Open source software (OSS) is the bedrock of the digital economy. It’s estimated to comprise 70%-90% of modern software solutions. The adoption of OSS into organisations is both deep and wide. Organisations that have already integrated OSS are increasingly deploying it into new areas of digital operations, often replacing functions served by proprietary software.
At the same time, OSS usage cuts across industries, from education to transport and not merely technology. Businesses of all sizes are choosing to deploy OSS not only because it’s a feasible option, but because OSS offers unique benefits to their business. The 2022 State of Open Source report found that 77% of organisations increased their usage of OSS in 2021, with 36% increasing usage significantly.
Unfortunately, the long-held concern over OSS sustainability continues. How can the development and maintenance of OSS receive the crucial ongoing support it needs to continue serving not just governments and businesses but indeed whole societies that benefit and even depend on it?
A fragile foundation
At its foundation OSS development is done almost entirely by volunteers, who freely give their personal time to work on OSS projects - think wikipedia, but for software. Many OSS projects serve the needs of organisations of all sizes, including among the very largest in the world, whilst being maintained by developers who lack almost any kind of financial or institutional support.
Businesses and governments across the world make extensive use of OSS yet many have little understanding of how the software they rely on is developed and maintained in the first place. For example, GitHub estimates that over one billion websites rely on OpenSSL for securing network connections, including the likes of Google and Facebook, yet the project has a core team of only 18 maintainers. The rapid digital consumerism of OSS adoption has not been met with the level of support it needs to sustain itself.
Commercial enterprises that rely on proprietary software can often put pressure on suppliers when features and fixes are needed. It’s hard to leverage that same kind of pressure on a community which has chosen to freely give their time and resources. But in such cases, any pressure may mean those developers are unable to keep up with requests, leading to burnout. They may even leave the project altogether, with the hope that other volunteers may step in to help.
Given a system which relies almost entirely on free labour and self-motivation it’s easy to see that this ‘way of working’ isn’t one that can be sustained indefinitely. The problems arising from a lack of sustainability may result in, at ‘best’, a slow down in digital innovation and at worst leaving gaping security vulnerabilities left exposed for longer. OSS has had its share of high-profile security issues such as the recent Log4j and Heartbleed vulnerabilities, which highlight the fragility of a system on which much of the modern world runs.
Where are we now?
Whilst OSS sustainability has been a concern for many years, the 2016 ‘Road and Bridges’ report written by Nadia Eghbal is seen as a crystallisation of the sustainability problems facing OSS as well as offering ways to remedy the situation. By this point, however, the report is several years old so it’s worth understanding how the sustainability issue has changed.
Financial support initiatives
A sustainable way to compensate developers has long been sought. Some fresh attempts to address the problem of financial support for OSS have been made in the last few years including the development of new funding models as well as adapting existing ones.
GitHub Sponsors, for instance, launched in 2019 to enable donations to open source projects and their maintainers and was later expanded to allow corporate sponsorship. Through this expansion, GitHub emphasises to organisations that they should recognise the importance of their ‘digital supply chain’, encouraging them to give back to the solutions that serve their business needs. Financial support in OSS has typically taken the form of one developer donating to another, yet incentivising and enabling commercial enterprises to support projects can enable much larger amounts of funding to flow into OSS.
Outside of the technology world, some financial support has started to filter through from other industries. In 2019, employment website Indeed, launched the FOSS Contributor Fund, whilst earlier this year, music streaming giant, Spotify launched its Free and Open Source Software (FOSS) Fund to support and pay developers of projects nominated by the Spotify R&D department.
Sponsorship and donations have been one of the most common ways to support OSS projects. OSS foundations also play an important role in financially stewarding the support of OSS but operate in a slightly different way than directly giving to projects. Instead, they seek to raise funding for the foundation itself, and in turn, distribute the funds among the projects it supports. Some of the largest foundations require ongoing funding to help support 100s of projects at the same time. The Apache Foundation, for example, supports more than 200 OSS projects, The Linux Foundation, over 400 and the Eclipse Foundation over 300 projects.
Leveraging the financial muscle of corporate organisations will hopefully help keep at least certain projects viable. Understandably, commercial businesses have a vested interest in supporting the OSS they use and it’s encouraging to see dedicated funding coming from such organisations. But given the dominance of certain projects, most financial support may end up going to the biggest projects or to a relatively narrow set of open source projects.
Emerging open source models
Of course, financial support is welcome and needed but it alone is unlikely to sustain OSS development in the long term. Some argue what’s needed are entirely new business models.
For instance, Tidelift has developed a type of managed services model for OSS enabling organisations that use OSS to receive direct support from a growing group of maintainers Tidelift has partnered with. Tidelift effectively provides organisations with dedicated support for their digital supply chain. Organisations subscribe to a paid management plan through which the maintainers who work on their products earn financial compensation. In this way, Tidelift helps to compensate maintainers whilst providing organisations with the assurance of reliable professional-grade software.
“Open source doesn’t just need ‘funding.’ It needs a better business model that works for creators and users alike, at massive scale,” - Donald Fischer, Co-Founder of Tidelift.
Open Collective, created in 2017, functions like a crowdfunding platform, except the support goes deeper. Open Collective connects OSS projects with those interested in financially supporting them by providing those projects with fundraising tools, helping them to pay their expenses and accepting sponsorship. By essentially taking care of financial administrative operations, they allow OSS projects to get on with the business of development whilst helping them raise and manage the funding they need.
Such new models are examples of the kinds of creative solutions OSS perhaps needs and so far appear promising yet they are still in their relatively early stages. Central to the idea of sustainability is something that is able to be supported continuously. More time, therefore, may be needed before a judgement can be made as to how effective such newer endeavours may be.
Other models, however, have been established for longer and proven to be relatively more successful than others but may only just be showing signs of fragility. The open core model in which a free ‘core’ version of the software is made available alongside paid-for add-ons which extend the functionality of the core offering, is one of the more successful models with companies such as Docker and Elastic both having grown hugely using an open core approach.
Yet concerns remain that open core brings with it some of the same constraints that already exist with proprietary software. For example, restricting or preventing community contributions from extending the core product to the point it ends up competing with the paid-for features or creating a type of ‘vendor lock-in’. Perhaps ironically, open core may to some extent work against the ethos of OSS offsetting its unique benefits such as the speed of developing new features by being constrained by more commercial goals. In recent years, Elastic is a company whose use of the open core model blurs the spirit of open source development, to the extent that it’s questionable whether the project can still be called open source.
Beyond financial support
Perhaps naturally, the conversation around sustainability tends to centre around funding. However, sustainable OSS requires a more holistic approach.
Open Source Program Offices (OSPOs) are one way that organisations can assess their wider relationship with OSS and understand its importance to their business. OSPOs can help to foster investment in OSS in important non-financial ways such as making OSS contributions and participating in the OSS community. Though not a new concept, the number of OSPOs in organisations has been increasing. A 2022 report backed by the Linux Foundation found that 63% of respondents view OSPOs as critical to engineering success. It also reported that OSPOs are continuing to be adopted across industries and not just in technology, reflecting that more businesses are taking the value of OSS seriously and no longer simply ‘free-riding‘. Whilst the number of OSPOs is growing they still represent a small percentage of all the businesses that use OSS.
Human capital, as well as financial capital, is crucial to sustainability goals. Ensuring the continued success of OSS also requires that maintainers and contributors feel they are able to retain the capacity to contribute to projects. There’s some evidence that corporate support of employee contributions has been increasing in recent years. The 2020 FOSS Contributor Survey found that an increasing number of companies are implementing policies allowing employees to freely contribute to OSS. Additionally, just over half of respondents said they were paid by their employer for some of the contributions they make.
Certainly, this is the kind of ‘corporate backing’ many hope to see; an appreciation for the value of OSS followed by concrete measures to support contributions. Yet there still remain several concerns which may impact OSS projects. These include whether employers will push their employees to work on projects which most benefit the business rather than everyone who uses them, the impact there might be on a project if an employee is redeployed to work on proprietary software projects, or what may happen to a project if an employee is simply no longer paid to work on it.
Even where contributors are paid, for most making money isn’t their primary motivator. If it was, we probably wouldn’t be enjoying the benefits it brings us today. There’s often a fundamental difference in values between those who produce OSS and those who consume it. Aaron Stannard suggests a misalignment in mindset between the two groups. For those who use OSS, it’s easy to adopt a “take, take, take” attitude to solutions which are freely available, whilst the producers of OSS are typically motivated by reasons which aren’t commercial, such as the satisfaction that comes from creating something useful
Overall, some worry that corporate involvement in OSS may just become self-interested. Organisations need to ensure they protect the ethos and culture of the open source movement as they strive to support it.
A community of reciprocity
Just as technology itself is ever-evolving, tackling OSS’s sustainability problems continues to yield new solutions and ideas. Yet the sustainability problem is far from solved or perhaps even alleviated. New ideas in recent years may prove to be successful avenues of sustainability worth replicating but at the moment it’s too early to tell. And where progress has been made, it should perhaps come as no surprise that the greatest efforts have come from the technology industry itself.
Tackling sustainability problems with OSS will likely take multiple approaches, where different solutions exist side by side. As OSS is fundamentally fueled by its community of producers, addressing sustainability issues will need to involve its community of consumers beyond the technology industry.
If the community of those that use OSS work with and for the benefit of those who produce it, a reciprocal exchange of development and support can exist in much the same way as a living ecosystem’s able to thrive through the interdependence, of all who participate in it, on each other.