Some huge startup successes in recent years have come from the open source community (think Cloudera, MongoDB, Mulesoft, or SugarCRM), but many developers are still hesitant to devote much (or any) of their spare time to new open source projects. For those that do recognize the value, there’s still the question of how to participate, and in what?

Last week we shared some productivity advice from our team of experienced Java developers that touched on the value from participating in open source projects. Let’s take a look at that value, and how any dev can involved with an existing project today.

Open Source Projects 101

Why Open Source?

Open source projects can obviously help with professional development, but it’s certainly not the only reason to contribute. Open source participation can expand your network, and provide an outlet to give back to the tech community in a meaningful way. In this section, we’ll take a closer look at these benefits.


The knowledge you can gain by working as part of an open source community is tremendous. This benefit was at the core of our advice from Stormpath CTO, Les Hazlewood. Les is the lead contributor to Apache Shiro, an open source Java security framework and has been a Java developer for 21 years. He says:

“You will learn more by looking at clean code and good design patterns than anything you could do on your own or what you would see by working on a few closed-source projects.

When on a team of, say, eight developers, working on a closed-source project, you see code written by eight people. When participating in open source projects, you see code written by hundreds of developers — a much greater experience pool to draw upon when learning best practices.”


For freelance developers, adding value to a project and becoming an active community member can gain you recognition with potential clients. Not a freelancer? Not to worry. Companies like Google, Microsoft, Apple, Facebook, and Adobe are all active in many open source projects and are known to recruit talent directly from these communities.

If you’re interviewing for a tech-forward engineering team, like Stormpath’s for instance, you can bet the lead engineer has looked at your Github commits. At the end of the day, it’s empirical. If you know your stuff, it’ll be in the code, not just hidden behind the lines on your resume.

Giving Back

Many developers will tell you that the main reason they contribute to open source projects is that they believe in the philosophy. Sure, the world would be a better place if we all gave freely of our talents. But is that it? Change the world through code?

Here’s the thing, by giving back through open source you are also inherently promoting competition and innovation. Those are tangible drivers that directly put pressure on the pace of technology advancement in your field – whether it’s software, astronomy, medical research or data science for social change (all of which have active open source communities). Your contributions speed up that advancement.

How To Get Started

So this is all great, but where do you start?

Find an Open Source Project

The guidance from our team is to choose something you’re already actively using, or that solves a problem you encounter regularly. From there, ask yourself, “Is this project within my skillset, or does it involve skills I’m looking to develop?” If so, hey, you’re there!

Don’t get hung up on finding a “beginner-friendly” project. Every project has beginner-friendly tasks you can tackle.

Beginner Contributions

Once you’ve picked a project, how do you begin making valuable contributions? Here are some simple tips:

  • Join the community first. Whether it’s a mailing list or IRC, find out where people are talking, follow along, and speak up when you have something meaningful to add.
  • Look for simple tasks. If you’re not quite ready to dive in with your own new code, use the time to read up on the project’s current state and most recent releases. From this reading you can likely identify fixed bugs with tickets you could help close or documentation you could update.
  • Write a test or example. Start working with the codebase itself by writing a needed test, or adding a new example to the documentation.
  • When you’re ready to code, start by fixing a bug. This is where most developers dive in, and it’s a good place to make an impact early on. Some projects will require you submit a test with a bug fix, so if you haven’t written one yet this is your chance.
  • Stick with it. Your contributions may not be prioritized until you’ve been around a little longer, so keep sending updates and be responsive to feedback.
  • Rules of Engagement

    As in any other community, most open source project communities operate under a set of unwritten codes of conduct. When you’re just starting out, one of the most important things to keep in mind is to finish what you start, and be upfront about your time.

    As you’re around more, pay attention to the balance of your participation. If your primary interaction with the project is in the IRC or through email discussions, it’s time to re-prioritize. You got involved to help build something, so make sure you spend at least equal time building vs. talking about building.

    And finally, be humble. For example, don’t add yourself to the list of contributors on a project. Wait for the project leaders to add you when you’ve shown your value as a community member.

    Stormpath ♥’s Open Source

    A passion for open source projects is part of our culture here at Stormpath. We were founded on the principle that open source projects drive better code and security through rigorous peer review.

    Our team is active in a huge variety of open source projects, both individually and on behalf of Stormpath. Here’s a (short) list of the projects we love:

  • Apache Maven
  • Apache Tuscany
  • Asterisk
  • Django
  • Django-skel
  • Fedora
  • Flask
  • Gentoo
  • Homebrew
  • Ipify
  • OpenStack
  • Python-basicauth
  • RDO
  • Sonatype Nexus
  • Spring
  • Spring Boot
  • SwitchYard
  • Our SDKs and Integrations

    At Stormpath, it’s not just about open source outside of the office. We change and grow our products by opening our libraries for community contribution. It’s made us all the better.

    Apache Shiro

    Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. It was originally developed by a team of contributors, including Stormpath’s own Les Hazlewood, as a general-purpose security framework for Java developers.


    nJwt is the cleanest JSON Web Token (JWT) library for Node.js developers. nJwt removes all the complexities around JWTs and gives you a simple, intuitive API, which allows you to securely make and use JWTs in your applications without needing to read rfc7519.


    JJWT is an easy to use tool for developers to create and verify JWTs in Java. Like many libraries Stormpath supports, JJWT is completely free and open source (Apache License, Version 2.0), so everyone can see what it does and how it does it. Do not hesitate to report any issues, suggest improvements, and even submit some code! and and are developer tools we created using the nJWT and JJWT libraries to ake it easy to decode JWTs. Simply paste an existing JWT into the appropriate field to decode its header, payload, and signature. Both sites are open source projects that came out of our internal company hackathon. StormHack.

    JWT Inspector

    The new kid on the block, JWT Inspector is an open source Chrome extension that allows developers to inspect and debug JWTs directly in-browser. The JWT Inspector will discover JWTs on your site (in cookies, local/session storage, and headers) and make them easily accessible through your navigation bar and DevTools panel.