304 North Cardinal St.
Dorchester Center, MA 02124
304 North Cardinal St.
Dorchester Center, MA 02124
Open source software (OSS) is the backbone of the modern internet. It’s used to build everything from the world’s largest websites to the smallest mobile apps. It’s estimated that the average person interacts with OSS dozens of times per day, whether they realize it or not.
Despite its ubiquity, OSS is often taken for granted. We expect it to just work, and for the most part, it does. But OSS is created by people, and people are not perfect. OSS is also vulnerable to the same kinds of malicious attacks that any software is.
That’s why equity in open source matters.
Open source software is created by people from all over the world, from a variety of backgrounds, and with a wide range of experience. But not all open source contributors are treated equally. There is a clear power imbalance between those who control the most popular open source projects and those who don’t.
This power imbalance can lead to several problems, including:
– Contributors feel like their work is not valued
– Lack of diversity in the open source community
– Insecure and/or buggy software
We believe that the best way to address these problems is to create a new kind of open source platform, one that is designed to be more equitable and secure from the ground up.
We’re calling this platform ‘brew2 for web3’.
Brew2 is a package manager for open-source software. It’s similar to existing package managers like npm and yarn, but it has a few key differences:
– Brew2 is designed to be more secure. It uses cryptographic signatures to verify the integrity of packages, and it can optionally install packages from secure mirrors.
– Brew2 is designed to be more equitable. It allows developers to set their price for their packages, and it redistributes a portion of the proceeds to the maintainers of the dependencies of those packages.
One of the most important aspects of brew2 is that it allows developers to set their price for their packages. This is important because it gives developers a way to directly monetize their work.
Up until now, the only way for open source developers to make money has been to either work for a company that uses open source software or to sell services related to open source software. But this leaves out a large number of developers who don’t want to work for a company or who don’t want to sell services.
With brew2, developers can set their price for their packages, and they can choose to donate a portion of the proceeds to the maintainers of the dependencies of those packages. This will allow more developers to work on open source full-time, and it will help to ensure that the open source ecosystem is more sustainable in the long run.
Another important aspect of brew2 is that it is designed to be community-led. That means that the community, not a central authority, decides which packages are included in the brew2 repository.
This is important for two reasons:
– It allows the community to hold package maintainers accountable. If a package maintainer is not responsive to issues or if they are not keeping their package up-to-date, the community can simply remove their package from the brew2 repository.
– It allows the community to validate packages. Before a package is included in the brew2 repository, it must be reviewed by the community. This review process helps to ensure that packages are safe and secure.
One of the most important benefits of open source software is that it can be audited by anyone. This is important for security because it allows anyone to find and fix security vulnerabilities.
But auditing open source software is not always easy, and it’s often not done as thoroughly as it should be. That’s why we’re working on a tool that will make auditing open-source software easier and more effective.
This tool, which we’re calling ‘OSS-Fuzz’, is a fuzzer for open-source software. Fuzzing is a technique for finding security vulnerabilities by feeding random data to a program and seeing if it crashes. OSS-Fuzz is designed to be easy to use and to integrate into existing workflows.
OSS-Fuzz is already being used to find security vulnerabilities in several popular open source projects, including the Linux kernel, Firefox, and Chromium. We’re also working on integrations with the major open source bug trackers so that vulnerabilities can be fixed as soon as they’re found.
Open source software is the backbone of the modern internet, and equity in open source matters. We believe that the best way to address the problems of the open source community is to create a new kind of open source platform, one that is designed to be more equitable and secure from the ground up.
Brew2 is a package manager for open-source software that is designed to be more secure and more equitable. It allows developers to set the prices for their packages, and it redistributes a portion of the proceeds to the maintainers of the dependencies of those packages.
OSS-Fuzz is a tool that makes auditing open-source software easier and more effective. It’s already being used to find security vulnerabilities in several popular open-source projects, and we’re working on integrations with the major open-source bug trackers.
These are just a few of the ways that we’re working to make open source more equitable and secure. We’re just getting started, and we’re excited to see what the future holds.