The open source software industry is booming, according to recent analysis, with organizations now investing around $7.7 billion in the ecosystem each year.
Researchers from GitHub, the Linux Foundation, and the Laboratory for Innovation Science at Harvard (LISH) found the median investment in open source now stands at $520,600 on a business-by-business basis.
This isn't all direct funding, however, with only 14% of this coming from direct financial contributions. Instead, the study showed 86% of investment comes in the form of labor contributions by employees and contractors working for organizations.
In fact, more than half of direct funding went to contractors, with 17% for specific projects and 16% to foundations. Communities and maintainers accounted for 4% each, and bounty platforms 1%.
Beyond code contributions, funding was most likely to be through donations, at 21%, foundation membership at 17%, or event sponsorship at 14%.
In a blog post via the Linux Foundation in December, authors Hilary Carter and Martin Woodward said identifying funding sources within the open source community was challenging.
This has been a long-running issue, they noted, with investment remaining an “opaque subject with limited visibility”.
"Organizations have blind spots when it comes to the specifics of their contributions. Many respondents knew where they contribute, but only a portion of those could answer how many labor hours went into their OSS contributions or the percentage of budget that went to OSS," they said.
"Second, the decentralized nature of organizational contributions, without explicit policies or centralized groups that encourage and organize this effort, make reporting even more challenging."
Organizations have varying levels of open source experience, the researchers found, with nearly 44% either having or wanting to create an open source program office. Only 21% contribute to projects, 18% release projects, and 16% influence projects via leadership or maintainer roles.
Four-in-ten firms contribute open source code daily and six-in-ten at least weekly. There doesn't appear to be any strong correlation between company size and frequency of code contribution, the study noted.
"Very seldom do we contribute. We are a non-profit. If we were better funded we would allocate more resources to contribute back to the community but we already serve an underrepresented community," said one respondent.
Organizations are most likely to contribute in the form of bug reports (19%), features (19%), general maintenance (18%), and documentation (16%), with governance accounting for 7%, cybersecurity audits for 6%, and legal advice for just 3%.
Four-in-ten contributors are developers or software engineers with 17% being community or developer advocates and 11% in IT, sysadmin or DevOps roles. For most of these, open source is just part of their job.
Respondents were keen to access long-term open source funding streams for all aspects of project development - and said they weren't always getting it.
"We have created several popular and useful open source tools over the years. It is always a struggle to find funding for basic maintenance for these projects," said one.
"Funding sources like to pay for new features but not closing issues and basic maintenance. It would be good if the Linux Foundation had funding streams for this type of work for projects."
