As part of the activities of the Cyber and Digital Sovereignty Chair - IHEDN, Stefano Zacchiroli (Télécom Paris, Institut Polytechnique de Paris) conducted a study over several months Determining the geographic origin and gender of public code contributors, on identifying the geographical origin of contributors to free and open source software (Free and open-source software (FOSS) which, according to recent estimates, are present in 96% of software products on the market.
This raises questions about the risks to digital sovereignty posed by the development of FOSS. FOSS is massively re-used and can be re-used and modified with few restrictions and little supervision by communities of developers from all over the world.
This creates dependencies. A single software product may depend transitively on hundreds or even thousands of third-party FOSS components. Conversely, tens of thousands of software packages may depend on relatively unknown (and possibly poorly maintained, insecure or unreliable) open source software produced by a diverse international community of developers.
This raises a number of questions and potential problems in terms of digital sovereignty:
- Who are the component developers? open source on which we depend for our day-to-day software activities?
- More specifically, in which countries are these developers based?
You can download it below:
- An executive summary (executive summary) in French explaining the method used.
- The technical report on the study.
Stefano Zacchiroli is a professor of computer science at Télécom Paris. He is also co-founder and CTO of Software Heritage, the largest archive of software code open source. Télécom Paris is a partner of the Cyber and Digital Sovereignty Chair - IHEDN.
