Image: © inspiring.team/Stock.adobe.com
Gabriele Columbro, general manager of Linux Foundation Europe, spoke to SiliconRepublic.com about the open-source landscape and the opportunity for the EU.
Europe has been under a global microscope lately for its regulatory culture, with many tech leaders – who naturally have a vested interest in a looser regulatory landscape – warning that the region is falling behind in the tech innovation race.
However, the explosion of AI and subsequent concerns around bias, privacy and improper use of data highlights exactly why regulations are needed within the tech sphere.
Not to mention the fact that the law of creative constraint suggests that limitations or constraints actually foster innovation by forcing people to think outside of the proverbial box – meaning proper regulation can actually foster innovation rather than hinder it, all while ensuring we live in a more ethical society.
That’s not to say Europe shouldn’t find ways to ensure it remains competitive on the global tech playing field, and one area Europe could really shine is in the open-source arena.
Europe’s strong open-source base
Open-source technologies, which are released for free reuse, distribution and modification, have been around since the early days of computing. Much of the technology we use every day is built on the shoulders of the open-source community.
These technologies have increasingly been seen as a strategic priority for Europe, which hosted the EU Open Source Policy Summit at the end of January in Brussels. The event brought together policymakers, industry leaders and open-source advocates from across the region to discuss the crucial role of open-source software in shaping Europe’s digital future.
Gabriele Columbro, general manager of Linux Foundation Europe, was one of several speakers at the event. Columbro spent more than 15 years building developer ecosystems and he’s also the executive director of the Fintech Open Source Foundation (FINOS).
Speaking to SiliconRepublic.com, Columbro said he believes the open-source community in Europe is much stronger and more innate than other regions.
“If you think about it, the largest and most famous open-source inventions were from Europeans – Linus Torvalds, the founder of Linux; Tim Berners-Lee, inventor of the internet itself. So that that tradition continues to be very strong.”
Gabriele Columbro. Image: Linux Foundation Europe
Founded 25 years ago, the Linux Foundation is a nonprofit consortium dedicated to supporting Linux development and open-source software projects.
According to Columbro, 35pc of its members are in Europe. However, he also said that while the community in the region is strong, Europe “hasn’t been as successful at extracting value” from the technology.
He pointed to the potential opportunities based on examples from the US such as GitHub and Confluent as “VC-backed ventures that really become unicorns based on open-source projects”.
“I see a lot of investment [in Europe], I think it’s promising, but still…open source remains, in my mind, the best opportunity for Europe to catch up from a technology standpoint, but it has to be a concerted effort across Europe.”
A symbiotic relationship
There’s often a push-pull feeling around open-source versus the gated proprietary technology behind many a Big Tech giant.
But the reality is both sides need each other to survive and thrive. Columbro said that hyperscalers are heavily reliant on open-source technology and that without open-source operating systems, there would be no cloud.
Equally, major tech companies such as Google and Microsoft pump huge amounts of funding into open-source projects and consortiums, including Linux Foundation “to pay maintainers to make sure that open source is secure”.
However, there is a dark side to Big Tech’s role in open source in that there is a question of dominance and being run by tech giants.
This wrinkle has resulted in certain companies such as Elastic Search, which switched from open source to proprietary ‘sources available’ licences in 2021. This change was made due to the company’s dissatisfaction with AWS, which was offering a similar managed solution based on Elastic Search while contributing little to the project.
However, the company reached an agreement in 2022 and Elastic has now returned to an open-source model.
“It is obviously a complex scenario here, it’s not one size fits all,” said Columbro. “I think my outlook is still generally positive in the sense that compare, for example, to many other enterprises that largely just consume open source. Big Tech is substantially contributing both money and contributors to open source. And I think it’s undeniable that open source as we know it would not be here without that level of corporate funding as well.”
Debunking the security myth
Open source has had an image problem in the past, particularly around its security. There have been some incidents in recent years that can heighten these concerns, such as the GitHub developer who reportedly corrupted two important open-source files he created, which ‘bricked’ thousands of projects.
And then there was the Log4Shell flaw in 2021, a vulnerability that could give a hacker unrestricted access to a company’s computer systems. The flaw stemmed from Apache Log4j, an open-source Java-based logging utility used by many of the world’s major tech companies for their web infrastructure, including Microsoft, Apple, Amazon and Cisco.
However, the notion that open-source software is less secure than closed-source software is a myth – especially as there have been plenty of security issues within closed-source systems, including IT disruptions and data breaches.
According to Columbro, the myth that open-source technology is less secure has largely been dispelled in both the broader tech industry and within the finance industry.
“Obviously it takes a good understanding of what open source is and how the open sourcing system is built and run, and the difference between a healthy open-source project that has contributors and funding and adoption from several organisations and individuals versus a random open-source project that is maintained by one developer in Nebraska”
He added that when Log4Shell happened on an open-source package, he was worried at the time that it would undo all the good work around the understanding and trust built around open-source technology, especially in finance. Luckily, he was wrong.
“They understood that this wasn’t a problem of security, but was a problem, again, of health and sustainability of the projects. Log4J is a super widespread project that is maintained by only a couple of developers,” he said.
“So, banks started participating to collective funding efforts like OpenSSF, the Open Source Security Foundation, in the understanding that it is a collective responsibility to ensure the health of maintainers.”
Ongoing maintenance
In order to solidify open source’s power and benefits, Columbro said funding is a key element that must be addressed. In short, the maintainers must be maintained.
“Continuing to invest, not just in foundations, but also in efforts like direct container funding, putting contributors directly working, paying your employees to actually dedicate time to work on open-source projects beyond Big Tech, beyond the tech industry.”
He said when he thinks about Europe, he thinks about all the traditional vertical industries that are undergoing digital transformation, making it very clear that there is a strong potential for open source to thrive.
“Public funding is important, and we’re seeing a lot of it coming down from the EU through, you know, NGI programmes, Horizon. Even at nation-state level, there’s a lot of funding.”
He also said that ahead of his speaking engagement at the EU Open Source Policy Summit, he had to rewrite his speech because of the disruption from DeepSeek, which had been revealed just days before the event. Through our own conversation we hadn’t even gotten to talk about AI’s effect on the open-source industry, so he added a warning that a huge amount of change is coming down the line for the industry.
“So, all I’ve said with the caveat of, we all need to be quite responsive and understanding truly over the next 12 months, what is the impact of AI, on actual software development.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
