Last week’s Open Source Summit in San Diego was a brilliant display of the ecosystem's well-deserved success, but that was to be expected. You don’t go to an event with that title and not expect some back slapping.

And that bravado does appear to be well placed. Not a day goes by where some new open source project is launched, some large vendor ties its future to the open source ecosystem, or some un-told millions (or billions) of dollars is thrown at some corner of the open source space.

That level of success was perhaps most succinctly explained to me at the event by Chris Aniszczyk, COO at the Cloud Native Computing Foundation (CNCF). “This is the golden age of open source and we are hitting more industries now,” Aniszczyk told me during an interview at the show. “If you are a developer in open source you can find a good job in so many different areas.”

Aniszczyk’s optimistic tone followed a brief keynote address by Red Hat CTO Chris Wright, who stated flatly that “open source has won," citing the dramatic increase in GitHub users and numbers from the Linux Foundation touting the financial benefits of open source software. That statement of open source success wasn’t necessarily the most controversial as it was made at an open source-focused event.

However, Wright also spent some of his limited time on stage and a considerable part of a follow up interview questioning how the ecosystem was going to deal with its success.

“Part of winning is that with great power comes great responsibility,” Wright said on stage. He explained that the community had changed from its humble origins based on the benefits of sharing software code to where it’s at today in powering some of the largest corporate entities.

In that later interview, Wright described the situation like the indie rock scene where a band strives to gain notoriety outside of a small community, but once it gets that attention it’s not sure what to do with it or deal with how it changes the band.

“There’s now a lot of money at stake that can change people’s behaviors,” Wright said, adding that this can lead to the creation of outsized expectations or some companies using their financial influence to impact the direction of open source innovation in an attempt to get an advantage in the market.

“The old school model is quarterly growth and never over-extend yourself,” Wright explained. “The newer model is very different. You look at it as a big upfront investment and then capture the most mindshare or market share that you possibly can and growth is more important than profitability. If you flip that from a business context to an open source community context, if the metrics are all about growth and not about sustainability then you are going to incentive the wrong kind of behavior and that’s the thing that worries me.”

Wright does have an interesting view into this phenomenon. Red Hat, of course, is now part of everything-giant IBM, which picked up the open source-focused company for a cool $34 billion. Yes, that’s billion with a “b.” And Wright did acknowledge that his viewpoint is indeed split between that of a long-time open source developer and his senior role at a vendor in the space.

“Some of the questions we have had are around is the acquisition of Red Hat by IBM the demise of Red Hat because they are such different cultures,” Wright said. “We think a lot about the Red Hat culture, what does it mean, who are we, how do we sustain those as we grow.”

As an example of those broader challenges that could impact open source success, both Wright and Aniszczyk, unprompted, pointed to supply chain security. They both cited recent security issues that have cropped up around well-established open source platforms and the need for the developer community to be more diligent in baking security into their processes.

“We can do a better job of stewarding some of those supply chain issues in open source, like security,” Aniszczyk said. “But the biggest focus is that everyone has different attitudes in securing the supply chain and with software being nearly everywhere in society today, that can lead to larger issues.”

Wright’s take was that if left unchecked, security issues could sour the view of open source and drive larger enterprises back toward proprietary software.

Sure, the security space has plenty of players throwing a lot of money at these issues, but the fact that these issues keep cropping up indicates that there is still that disconnect between the developer community and the end user.

Security, of course, is just one of a myriad of issues impacting the open source world today. Wright touched on a number of others, including culture, business models, and how various industry groups factor into which projects are positioned for open source success.

From my limited sample set it’s obvious that many people are aware of those challenges and know they must be dealt with in order for the community to maintain its status. But how deep does that desire go, and how will a community that for much of its existence had to fight for recognition deal with now being in a position of strength?

Both Aniszczyk and Wright were optimistic that the will and resources are there to tackle that challenge.

Aniszczyk’s view did seem a bit more rose-tinged, though that could have been due to the shorter time we had to speak on the topic or perhaps the unrelenting San Diego sun beating down on me during that conversation. But, that’s not to say that Wright’s view was also not optimistic. In fact, buried within his calls for caution was a direct mention of his “realistic” optimism.

“I love that we are winning and think it’s amazing and never would have predicted it when I started down this path,” Wright said. “But I don’t think we should take it for granted and I think there is a careful balance where we are understanding where culture is a critical factor.”

At this point it will take quite a big hit for open source to be knocked off its newly-won perch. But, that's not to say it can't be done. Now it's just a matter of the community shifting its mindset from that of an up-and-comer to an established player.