A Beginner’s Guide to Open Source Contributions (From My Journey and Mistakes)

Hello everyone, I am Jayant Malvi. I am currently in 2nd year of my B.tech Computer Science in IIT Madras.

So my journey started way before I actually started contributing. I was really intrigued by the open source world and always wanted to contribute to organizations where my work is actually used by real people.

My first mistake was that I was just looking at how to start contributing—how to do GSoC and all that. I checked various GitHub repos, looked at good-first-issues, and always thought, “nah, I don’t know this, I won’t be able to contribute.” This was in my first year of college. Around the same time, I was also reading a lot about cybersecurity—networking, vulnerabilities, etc.

Then in my second year, one day in September, I explored OWASP projects and got introduced to OWASP-BLT. The idea of turning bug hunting and vulnerability findings into a gamified environment—with bounties, bacon—really caught my eye. That day I joined the Slack channel and messaged the maintainer, Donnie, about how I wanted to contribute. Donnie, being a great mentor, replied and helped me get started. That was the all the head start I needed.

I jumped into the codebase and started looking at pending PRs. My goal was simple: understand how the codebase works and how PRs are actually done. While setting up the project, I noticed tests were failing. I had no idea what those tests meant at first, but after digging into the codebase, I found there were two identical names causing the issue. I discussed it in Slack and raised a PR.

That’s when I realized—we really overcomplicate open source contributions. It’s honestly just about having the will to contribute and enjoying the process. From that day onwards, I caught momentum and never stopped.

The biggest advice I can give (it sounds simple, but it works): stop thinking so much and just jump into the codebase. At the start, you’ll feel like you don’t understand anything, but trust me—there will be a point where it just clicks, and after that it almost becomes addictive.

Another important thing: being involved in discussions. One of my mistakes was being too hesitant to talk or ask questions. I thought people might think I’m dumb or not professional. That mindset held me back for a while. What I later realized is—no one thinks like that. Everyone is learning. You should ask questions freely. The kind of knowledge you get from peers in these communities is something you won’t easily get elsewhere.

I also really liked how our maintainer, Donnie, introduced initiatives like requiring peer reviews for PRs. We have a strong peer network in BLT where everyone helps each other. A big part of my journey was reviewing PRs—this helped me understand the project better and learn about common mistakes like N+1 queries, deduplication issues, etc. I’d strongly recommend reviewing PRs—it helps others and sharpens your own understanding.

One of the major things I worked on was BLT-Zero. It’s a core part of OWASP-BLT where anyone can send vulnerabilities report to target organizations through a zero-trust workflow—no plaintext storage, mail with encrypted zips, hashes for decryption. This project is really close to me. I started working on it in November, it grew into a community project(in BLT-Zero repository, feel free to join us), and now we’re really close to sending the first vulnerability mail. I’m genuinely excited about that.

There are also many other community projects like BLT-Leaf, BLT-SafeCloak, and more across different domains ,you can contribute to domains that interests you and learn a lot. We’ve also started an initiative for new contributors to help reduce technical debt by making deletion PRs. It’s a great way to get started and understand the project better.

Today the GSoC proposal deadline ended. What I really liked is how my perspective has changed. Around 6 months ago, GSoC felt like just a program to get into. But now, it felt like I’m actually building my own project from scratch and trying to make it as good as possible in the organization which is really close to me. The time I spent researching and writing my proposal was quite a lot, but I enjoyed the whole process more than I expected.

Looking back, I’ve really enjoyed these last 6 months of contributing. I just wish I had joined in the fun earlier. The peer group I found here is one of the most supportive I’ve seen. I’ll keep contributing and see BLT grow into one of the biggest security projects out there.

And finally, a special thanks to our maintainer, Donnie for the constant guidance and for helping me grow as a contributor. The discussions we had around new ideas and improvements—and the way you always encouraged them—were easily the best part.

If you’re someone thinking about starting open source—just start. That’s it. You are always welcome at OWASP-BLT.