Software Power: The Economic and Geopolitical Implications of Open Source Software Etudes de l'Ifri, December 2022

Open source plays a central role in software: it is the foundation of critical software bricks, and has become a major factor for companies’ innovation processes. It is also an attractive alternative to proprietary solutions.

However, open source is a victim of its own success. It suffers of a lack of resources dedicated to the maintenance of open source components, even though vulnerabilities in open source code can have serious consequences, as illustrated by the Log4Shell vulnerability in December 2021.

Private companies have been investing ever more money and human resources in the development and maintenance of open source software, and have acquired structuring roles in the governance of the ecosystem. This support, however, is not without risk for the open source ecosystem, which is increasingly shaped by the private interests of Big Tech companies.

Meanwhile, governments are getting increasingly concerned with the cybersecurity implications of open source software, and with risks of accidental vulnerabilities, and of manipulation of codes by criminals and foreign agents.

An analysis of the United States, Chinese and European cases show that government involvement in open source is not only pragmatic; it is increasingly politicized, and serves to uphold governments’ ambitions for national security, international influence, or digital sovereignty. The study highlights the dilemmas that emerge, for public authorities, from the tensions between the desire to secure universally used, critical open source components, the desire to develop “sovereign” technologies, and the risk of encroaching on the horizontal and decentralized functioning of open source.

This publication is also available in French: Sources d'influence. Enjeux économiques et géopolitiques des logiciels open source