Here are a few initial insights—we look forward to seeing what others find in the data:

GitHub's open source community is growing fast. The 2024 survey responses closely resemble those from 2017, showing that while challenges and concerns persist, the significant increase in community size (up more than 75 million users in the last 7 years) has not led to a decrease in community experience. This suggests that while challenges and concerns remain, onboarding millions of new users and contributors has made the community larger, not weaker.

One of the largest changes from 2017 to 2024 is an increased tendency to respond to rather than ignore harassment: ignore went from 49% to 38%, while each specific response, from blocking to various forms of reporting, increased. This could indicate a long term change in behavioral norms in open source projects.

Open source is slowly becoming more diverse. For instance, in 2017, 26% of respondents identified as immigrants, rising to 30% in 2024. Additionally, while 79% of respondents in 2017 were not minorities in their country of birth, that figure decreased to 70% in 2024.

Community attitudes around privacy are changing in complex ways. Perhaps the largest, and most interesting change in responses: in 2017, 43% of respondents preferred not to say their age, while in 2024, only 4% did. Meanwhile, fewer respondents support anonymous code contributions (2017: 60%, 2024: 51%) while more people contribute using a pseudonym not linked to their real name (2017: 12%, 2024: 20%). Given this complexity, we think it’s important to focus on secure design, processes, and tools to enable collaboration across projects and contributors that have different preferences for privacy and identification.

Speaking of secure by design, in 2024 we added “security by design” as a new option among things people think about when deciding to use or contribute to open source projects. We wanted to benchmark this term, which has been increasingly used to promote a range of secure development best practices ultimately intended to make users and society more secure and resilient. 82% of respondents identified security by design as an important consideration for using an open source project, and 62% consider it as a factor for whether to contribute to a project. Of course, improving the security of a project is a great reason to contribute!

We also added a few benchmark questions about open source AI. Unsurprisingly, employers are more uncertain about incorporating open source AI models into their codebases (50% do not have a clear or known policy, or do not permit their usage) than about incorporating traditional open source dependencies into their codebases (17% reported unclear or not allowed). We also asked about use of and contribution to AI tools, and awareness of responsible AI practices when using and contributing. Use is unsurprisingly higher (e.g., only 27% of respondents had never used a tool like Copilot for writing code or documentation) than contribution (e.g., 74% of respondents had never contributed to an AI infrastructure project), but contribution is also associated with higher awareness of and following responsible AI practices (only 14% never) than using (29% never).

Finally, we introduced a question to measure financial and in-kind support for open source from employers, governments, and investors. Although the percentage of respondents reporting “frequent” support is still low, we see a positive sign: only around 50% of respondents selected “never.” This signals a wide green space for growth and opportunity.

While many experiences around open source contribution and usage remain stable since we last performed this survey in 2017, we note the following interesting changes:

• The privacy and anonymity concerns of contributors are being challenged by the needs of supply chain security
• The impact of AI's recent arrival requires companies to update and share their policies with their developers
• Despite our vast increase in size, problems are not getting worse

To drive the future of open source forward, more organizations, governments, and funders need to actively contribute to the sustainability of the ecosystem—whether through funding, resources, or direct participation with open source projects and communities.