“Michelangelo Presents Lorenzo il Magnifico his Faun Bust” (detail) by Ottavio Vannini, 1635. Lorenzo de’ Medici was a powerful magnate, politician, and patron of the Italian Renaissance, especially known for supporting the work of Botticelli and Michelangelo. A couple of years ago, epitomized a massive sustainability problem for critical parts of the internet infrastructure. The bug, which affected the popular OpenSSL cryptographic software library, notably and . Heartbleed open source compromised the confidentiality of 4.5 million US patient records cost the industry an estimated $500M It was soon revealed that the root-cause of the issue was that the OpenSSL project was . precariously understaffed Open source sustainability became a major theme overnight. Stories of maintainer burn-out made the headlines. And tentative solutions started to emerge. Funding open source A few key projects received direct funding from top industry players, notably through the which was formed as a response to the Heartbleed crisis. Core Infrastructure Initiative “Gaius Maecenas Supporting the Arts”, Gerard de Lairesse, date unknown. Maecenas was a notable patron of poets, such as Horace and Virgil. Many languages still use the term “ —derived from Maecenas—for patronage. mecenate” But for the vast majority, charity-based contributions (patronage) was the only available option. were able to leverage their to carve out a revenue stream large enough to work on open source part time or even full time. But these were few and far between. A few smart developers network For most projects, contributions were—and still are—a trickle. , one of the biggest platform in this space, , more than a quarter of which goes to . Open Collective barely collects $1M a year a single project Furthermore, addressing the issue of open source sustainability by funding developers to work on code full time creates an undesirable dichotomy between makers of open source software on one side, and consumers of open source software on the other. . Misaligned incentives abound Let’s face it, patronage isn’t the silver bullet some make it out to be. It’s a great option for those who want to focus exclusively on open source work for a while. It’s not, however, a scalable solution to open source sustainability. But if patronage isn’t the solution, what is? Is there no other way to keep open source software afloat? Is it doomed by the tragedy of the commons? Value beyond the code To find a solution to open source sustainability, we have to better understand the value of open source. When we think about the value of open source, we often focus on the code itself, on the program that can be run. In doing so, we forget that this program is the output of a process. An extremely complex process that brings together people of competing companies; of different race, ethnicity, and gender; and of varying abilities and experience; to build software. This process trains developers. Spreads good practices. Keeps them up to date on current technology. Creates networks. Fosters leadership and empathy. It is so unique in its ability to level-up developers that the single most asked question to potential hires is: “What’s your GitHub handle?” And while it’s obvious to companies that open source experience is paramount, the same companies are often oblivious to its corollary: Being able to practice open source is critical to the very developers they want to hire. How else can they stay competitive? Burning the midnight oil only goes so far. as part of their day job In April 2016, a I created on the topic got more than 2000 replies (my surveys barely attract 100 respondents, generally). 65% percent of respondents answered that being able to release and contribute to open source software as part of their full time job was extremely or somewhat important against only 18% who said it was not important at all. More recently, Cory House ran a similar poll and got similar numbers. Twitter survey Cory House’s Twitter poll on contributing to open source as a full-time employee. Yet, few companies leverage the ability of open source to make them more desirable to candidates, help them retain and foster their existing talent, and drive a better engineering culture. Those who do reap the benefits, while others simply leave money on the table. Making open source sustainable won’t happen through patronage. It’ll happen by making companies better understand the value of having a real open source strategy and execute on it. While that seems like a hard thing to do, there is a precedent. Two decades ago, most companies where to use open source as they are now to contribute to it. Our job today, is to show them that the ROI of to open source is just as good as the ROI of using it. just as cautious contributing Xavier Damman Thanks to Chris Aniszczyk and for reading a draft of this.
