The open source ecosystem will soon need a steady stream of taxpayer funding to resolve glaring resource gaps, according to prominent figures in the community.
Much like maintaining the electrical grids wasn’t within scope hundreds of years ago, maintaining a healthy foundation of software will one day fall under the broader “government mission” with the public sector playing an active role in stewardship.
That's according to Eric Brewer, VP of infrastructure at Google, and Amanda Brock, CEO at OpenUK, who spoke to IT Pro at State of Open Con 2023.
“Historically, there’s been generic non-financial support of open source, and use – governments are big users of open source – for lots of good reasons,” said Brewer, who’s also a professor of computer science at the University of California, Berkeley.
“We’re just starting to see the hints of this larger thing that I think is inevitable, which is: Do governments view it as part of their role to support things like open source as part of the government mission?”
The open source ecosystem has long been suffering a funding gap, which has exacerbated a divide between well-maintained large-scale projects, like Kubernetes, and widely-used but unmaintained packages that may be littered with vulnerabilities.
The increasing need for environmental intelligence solutions
How sustainability has become a major business priority and is continuing to grow in importance
An undiscovered flaw in the widely used Log4j Java logging framework maintained by the Apache Software Foundation (ASF), for example, was targeted by the Log4Shell exploit in 2021.
Many argued the project should have been better funded, with more resources and more eyes on code potentially making a difference.
“We have to be sure the money goes across all of the projects - not just the hip or the cool ones - or the ones everyone’s using,” Brock, added, speaking to IT Pro. “Because there are lots of different people with very different things that need to be supported, so we need to find a way that’s quite broad that allows the funding to go into the ecosystem.”
Within the open source community, however, there are divisions and disagreements about how what the best model for funding and maintenance might look like in future, particularly to avoid future security horror stories.
Rebecca Rumbul, CEO at Rust Foundation, for instance, told delegates at State of Open Con 2023 that governments absolutely should not be the sole or majority funder for the maintenance of projects.
She believes that while the public sector should play some role, as should corporations, more non-profit foundations, like her own, should be established and funded to serve as stewards for projects within the ecosystem.
