top of page
Search
Writer's pictureRay Alner
Nov 26, 20245 min read

Is Open Source Facing a Crisis? A Dive into Recent Trends

Open Source-a Changin

Over the years, I’ve worked with plenty of open source tools. Open source is really what makes the internet work. As I’ve been casually following open source, I stumbled across what is one of my favorite podcasts, the Open Source Security Podcast.

A recent episode I listened to was Episode 439 - Where are all the youth in open source? and Episode 447 - The Tidelift 2024 open source maintainer report. The discussion revolved around a report released by Tidelift exploring some key surveys completed in open source.

Why is this important? Open source is going a direction that I think it hasn’t gone since it became ubiquitous in modern computing.

Why is Open Source so Important?

Lets look at a report by OpenLogic. Even more so, take a look at the breakout on page 10. Look at the breakout of the question: What drove open source adoption in 2023?

You see what I’m looking? Industrialized economies— NOT developing economies— main purpose for adopting open source is cost.

Even on page 7 the report stated:

No license cost and overall cost reduction proved the most compelling reason to use open source software in 2023.

But even then, there are multiple reasons why open source is important and why it’s so ubiquitous in software today, but I want to focus on a story arc of one type that I think is one of the core reasons why open source is so popular today, especially in advanced economies.

Businesses (or even independent developers) that are starting up a project or product with little to no funding want to create a functioning product as quickly as possible. If they sit there for a year looking or designing the entire infrastructure from the ground up, they will run out of money before they release to make their money back. This is very true even now for large businesses who are designing tools or products. They need to prove profitability so they don’t get their funding cut off. This is especially true for more complex projects and tighter timeline products that need to be released due to business, or financial constraints, where designing something a new backend for each component of the new tool would be nigh impossible.

That’s where open source has been a boon for the software industry. I could come up with an idea, take a scope of the landscape now either through free or open source tooling, and implement a GTM solution quicker than I could have if I designed and created every component myself, especially if I am an independent or small team developer as many new projects are.

Here’s the thing. As the product grows, the open source components grows. If the product is incredibly popular, they aren’t going to reimplement the open source tools or typically re-invest back into the open source tool because they now have their own problems to solve and their own stakeholders who don’t see the benefit of spending time on evolving a tool they when they are the “customer”. The company is growing and having to deal with something that was already “not my problem” when they started isn’t a selling point for stakeholders or customers.

Now, lets lead to what’s changing in open source.

Changes in Open Source

So, why did I mention the Tidelift report? It’s important in this story. Stay with me.

First off, here are some key takeaways from the Tidelift report:

  • The age of maintainers are growing, and the age of maintainers under 26 has dropped from 25% to 12% and those between 56-66 has doubled.

  • Half of maintainers feel under appreciated with the work they do.

  • Paid maintainers would implement more security fixes.

  • Younger maintainers are more likely to use AI in their coding workflow.

The report contains numerous other insightful findings and is well worth reading for anyone interested in the current state of open source development.

Why is this important?

Businesses tend to see open source as a product that should be supported by its supplier, like any vendor, and the owner of the open source tool is an important part of their supply chain and should provide the support to the business when things fail or need updating.

Here’s the problem. Open source developers are not a vendor. Open source (traditionally) are not a product provided by a company. They are a tool created by someone who saw an issue and wanted to share the solution they came up with to the world.

Businesses, instead, saw this as free labor to exploit.

Now, open source has gotten so complex and open source developers are not as willing/able/don’t have the funding to continue to bend to the demands of corporate developers that demand enterprise level support at the same level they had in the past.

This is especially true with the security requirements put on open source developers, with some open source teams refusing to take contributions externally because of the risk to the supply chain. Think of the xz breach that almost turned nasty. In the developers own words:

“I haven’t lost interest but my ability to care has been fairly limited... it’s also good to keep in mind that this is an unpaid hobby project.”

Open-source developers never intended to maintain code for the benefit of profit-driven companies.

Their priority is ensuring these tools remain effective for the community they deeply care about, especially since they were created to address critical needs within that community.

Future Of Open Source

Open source has the potential to move one of two ways.

Maintainers can get paid for their work through contributions of time or money from the companies that use those services the most, encouraging younger developers to get interested in open source software instead of it being a “labor of love”.

Or

Open source projects grow, and get gobbled up by private equity, or private funding and get a market extraction value placed on them by these firms, accelerating the cost of software for everyone and reducing the profitability and accessibility for all.

I prefer the former.

Don’t get me wrong some open source projects need to move to being a paid product especially since enterprises needs are great and support in an open source system will always be small, but much of what open source is founded on is just “little” things that make the world go around that much better. Oh, and support literally the backbone of the internet.

OK, so there are a few ways businesses can help keep market value extractors at bay:

  1. Businesses who use open source in their paid software can take a share of their profits to support the open source software they use as if it was a paid product, but guess what, you get to set the value it has for your business. If you use 5% open source software in your product, consider 5% of your profits earmarked for supporting those developers.

  2. Businesses can contribute (if allowed) to the requirements they have for the open source components they use. It doesn’t all have to be money. With over 60% of projects (p. 6) being maintained by sole developers, the worst case for these businesses is the developer moves on and no longer maintains the project. Many hands make light work.

  3. Consider sharing your findings or ways you fixed a problem. I’m not a developer, but I do like to write and tinker, and writing the experiences of using an open source tool can be just as helpful to the community or to the developer as providing other resources.

Take a listen to the Open Source Security podcast episode 454. They bring in a bunch of great speakers about this topic and is well worth the listen.

Lets rise up TOGETHER and make sure the developers of these open source tools can get the support they need in whatever form they need so we can keep the internet as free and as accessible as and as SECURE as possible.

11 views0 comments

Recent Posts

See All

Comments

bottom of page