Companies large and small are committing funds to support the maintainers of key open source software projects in the wake of high-profile vulnerabilities such as Log4j, Heartbleed, and Shellshock.
Despite most software today being underpinned by open source projects, their developers and maintainers are often unpaid volunteers working in their spare time. For example, Apache’s Logging Services team of 16 unpaid volunteers is responsible for maintaining the popular Log4j logging framework, which was recently the subject of a major vulnerability.
Researchers at Harvard University recently published a census of free and open source (FOSS) software, with the aim of helping the industry better decide which projects need the most support and protect against high-profile vulnerabilities, but financial support for those projects has been slow to follow.
Spotify launches Free and Open Source Software Fund
In April, Swedish streaming giant Spotify launched a €100,000 ($105,000 USD) Free and Open Source Software Fund to help pay maintainers of independent projects nominated by Spotify R&D engineers.
“We will target projects that are independent, actively maintained, and aligned with our company values. These will be projects we can be proud to support and where we feel our support can make the most meaningful and impactful difference,” Per Ploug, open source tech lead at Spotify wrote in a blog post. The projects will be nominated by Spotify developers, engineers, researchers, and data scientists, then chosen by a fund committee and announced later in May.
“I want to emphasize that [€100,000] is just a starting amount,” Ploug wrote. “Just like with any new program, we want to test and validate before we deploy more broadly. We’re using this initial amount to help us learn what kind of impact we can make.”
Appwrite establishes Open Source Software Fund
Shortly after, on May 6, fast-growing open source backend-as-a-service startup Appwrite launched an Open Source Software Fund which will pay forward $50,000 to open source maintainers this year.
“I know what it’s like to spend long hours in front of your computer, putting your blood, sweat, and tears into something you love and that is also benefiting thousands or even millions of people around the world,” said Appwrite founder and CEO Eldad Fux. “I’ve known all along that we would use some of Appwrite’s success and investment to support other developers and maintainers just like me, to give back in order to look forward. We hope our contribution can make a difference.”
Appwrite is open to applications for the fund and recipients will be chosen by its developer relations team over the course of the year.
The $50,000 fund is being launched shortly after Appwrite raised a $27 million Series A funding round, with investors backing the idea.
“Funding and sustaining open source software for decades to come is going to require many solutions. What Appwrite and Eldad are doing could be the start of a trend, where we see developers supporting developers to build a better, more equitable and sustainable open source ecosystem,” said Chip Hazard, a general partner at venture capital firm Flybridge, which participated in the funding round.
Will others follow suit?
Other companies have called for more support for open source maintainers, without making direct financial commitments of their own.
Josep Prat, open source engineering manager at cloud database specialist Aiven, said he is “thrilled to see large companies wake up to the need to support open source projects,” and that “we at Aiven will be paying particular attention to which projects will benefit the most from Spotify’s fund.”
Aiven says it has established an Open Source Program Office to help support key open source projects, but will not be providing direct financial support to these projects at this time.
“Finance is absolutely part of the sustainable maintenance of many independent open source projects. More companies need to take Spotify’s lead and implement multiple avenues of support for open source projects,” Prat said.