I heard about open source around a year ago, and honestly, I didn’t jump in out of excitement - it was pure curiosity. I just wanted to see how things worked behind the scenes. So I started exploring the good-first-issue label on GitHub, picked some random repos, forked them, committed a few changes, and slowly figured out the whole contribution workflow.
Back then, I also knew about GSoC - Google Summer of Code - but only at a surface level. To me, it was simply “contribute → get selected.” I had no idea how big real-world codebases could be or how overwhelming they might feel.

Finding My Direction: OWASP

While browsing blogs about how to get started, almost everyone suggested reading previous years’ GSoC write-ups. So I did. And while reading those posts, one organization suddenly stood out: OWASP.

The reason was simple - I already knew about the OWASP Top 10. Out of hundreds of unfamiliar organizations, OWASP felt like a place where I at least understood the purpose.

As I explored further, projects like NEST, CRE, and BLT started popping up. I leaned toward NEST at first because I’m more comfortable with TypeScript. BLT looked really interesting, but I had zero experience with Django or Python.

And then came the twist.

The Blog That Changed Everything

I found a GSoC blog written by a contributor. They had built four security labs for the BLT project and the write-up was so friendly that it gave me confidence:

“I may not know the stack, but I can surely replicate this and extend it.”

That belief was strong enough for me to try. Plus, I knew I could use AI tools to understand things. How hard could it be?

Well… harder than I expected.

My First PR: The Reality Check

I replicated the labs, joined the Slack workspace, got confirmation, and made my PR in October:

The moment I asked for a review, reality hit.
Replication wasn’t as simple as copy → paste → commit.

I had:

• added irrelevant files
• failed pre-commit checks
• triggered Sentry and CodeRabbit warnings I didn’t even understand
• and generally made every beginner mistake possible

After a lot (and I mean a lot) of back-and-forth, and with patient help from the maintainer - Donnie, I finally cleared everything. One month later, the PR was merged. And that changed everything for me.

From Zero Momentum to Light Speed

Once that first PR got merged, it was a massive boost.

I started reading issues, picking tasks, opening PRs, getting reviews, fixing things, and before I knew it, I had multiple PRs merged in the same month. The slow start turned into full-speed progress.

We were also encouraged to review others’ PRs. I didn’t really know how to do that, so I watched how other contributors reviewed code and followed their patterns. Tools like CodeRabbit and Sentry helped; they taught me how to reason about code warnings.

I also started recognizing common patterns in the backend:

• N+1 query problems
• cache stampede issues
• repeated logic patterns
• places where optimizations were needed

I wasn’t an expert, but I was learning how to spot things. I used Copilot and CodeRabbit to understand unfamiliar parts of the repo and slowly built a mental map of its workflow.

Where I Am Now

From that first confused PR to today, the journey has been wild.
I now:

• understand the repo’s structure
• can navigate issues, commits, and workflows confidently
• know how reviews function
• contribute regularly
• and feel genuinely connected to the project

What started as a random attempt to explore open source turned into something meaningful that i want to continue growing in.