OSS Enterprise: Open source perspectives and securing the software supply chain

Elevate your enterprise data technology and strategy at Transform 2021.

Let the OSS Enterprise newsletter guide your open source journey! Sign up here.

Welcome to OSS Enterprise, a newsletter from VentureBeat that shines a light on the world of open source software. The first edition looks at open source team chat tools, securing the software supply chain, and industry perspectives on open source software.

All subsequent editions of OSS Enterprise will be email-only, dispatched to your inbox each Friday.

1. Open conversation

Salesforce expects to close its $27.7 billion Slack acquisition in the coming weeks, while Microsoft Teams usage continues to skyrocket. If the past 12 months have taught us anything, it’s that team chat and collaboration tools are more vital than ever in an increasingly distributed workforce.

Open source software is also accelerating, including in the enterprise — open source code makes it easier to scale software, saving companies from building everything from scratch.

At the intersection of these trends are open source team chat and collaboration tools, such as Mattermost, Rocket.Chat, Zulip, and Element. An enterprise could have various reasons for exploring communication software that adheres to a more open philosophy — companies that manage sensitive data, for example, might wish to retain full control of everything on their own servers. Or they might require more flexibility in terms of integrations and deployment.

Here VentureBeat looks at some of these open source “Slack alternatives,” gleaning insights from the key people behind them.

2. Secure supply chain

Google this week unveiled a new plan to thwart supply chain attacks, with a focus on open source software packages.

Supply chain attacks, which target companies by exploiting vulnerabilities in third-party hardware and software, have dominated the news over the past six months. The biggest example was an infiltration of IT infrastructure company SolarWinds that gave the attackers access to sensitive data at thousands of organizations, from Microsoft to government agencies.

Google’s proposed Supply Chain Levels for Software Artifacts (SLSA) is touted as an end-to-end framework for “ensuring the integrity of software artifacts throughout the software supply chain.” In its initial guise, SLSA is little more than security guidelines and best practices, though the plan is to support the “automatic creation of auditable metadata that can be fed into policy engines,” with different SLSA certification levels assigned to specific software packages.

For example, to get the top SLSA 4 certification, a package must have a two-person review process in place to help catch unauthorized or “bad” modifications submitted to a shared code repository.

3. Industry perspectives

Open source software is integral to just about every company today, from fledgling startups to trillion-dollar corporations. But for all the benefits open source software offers, it also presents challenges.

Wizards of OSS explores a range of industry perspectives, including what a world without open source software might look like.

“Much of the technology we build to power our datacenters, AI and machine learning architecture, or developer tools would not be anywhere as robust, reliable, scalable, or feature-rich as they are without the feedback, contributions, and collaborative energy of countless companies, communities, and individuals we work with in open source,” Facebook open source head Kathy Kam said.


  • How dedicated open source program offices (OSPOs) bring structure, formality, and order to open source software programs.
  • PostHog is an open source analytics platform that gives companies insights into how people are using their products — the company raised $15 million last week, shortly after rival product analytics platform amplitude hit a $4 billion valuation on a $336 million funding round.
  • RudderStack, meanwhile, raised $21 million to grow its open source customer data platform (CDP). Unlike others in the space, RudderStack specifically targets developers, giving companies more flexibility in their CDP deployment.
  • Open source observability software maker Grafana Labs acquired K6, an open source load testing tool for engineers.
  • A survey of open source code maintainers reveals that under half are unpaid, with only one-quarter earning $1,000 or more annually.

5. Good read

Author and technology activist Cory Doctorow wrote an excellent piece for Locus magazine, exploring the history of open source software while touching on related themes, such as interoperability, monopolies, and walled gardens. The article dates back to last year, and it’s a long read, but it’s worth bookmarking for when you have a half hour to spare.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Leave a Comment