Dan Lorenc’s Post

View profile for Dan Lorenc, graphic

Software Supply Chain Security

CONTENT WARNING: Data that conflicts with commonly repeated tropes around OSS sustainability. The LF/Harvard Open Source Funding Survey is out, and the results are going to shock many people because they don't align with the common narratives of big tech companies ruthlessly pillaging OSS for profit. The highlights are right here: * Organizations contribute $7.7 billion USD annually to open source software * The majority (86%) of contribution value is employee labor. I'm sure the comments will be fun on this one! As I've said over and over again, simply "hoping" organizations will pay more for random pet projects out of the goodness of their hearts is silly and naive. The funding is there, and it's already coming from large enterprises. (Full link to the study in the comments) #oss #sustainibility #opensource #linuxfoundation

  • No alternative text description for this image
Joseph W.

Co-Owner at QuiNovas, EchoStream and ReliQuery.io

1w

That’s a good start. But it’s also pretty small considering the scope and impact of OSS. For comparison, Google’s R&D budget last year was $45B - about 6x what you’ve quoted here.

John Mark Walker

Open Source Transformation Leader - Enterprise Product, Open Source, and InnerSource Ecosystems

1w

Thanks for posting, Dan. I think if you look at the total value derived from open source, it's in the trillions, and if you look at the total cost of maintenance, it's at least in the 10s of billions and probably >100 billion. By that metric, corporate contribs are paltry and pale in comparison to the actual need. The fact of the matter is that few companies step up to provide the basic blocking and tackling required to maintain things like dependency repos, maintainer compensation, etc. The most critical open source dependencies are still largely maintained by non-paid developers. On the positive side, I'm glad to see some form of contribution, but the prevailing thought that most companies don't pay their fair share is very much valid.

☁️ Francesco ☁️ Cipollone

Reduce risk - focus on vulnerabilities that matter - Contextual ASPM - CEO & Founder - Phoenix security - 🏃♂️ Runner - ❤️ Application Security Cloud Security | 40 under 40 | CSA UK Board | CSCP Podcast Host

1w

I think this is a new and good view but might direct away from the actual problem that is support (continuous) of packages. Patch and support. Open source support is spotty and every package should have an enterprise support or someone that support for a fee the open source packages

Kyle Kelly

Software Supply Chain Security

1w

Are you sure “The majority (86%) of contribution value is employee labor” is being interpreted correctly? From the looks of it, the research is saying “of the total employee contributions, 86% are in the form of labor, as opposed to $$$.”

Chris H.

CEO @ Aquia | Chief Security Advisor @ Endor Labs | 2x Author | Veteran | Advisor

1w

Interesting metric for sure. Especially when contrasted with another Harvard study/publication that estimates open source demand-side value to be $8.8 Trillion (yes, with a T). Looking forward to digging into the report and seeing how much of the contributions are emoloyeee labor/involvement vs. financial contribution to maintainers. I know Tidelift and others have some good insights here too. https://www.hbs.edu/faculty/Pages/item.aspx?num=65230

Wow, what a surprise

Like
Reply
Alexander Gallagher

Tech Industry Leader | Open Source, Cloud and Cybersecurity

1w

Standby for a shake up here..🤐

Dave Neary

Director of Developer Relations at Ampere Computing

1w

It's like I always say: The number one business model for open source developers is getting a job. It's the most reliable way to make a profit from your labour.

See more comments

To view or add a comment, sign in

Explore topics