2026-03-16 –, Room Auditorium
The InnerSource commons promotes the adoption of open source practices to accelerate development within a company's culture. It's also said that it prepares the ground for those companies to begin contributing and releasing open source software... but can we prove it?
Using data from hundreds of millions of open source repositories provided by ecosyste.ms we seek to answer the question: is The InnerSource Commons good for open source?
We look at data from 800 member companies to answer what might seem like a simple question, in the process unpacking what it means to support, contribute, and maintain open source software. What a 'healthy' open source project looks like, and where and how we can identify and support important projects that need our help.
Note to assessors: this talk is an extension of a talk given in 2017 in which we were able to demonstrate that the civic tech community contributes around 6% of the work needed to support the most critical open source packages tracked by libraries.io: https://medium.com/@BenJam/the-impact-of-civic-tech-on-open-source-81816ca2aed3
Ben started working with Andrew Nesbitt following the Heartbleed vulnerability in 2014. In the decade since they’ve built the world’s most comprehensive and accurate dataset about open source production and use… twice.
Their latest project Ecosyste.ms tracks 230m repos and 11m packages from thousands of data sources, mapping 19 billion dependencies between them. Ecosyste.ms provides a free set of tools and data for developers, researchers, and policymakers to help identify, secure, and sustain open source software.
Ben is also Strategic Director at Open Source Collective, Director of Open Finance Consortium, and the creator of a boardgame or two.
Andrew Nesbitt is a UK-based software engineer specializing in package management, open source discovery, and sustainability. He created and maintains Ecosyste.ms, a free infrastructure tracking millions of packages across dozens of ecosystems with completely open APIs.
Building on his earlier work with Libraries.io, he focuses on making dependencies visible, enabling proper attribution across package ecosystems, and helping researchers and maintainers understand the critical infrastructure that underpins open source.
His work centers on solving discovery problems in open source: surfacing hidden dependencies, mapping transitive relationships between projects, and identifying which software truly matters for sustainability efforts. Andrew also created Octobox for managing GitHub notifications and 24 Pull Requests to encourage contribution culture.
He's passionate about package management systems, dependency analysis, and building the data infrastructure needed to support healthier open source ecosystems. When not working on open source sustainability, he's wrangling his five mini poodles and modifying Japanese sports cars.