was publicly announced, the Cyber Resilience Act (CRA) will go into effect in the EU on December 20, 2024. Full implementation thus will be December 20, 2027, with mandatory security reporting beginning earlier on September 11, 2026. Last month, the EU adopted a new Product Liability Directive to include software, updating rules that date back to 1984. In the US, companies are still learning how to build compliance with the 2021 Cybersecurity Executive Order (Cyber EO). The ASF has a solid track record of trustworthy security practices, but there’s always room for improvement, and we look forward to continuing to collaborate with agencies not just in the EU and US, but around the world to ensure our projects remain ready for future security challenges.
A less technical matter but equally critical challenge for our future success is our readiness to welcome the next generation of contributors. Many of us in open source software, not just the ASF, have increasingly looked around the virtual room and noticed the graying of the ecosystem. The ASF today is more than 800 active members strong, a group built on a web of trust, as members are nominated and approved by current members. We also have nearly 9,500 committers working across 300+ projects. My hope for each ASF contributor is that we will together find more and more ways to increase that web of trust to welcome new and younger contributors who will continue to carry this foundation and its work for many years to come.
And that’s because the continued success of open source software and our ability to adapt to the needs of a perpetually changing world relies on one thing only, the fundamental principle that has made open source successful: community. Community not only within the ASF, but across open source projects, the companies that rely on them, governments around the world, and among our ecosystem’s software foundations. Working together is our greatest strength, and continuing to rely on that is how we ensure that open source software continues to flourish.
The post ASF’s New President: Evolving the Foundation’s Future Through Global Collaboration appeared first on The Apache Software Foundation Blog.