Doodles

#sustainability

The Hidden Cost of Free: Why Open Source Sustainability Matters

Author

BekahHW

Clock

8 mins read

Cover

According to Manuel Hoffmann, Frank Nagle and Yanuo Zhou, in The Value of Open Source Software for the HBS Working Paper Series:

We estimate the supply-side value of widely-used OSS is $4.15 billion, but that the demand-side value is much larger at $8.8 trillion. We find that firms would need to spend 3.5 times more on software than they currently do if OSS did not exist. The top six programming languages in our sample comprise 84% of the demand-side value of OSS. Further, 96% of the demand-side value is created by only 5% of OSS developers.

This figures alone should alert us to the critical importance of open source software. But somehow, despite this incredible value, the open source ecosystem still faces major sustainability challenges that will impact its future, and us all.

Beyond the numbers, open source enables innovation, creates opportunities for global collaboration, and provides critical digital infrastructure relied upon by businesses, governments, and people around the world. Projects like the Linux kernel, Python, Kubernetes, Node.js, and countless others create the foundation for everything from cloud computing and AI to mobile apps and IoT devices.

Despite the advancements we've made via open source, we're still facing a crisis of sustainability. As Nadia Eghbal outlined in “Working in Public,” open source often suffers from a tragedy of the commons: while everyone benefits from open source software, the burden of maintaining it falls on a small group of often unpaid or underpaid individuals.

Understanding the Tragedy of the Commons

The tragedy of the commons originates from economics and ecology. It describes a situation where individual users, acting independently according to their own self-interest, deplete or use up a shared resource, even though it's not in anyone’s long-term interest for this to happen. The “commons” refers to resources available to all members of a society, like air, water, or, in this context, open source software.

Application to Open Source Software

In open source, the “commons” is the collective body of software that is freely available for anyone to use, modify, and distribute. While this model encourages innovation and reduces barriers to entry, it also presents challenges:

  1. Unequal Contribution to Benefit Ratio: Many organizations and individuals use open source software in their products and services, gaining significant benefits in terms of cost savings and faster development. However, the responsibility of maintaining and updating these projects often falls on a small group of maintainers who may not receive adequate compensation or recognition for their work.
  2. Maintenance Burden: As software projects grow in popularity, the demands on maintainers increase. They have to address bug reports, security vulnerabilities, feature requests, and support inquiries, which can become overwhelming without sufficient resources.
  3. Sustainability Challenges: Without proper funding or support, maintainers may experience burnout, leading to neglected projects. This can result in security risks, decreased software quality, and ultimately, a decline in the utility of the software for all users.

To learn more about what happens when maintainers leave a project, check out The Silent Crisis in Open Source: When Maintainers Walk Away.

Economic Implications

The difference between those who benefit from open source software and those who maintain it raises economic concerns as well:

  • Free Riders: Companies often use open source software extensively without contributing back, either through code contributions, funding, or other support.
  • Lack of Incentives: The traditional market mechanisms that incentivize product improvement and maintenance are weaker in open source projects, because the software is freely available.

The tragedy of the commons in open source software reflects an imbalance between widespread usage and concentrated maintenance responsibilities. While everyone benefits from the collaborative and open nature of these projects, without proactive measures to support maintainers, the sustainability of open source is at risk.

Let's think about this from another perspective. What if our fire departments were all volunteers. They spend the countelss hours training, they're often on call 24/7 to protect our communities from fires and other emergencies, and they aren't paid.

But we also need to recognize that companies build skyscrakers, factories, and complexes that are also protected by these unpaid firefighters. In this scenario, these companies also might be able to forego fire safety systems and insurance, while they still get the benefits of the volunteer labor of the firefighters.

The firefighters would probably have to find a way to bring in income to pay their own bills, so they may end up being exhausted from essentially working two jobs - including one that's incredibly physically demanding. So now, we're left with exhausted fire fighters who might end up making mistakes, having a slow response time, or may be burnt out and quit.

It's pretty clear that this is not a safe situation. And yet, this is what we're accepting in open source. We're creating an environment that's setting us all up for failure.

The Challenge of Funding and Recognition

Part of the sustainability problem is the funding crisis. The 2024 Tidelift State of the Open Source Maintainer Report reveals that 60% of maintainers remain unpaid for their work. Considering the importance maintainers play in maintaining the digital infrastructure that powers our world, this lack of financial support is problemmatic at best.

The Tidelift report also showed that maintainers overwhelmingly prefer predictable, recurring income over one-time payments to better manage their ongoing work. So even when funding is available, it may not be given in a way that best supports the maintainers who need it most.

In “Working in Public: The Making and Maintenance of Open Source Software,” Eghbal emphasizes how open source maintainers are often underappreciated and face burnout. She argues that maintaining a healthy ecosystem requires both financial support and community appreciation for those who contribute regularly. The invisible labor behind these projects keeps them operational and secure, but it often goes unrecognized.

The OSS Pledge: Sentry’s Model for Direct Impact

Sentry’s OSS Pledge serves as a model for how companies can take concrete steps to support open source sustainability. The Pledge calls for companies to pay a minimum of $2000 per year per full-time equivalent developer on their staff to open source maintainers of their choosing. This approach aims to create a new social norm in the tech industry of companies paying open source maintainers directly, addressing the one of the root causes of maintainer burnout and related security issues.

While other forms of support like hiring developers to work on open source or providing in-kind gifts are valuable, the Pledge emphasizes the importance of direct cash payments. This focus ensures that underpaid and overworked maintainers of critical open source projects can pay their bills, leading to a healthier, fairer, more stable, and more secure open source ecosystem.

Open Source and Sustainable Development

It's not just economic and technological impacts that make open source important; open source has the potential to play a major role in addressing global challenges. The Linux Foundation’s Open Source for Sustainability report examines how open source projects can significantly advance the United Nations Sustainable Development Goals (SDGs).

For instance, projects like AgStack help farmers make data-driven decisions to increase yields, contributing to goals like Zero Hunger and Responsible Consumption. Open standards, open AI models, and open data allow for more collaboration, reduce waste, and improve transparency across various sectors.

However, to be able to actualize this potential, we have to prioritize the sustainability of both the projects and their maintainers. According to Eghbal, the perpetual nature of open source development needs continuous support, because without it, these projects are at risk of stagnation or worse, abandonment.

The Security Imperative

The sustainability crisis in open source isn’t just about funding—it’s also a matter of security. The Tidelift report reveals that paid maintainers are significantly more likely to implement critical security practices. This is becoming more and more important as security threats continue to grow in sophistication. (Read more about new legislation to improve cybersecurity for NASA.)

The Log4j vulnerability heightened concerns, with many maintainers feeling less trustful of contributors. We need secure, well-maintained projects. Paid maintainers can generally spend more time on security improvements and maintenance.

Eghbal points out that many essential open source projects are maintained by individuals or small teams with limited resources. This fragile support system can make widely-used software vulnerable to security breaches, as maintainers may not have the bandwidth to address every vulnerability or request. Prioritizing financial and structural support is necessary to decrease these risks.

Solutions

So, what can be done? First, we need a paradigm shift in how we think about and support open source work. Companies that benefit from open source need to step up their financial support. The Linux Foundation’s work in creating funding models and governance structures for open source projects is a step in the right direction, but we need more widespread adoption is needed.

Governments also have a responsibility to consider the long-term impact of their dependence on open source. Recognizing open source as critical national infrastructure and providing funding and support could help ensure its long-term viability.

For individual developers and users of open source, consider contributing back—whether through code, documentation, or financial support. If you're in a position to influence your company's policies, advocate for supporting open source projects through consistent sponsorships or by creating employee time for contributions to the projects they use.

Take time to look at and understand your dependencies. Create an SBOM Workspace and look at the security ratings of your dependencies. Identify the lottery factor of the projects. If you see there's a high lottery factor, then those projects might need to be the priority for your support.

image

Takeaways

The open source model has created an amazing history of technological innovation and collaboration. But like any commons, it requires stewardship and support to thrive. The sustainability of open source is not just a technical issue — it’s a societal imperative. Working together — companies, governments, developers, and users — we need to make sure that the open source ecosystem continues to make progress.

Recognizing the “invisible labor” involved in open source is a first step toward making sure that the individuals behind these projects can continue their work without facing burnout. Let's elevate the status of maintainers and give them the recognition and support they deserve.

BekahHW profile picture

BekahHW

Bekah graduated from a coding bootcamp in May of 2019 and since then has spent time as a frontend developer, started the Virtual Coffee tech community, spent time in DevRel and has continued to mom her four kids. She currently co-hosts the Compressed.fm and Virtual Coffee podcasts, lifts heavy things in her free time, & works as the Developer Experience Lead at OpenSauced.

Recent Posts

Cover
Author

bdougie

Time

2 mins read

OpenSauced joins Linux Foundation, making AI-powered open source analytics freely available while expanding beyond GitHub to serve the broader open so...

Cover

#kubernetes

Author

John McBride

Time

5 mins read

How the OpenSauced engineering team made a near-zero downtime migration to Microsoft Azure