Open-source software is a huge part of the security community. There's open-source tooling in use by defensive teams, offensive teams, development teams, and more. Additionally, there's audit and compliance risks of open-source. There are also security perspectives and an attack surface that need to be considered when organizations use open-source software. Overall, lots of companies, teams, and individuals use open-source software (OSS). It's usually summarized as free, public code software that people can use and do what they want. However, the world of open-source software is a lot more complex than one may initially think. There are contribution guidelines, benevolent dictators for life (BDFL), licensing complexities, and a whole lot more. This talk aims to explore open-source from both sides: a consumer and a contributor. The talk allows a deeper dive into what it takes to contribute to popular open-source projects as well as the types of communities and realities that develop around open-source and the projects that live in the open-source realm.

Open-source software may be publicly available, but that doesn't always evaluate to free: time to understand, time to implement, time to modify, time to evaluate from a security perspective, and lots more can be considered hidden costs when evaluating open-source projects for use in enterprises, startups, or even small personal projects.

Communities grow and evolve around open-source software. There are numerous archetypes of communities in open-source: vendor-driven open-source, BDFL-driven open-source, small contributor team but massive user-base, the only users are the contributors, and more. Diving into these user groups and types allow people to see open-source in a different light, and may just inform them of the reasoning why they "just won't fix my simple bug!"

Leveraging the power of open-source communities and software is a complex topic that can be difficult to wrap one's head around. There are contribution guidelines, project road maps, pull request templates, maintainers, core contributors, and much more. I plan to elaborate on these different scenarios, empower people to feel like they can contribute to open-source, and educate them on where to start/how to begin.

Finally, the talk will wrap up by evaluating how some of the most popular and fastest-growing open-source projects are being run in the open-source world and how people can contribute (or even start their own)!