Why and How Companies Should Pay Open Source - Common Knowledge Scout

# Why Companies Should Pay Open Source Maintainers > [! note]- > The content of this page is generated by audio/video transcription and text transformation from the content and links of this source. Source: [https://fosdem.org/2025/schedule/event/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers/](https://fosdem.org/2025/schedule/event/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers/) <video src="https://video.fosdem.org/2025/k3601/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers.av1.webm" controls></video> ## Summary & Highlights: The session 'Why and How Companies Should Pay Open Source Maintainers' at FOSDEM 2025, presented by Vlad-Stefan Harbuz, emphasizes the importance of financially supporting open source maintainers to ensure the sustainability and security of the software ecosystem. Harbuz argues that companies depend heavily on open source projects, yet often do not pay the maintainers, leading to potential security vulnerabilities and instability. **The Importance of Paying Open Source Maintainers** The talk highlights how unpaid open source maintainers are critical to sustaining software that companies rely on. Without financial support, these projects face risks such as security vulnerabilities, exemplified by incidents like the XZ backdoor and Log4Shell vulnerability. Harbuz stresses that paying maintainers can lead to a more sustainable and secure software ecosystem. **Technological Solutions for Funding Maintainers** Harbuz introduces technological solutions like Thanks.dev, a platform that helps companies identify which open source projects they depend on and facilitates transparent financial contributions to maintainers. The session also discusses algorithmic techniques to better allocate funds based on project criticality, using metrics to ensure fair distribution. **Moral and Business Justifications** The session presents both moral and business arguments for why companies should pay maintainers. The moral argument frames open source software as a public good from which companies derive significant value, while the business argument highlights the benefits of a stable and secure software stack, as well as the marketing advantages of supporting open source. **Challenges and Open Questions** Harbuz acknowledges challenges such as determining which maintainers to pay and how much, and the potential for gaming the system. The talk invites community feedback to refine these solutions and encourages companies to adopt a cultural shift towards supporting open source maintainers. ## Importance for an eco-social transformation This session is crucial for eco-social transformation as it addresses the sustainability of the open source ecosystem, which is foundational to digital infrastructure worldwide. By ensuring maintainers are compensated, we can foster a more stable and secure technological environment that supports social and ethical values. For eco-social designers, platforms like Thanks.dev provide a model for transparent and fair financial contributions, encouraging collective responsibility and community support. However, challenges include ensuring equitable fund distribution and overcoming resistance from companies unfamiliar with these practices. There are also technical hurdles in accurately assessing project dependencies and criticality, requiring ongoing collaboration between developers, companies, and the open source community. ## Slides: | | | | --- | --- | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_001.jpg\|300]] | The presentation by Vlad-Stefan Harbuz focuses on the necessity for companies to financially support open source maintainers. Harbuz, with contributions from Barry Maguire, Carl Mildenberger, and Chad Whitacre, argues that paying maintainers is crucial for sustaining the open source ecosystem. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_002.jpg\|300]] | Vlad-Stefan Harbuz is involved in projects that combine software and philosophy for the public good. He is a maintainer of the Open Source Pledge and thanks.dev, a PhD researcher at the University of Edinburgh, and also a cat sitter. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_003.jpg\|300]] | The session introduces ideas and technologies aimed at making open source sustainable. Harbuz acknowledges that while he doesn't have all the answers, starting the conversation and exploring solutions is essential. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_004.jpg\|300]] | Open source components are present in 96% of codebases, contributing approximately $853 billion in value annually. However, the open source community captures only a small fraction of this value, highlighting the need for better funding strategies. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_005.jpg\|300]] | Critical open source software is essential for various applications, from watching YouTube videos to accessing medical records and space exploration. The absence of such software would significantly impact these areas. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_006.jpg\|300]] | Despite their importance, critical software projects are often maintained by unpaid individuals, posing a risk to their sustainability and security. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_007.jpg\|300]] | Critical open source software faces threats from security vulnerabilities like the XZ Utils backdoor and Log4Shell, underscoring the need for reliable maintenance and support. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_008.jpg\|300]] | Without financial compensation, maintainers struggle to support themselves, putting the projects they manage at risk and threatening the stability of the software ecosystem. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_009.jpg\|300]] | Maintainers often don't get paid because open source doesn't fit traditional market models, which are exclusionary. Open source is non-exclusionary, meaning it doesn't restrict access or usage. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_010.jpg\|300]] | Open source isn't currently a gift economy due to the lack of directedness, personalization, emotional engagement, and reciprocity. It also isn't solely based on esteem, similar to Wikipedia. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_011.jpg\|300]] | Open source producers benefit from their work, not through direct exchange but through the satisfaction of contributing to something greater, echoing Adam Smith's idea of self-interest driving contribution. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_012.jpg\|300]] | Open source production is framed as solidary meaningful work, where contributors create for the collective good, gaining autonomy, self-development, purpose, and recognition. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_013.jpg\|300]] | While solidary meaningful work is valuable, it doesn't necessarily translate into financial compensation, posing a challenge for those who rely on open source contributions. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_014.jpg\|300]] | Open source production offers advantages like a larger, more specialized contributor base, efficient production, and responsiveness to user needs, all of which are beneficial despite the lack of direct financial incentives. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_015.jpg\|300]] | Open source projects can achieve or exceed commercial quality, as acknowledged by Vinod Valloppillil, a Microsoft Program Manager, in 1998. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_016.jpg\|300]] | The session explores the reasons why companies should financially support open source maintainers. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_017.jpg\|300]] | The moral argument suggests that since open source software is a public good, companies benefiting from it should compensate those who maintain it. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_018.jpg\|300]] | Open source software is a digital public good, benefiting everyone. However, those whose business models rely on it benefit disproportionately, suggesting a moral obligation to support maintainers. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_019.jpg\|300]] | Companies profit significantly from the work of open source maintainers who do not receive equivalent financial benefits, prompting a moral appeal for compensation. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_020.jpg\|300]] | While a thorough moral argument is challenging, the emotional appeal to empathize with maintainers can be compelling, as emotions are intertwined with judgments about important matters. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_021.jpg\|300]] | The business argument for paying maintainers focuses on the practical benefits for companies, including profit and loss avoidance. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_022.jpg\|300]] | Companies that support maintainers can benefit from a larger, more efficient contributor base, a sustainable and secure software stack, and a positive marketing image as thought leaders. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_023.jpg\|300]] | Paying maintainers ensures a stable, secure software stack and positions companies as leaders in supporting open source, providing both practical and marketing advantages. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_024.jpg\|300]] | The session discusses methods for companies to identify and compensate the maintainers they depend on, addressing the practical aspects of financial support. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_025.jpg\|300]] | There is a distinction between aggregate funding models, which take a broader ecosystem approach, and company-specific funding initiatives like the Open Source Pledge and thanks.dev. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_026.jpg\|300]] | The Open Source Pledge suggests a contribution of $2000 per developer per year, with payments going directly to maintainers to ensure transparency and effectiveness. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_027.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_028.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_029.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_030.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_031.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_032.jpg\|300]] | Companies should focus on funding projects they depend on most, using criticality metrics to approximate usage and importance. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_033.jpg\|300]] | Determining which projects a company depends on most requires scalable methods with minimal effort, highlighting the need for efficient dependency analysis tools. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_034.jpg\|300]] | The concept of a confidential service that analyzes codebases to provide weighted dependency information is proposed as a solution for identifying critical projects. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_035.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_036.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_037.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_038.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_039.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_040.jpg\|300]] | | | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_041.jpg\|300]] | Instead of relying solely on manifests, static code analysis can be used to assess the criticality of dependencies, measuring coupling and complexity to determine funding priorities. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_042.jpg\|300]] | An example of code using Postgres and LeftPad illustrates how static analysis can identify the extent of dependency on each package, aiding in funding decisions. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_043.jpg\|300]] | The example demonstrates that 87.5% of statements depend on node-postgres, highlighting its criticality compared to less essential dependencies like left-pad. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_044.jpg\|300]] | The example shows that 37.5% of statements depend on left-pad, indicating its lower criticality compared to more integral dependencies like node-postgres. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_045.jpg\|300]] | Calculating the complexity of each package, scaled between 0 and 1, can further refine funding decisions, ensuring that more complex and critical packages receive appropriate support. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_046.jpg\|300]] | A table demonstrates how coupling and complexity scores can be combined to determine proportional funding, with node-postgres receiving a higher share due to its greater importance. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_047.jpg\|300]] | The final funding allocation example shows node-postgres receiving $95 and left-pad $5, reflecting their respective criticality and complexity. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_048.jpg\|300]] | The session encourages ongoing conversation and feedback, inviting participants to engage with the ideas presented and collect stickers as a token of participation. | ![[FOSDEM 2025/assets/Why-and-How-Companies-Should-Pay-Open-Source-Maint/preview_049.jpg\|300]] | The session concludes with a thank you note and an invitation to visit Vlad-Stefan Harbuz's website for more information. ## Links [Slides (PDF)](https://fosdem.org/2025/events/attachments/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers/slides/238493/Why_and_H_zbLJ7Sm.pdf) [Video recording (AV1/WebM)](https://video.fosdem.org/2025/k3601/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers.av1.webm) [Video recording (MP4)](https://video.fosdem.org/2025/k3601/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers.av1.mp4) [Video recording subtitle file (VTT)](https://video.fosdem.org/2025/k3601/fosdem-2025-4149-why-and-how-companies-should-pay-open-source-maintainers.av1.vtt) [Chat room(web)](https://fosdem.org/2025/chatrooms/fosdem-2025-4149) [Chat room(app)](https://fosdem.org/2025/chatrooms/fosdem-2025-4149/app) [Submit Feedback](https://fosdem.org/2025/feedback/fosdem-2025-4149) [Vlad's work](https://vlad.website) [thanks.dev](https://thanks.dev) [Open Source Pledge](https://opensourcepledge.org) [Issue tracker to discuss this talk and Open Source sustainability generally](https://codeberg.org/fosdem-2025/issues)