The parallels of AI and open source in software development


By Phil Odence - General Manager, Black Duck Audits

The front-page news about generative artificial intelligence (GAI) taking over software development from human developers has waned a bit. But there is no doubt that technology will continue to transform the software development space over time. With AI come challenges that managers need to address. As always, there are lessons to be learned from history.

Freely exchanged source code goes back to software’s earliest days. Richard Stallman wrote the first GPL license in the late ’80s, and Christine Peterson coined the term “open source” in 1998. In the early 2000s, developers began to incorporate freely available open source into software they were writing for their corporate employers.

The case between Free Software Foundation and Cisco was a highly publicized case and prompted lawyers throughout the tech world to start wrapping their heads around these inside-out license terms. Ultimately, the Cisco case revealed a big challenge with this new approach to development.

Both the usage and the supply of open source were exploding by 2010. Between 2009 and 2015, the Black Duck® KnowledgeBase grew 10-fold to 1.5M open source components. By 2019 over half the code in an average “proprietary” application was open source. Lawyers scrambled to understand the legal risks of this ever-expanding open source usage and companies needed to take action and manage usage thoroughly.

In the 2020s, open source is fully mainstream, comprising more than 75% of an average application. Management is as important as ever and underscored by the rise in SBOM requirements.

The roots of AI go back to the early days of open source. However, there was very little adoption of GAI in software until 2023. GitHub Copilot showed up in Visual Studio just over a year ago; then the debut of ChatGPT in November 2022 seemed to set the world on fire.

There are more similarities than differences in a comparison of the impact of GAI and open source on software development. Both are about faster, better, cheaper. This was the attraction of open source: allowing developers to not reinvent the wheel. GAIs purport to create a new wheel for you. This new approach has made corporate heads spin as much as had the news of developers leveraging millions of free, source downloadable software components.

Upon hearing of this new technology and the potential of having machines write code, many board rooms realized they would have to consider its future impact on their software. Only then did they learn their developers had already been leveraging AI-generated code for months.

In April, Samsung engineers lost sensitive data to ChatGPT. Around the same time as Samsung’s issues, a high-profile lawsuit piled on corporate concerns.

There’s a question as to whether it’s legal to use these tools, at least in cases where they seem to cut/paste problematically-licensed code verbatim. As with open source, organizations need strategies, policies, processes, and tools in place to manage GAI safely. GAI too needs management. Track use and be mindful of the limitations of the technology.

Sustaining Partners