Software Power: The Economic and Geopolitical Implications of Open Source Software
by Alice Pannier, Research Fellow, Head of Ifri*'s Geopolitics of Technology Program
*IFRI is the French Institute of International Relations a non profit organisation of Public Interest.
Open source plays a central role in software : it is the foundation of critical software bricks, and has become a major factor for companies’ innovation processes. It is also an attractive alternative to proprietary solutions. However, open source is a victim of its own success. It suffers of a lack of resources dedicated to the maintenance of critical open source components, even though vulnerabilities in open source code can have serious consequences, as illustrated by the Log4Shell vulnerability in December 2021.
Private companies have been investing ever more money and human resources in the development and maintenance of open source software as part of their own innovation strategies. In so doing, they have acquired structuring roles in the governance of the ecosystem. This support, however, is not without risk for the open source ecosystem, which is increasingly shaped by the private interests of these companies.
Meanwhile, governments are getting increasingly concerned with the cybersecurity implications of open source software, and with risks of accidental vulnerabilities, and of manipulation of codes by criminals and foreign agents. An analysis of the United States, Chinese and European cases show that government involvement in open source is not only pragmatic; it is increasingly politicized, and serves to uphold governments’ ambitions for national security, international influence, or digital sovereignty. The study highlights the dilemmas that emerge, for public authorities, from the tensions between the desire to secure universally used, critical open source components, the desire to develop “sovereign” technologies, and the risk of encroaching on the horizontal and decentralized functioning of open source.