When you stream the latest Netflix show, you fire up servers on Amazon Web Services, most of which run on Linux. When a F-16 fighter takes off, three Kubernetes clusters run to keep the jet’s software running. When you visit a website, any website, chances are it’s run on Node.js. Linux, Kubernetes, Node.js, and many other technologies that silently permeate our lives have one thing in common: Open source.
Open source is a technology development and distribution methodology, where the codebase and all development—from setting a roadmap to building new features, fixing bugs, and writing documentation—is done in public. A governing body (a group of hobbyists, a company, or a foundation) publicly manages this work, which is most often done in a public repository on either GitHub or GitLab. Open source has two important, and somewhat counterintuitive, advantages: speed and security.
Kevin Xu is the author of Interconnected, a bilingual newsletter on tech, business, geopolitics, and US-China relations. He’s an investor and advisor of open source startups at OSS Capital, and served in the Obama White House. Jordan Schneider is the author of the ChinaTalk newsletter and host of the ChinaTalk podcast, posted on Lawfare.
These practices lead to faster technological developments, because a built-in global community of developers help them mature, especially if the technology is solving a real problem. Top engineers also prefer to work with and on open source projects. Wrongly cast as secretive automatons, they are more often like artists, who prefer to learn, work, collaborate, and showcase what they’ve built in public, even when they are barely compensated for that work.
But doesn’t keeping a technology’s codebase open make it more vulnerable to attack? In fact, exposing the codebase publicly for security experts and hackers to easily access and test is the best way to keep the technology secure and build trust with end users for the long haul. Sunlight is the best disinfectant, and open source is that sunlight in technology. Linux, the operating system, and Kubernetes, the cloud container orchestration system, are two of the most prominent examples.
Open source is not limited to software, but also impacts hardware development. RISC-V, first introduced in 2010 at UC Berkeley, is an open source chip design instruction set architecture—which tells a chip how to do basic computation, like addition, subtraction, multiplication, etc. RISC-V is gaining traction in the hardware manufacturing space throughout the world, because it lowers barriers to entry and increases chip development speed. OpenRAN, an open source 5G networking stack that started gaining momentum in 2016, is also gaining more attention and has already been embraced by the UK and Japanese governments.
Using open source technology is now the fastest way new products get built and legacy technologies get replaced. Yet as US policymakers develop their industrial policy to compete with China, open source is conspicuously absent.
By leaning on the advantages of open source, policymakers can pursue an industrial policy to help the US compete in the 21st century in line with our broader values. The alternative is to continue a top-down process that picks winners and losers based on not just technology but also political influence, which only helps individual firms secure market share, not sparking innovation more broadly. A few billion more dollars won’t save Intel from its technical woes, but a healthier ecosystem leveraging open source technology and community would put the US in a better position for the future.
Open source technology allows for vendor-neutrality. Whether you’re a country or a company, if you use open source, you’re not locked in to another company’s technical stack, roadmap, or licensing agreements. After Linux was first created in 1991, it was widely adopted by large companies like Dell and IBM as a vendor neutral alternative to Microsoft’s Windows operating system. In the future, chip designers won’t be locked into Intel or ARM with RISC-V. With OpenRAN, 5G network builders won’t be forced to buy from Huawei, Nokia, or Ericsson.
However, open source is not the panacea to all problems. By definition, anyone can run, change, copy, and distribute an open source technology. Thus, the technology and knowledge transfer can go to friends or foes. Indeed, China’s technology sector is starting to embrace open source—a sensible thing for a country looking to maintain its rapid growth and establish technological self-reliance in the face of US sanctions.
This should not scare American policymakers, because the core values of open source—transparency, openness, and collaboration—play to America’s strengths. The Department of Defense is one of the largest consumers of open source technologies and well-versed in the intricacies and nuances. A few federal agencies have also open sourced their code, as part of the Federal Source Code policy instituted during the waning days of the Obama administration in 2016. Among other things, this policy requires all federal agencies to open source 20 percent of their custom-made codebase. Today, anyone can find and use the code open sourced from these departments on code.gov. Both the policy and the code repositories are managed publicly and transparently — as all good open source projects should.