Taxpayer funding of open source initiatives is “inevitable” and need to be handled similarly to upkeep of the electrical infrastructure.
According to well-known members of the community, the open source ecosystem will soon require a regular stream of taxpayer financing to fix glaring resource deficiencies. A healthy software foundation will one day fall under the larger “government purpose,” with the public sector actively participating in stewardship, much like how maintaining electrical grids wasn’t within scope hundreds of years ago.
According to Amanda Brock, CEO of OpenUK, and Eric Brewer, VP of infrastructure at Google, who both talked to IT Pro at State of Open Con 2023, this is the case.
Long-standing financing issues in the open source community have widened the gap between heavily used but unmaintained packages that can contain vulnerable code and huge, well-maintained projects like Kubernetes.
For instance, the Log4Shell exploit in 2021 addressed an undisclosed vulnerability in the widely used Log4j Java logging framework maintained by the Apache Software Foundation (ASF). Many people claimed the project should have been better supported since extra funding and code reviewers might have made a difference.
However, there are divides and arguments within the open source community regarding what the ideal finance and maintenance model might look like in the future, particularly to prevent future security horror stories.
For instance, Rebecca Rumbul, CEO of the Rust Foundation, told attendees at State of Open Con 2023 that governments surely shouldn’t provide the majority or all of the funding for project maintenance. She thinks that more non-profit foundations, like her own, should be founded and funded in order to act as stewards for initiatives within the ecosystem, even though the public sector and businesses should both play some part.
