The open source software industry is booming, according to recent analysis, with organizations now investing around $7.7 billion in the ecosystem each year.
Researchers from GitHub, the Linux Foundation, and the Laboratory for Innovation Science at Harvard (LISH) found the median investment in open source now stands at $520,600 on a business-by-business basis.
This isn't all direct funding, however, with only 14% of this coming from direct financial contributions. Instead, the study showed 86% of investment comes in the form of labor contributions by employees and contractors working for organizations.
In fact, more than half of direct funding went to contractors, with 17% for specific projects and 16% to foundations. Communities and maintainers accounted for 4% each, and bounty platforms 1%.
Beyond code contributions, funding was most likely to be through donations, at 21%, foundation membership at 17%, or event sponsorship at 14%.
In a blog post via the Linux Foundation in December, authors Hilary Carter and Martin Woodward said identifying funding sources within the open source community was challenging.
This has been a long-running issue, they noted, with investment remaining an “opaque subject with limited visibility”.
"Organizations have blind spots when it comes to the specifics of their contributions. Many respondents knew where they contribute, but only a portion of those could answer how many labor hours went into their OSS contributions or the percentage of budget that went to OSS," they said.
"Second, the decentralized nature of organizational contributions, without explicit policies or centralized groups that encourage and organize this effort, make reporting even more challenging."
Organizations have varying levels of open source experience, the researchers found, with nearly 44% either having or wanting to create an open source program office. Only 21% contribute to projects, 18% release projects, and 16% influence projects via leadership or maintainer roles.
Four-in-ten firms contribute open source code daily and six-in-ten at least weekly. There doesn't appear to be any strong correlation between company size and frequency of code contribution, the study noted.
RELATED WHITEPAPER
"Very seldom do we contribute. We are a non-profit. If we were better funded we would allocate more resources to contribute back to the community but we already serve an underrepresented community," said one respondent.
Organizations are most likely to contribute in the form of bug reports (19%), features (19%), general maintenance (18%), and documentation (16%), with governance accounting for 7%, cybersecurity audits for 6%, and legal advice for just 3%.
Four-in-ten contributors are developers or software engineers with 17% being community or developer advocates and 11% in IT, sysadmin or DevOps roles. For most of these, open source is just part of their job.
Respondents were keen to access long-term open source funding streams for all aspects of project development - and said they weren't always getting it.
"We have created several popular and useful open source tools over the years. It is always a struggle to find funding for basic maintenance for these projects," said one.
"Funding sources like to pay for new features but not closing issues and basic maintenance. It would be good if the Linux Foundation had funding streams for this type of work for projects."
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Does speech recognition have a future in business tech?Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
-
‘Awesome for the community’: DeepSeek open sourced its code repositories, and experts think it could give competitors a scareNews Challenger AI startup DeepSeek has open-sourced some of its code repositories in a move that experts told ITPro puts the firm ahead of the competition on model transparency.
-
Flaws in a popular dev library could let hackers run malicious code in your MongoDB databaseNews A popular third party library of MongoDB could allow attackers to execute malicious code on company servers.
-
Want a return on your AI investment? Open source could be the key to successNews Organizations using open source AI tools are more likely to report a return on investment
-
AI 'slop security reports' are driving open source maintainers madNews Low-quality, LLM-generated reports should be treated as if they are malicious, according to one expert
-
"Markets do not stand still": The UK needs to up its game to fend off open source competitionNews Investment in the open source ecosystem needs to increase alongside broader government support
-
Reprieve for open source industry as agreement reached on Cyber Resilience ActNews The Cyber Resilience Act has been maligned by open source advocates across Europe
-
Application performance management for microservice applications on Kuberneteswhitepaper How to improve business-critical app performance in a Kubernetes environment
