Thank you so much.
It is a delight to be here.
I spent years at FOSDA fighting the end of the community room because it was in a tiny
room and you couldn't get in and I was like, well, if I have to speak to get in, I will,
it looks like we have a nice big spot now.
That is much better.
Let's talk about the state of free and open source funding.
I am Cara Soles.
I work with GitHub.
I work with open source maintainers.
It is my role to advocate internally at the company and externally for the needs of maintainers.
I also ran the inaugural cohort this past year of the GitHub accelerator, which I will
speak some about and a bunch of other maintainers seeing activities.
Which means because I am speaking with maintainers a fair amount, money just keeps coming up.
So I am here to talk about money.
I will talk about a number of different ways the money flows through the ecosystem, including
FOSC contributor funds, grant funding, individual sponsorships.
But I want to be extremely clear.
We are just talking about cash today.
As Mike McQuade said in this room earlier, the majority of what projects need is not
money.
You cannot solve your problems by throwing money at it no matter how much I might try.
Most of the things that folks need are not cash.
But we have only got 30 minutes, so we are going to talk just about cash.
There is also big money dollar value in open source.
Here you have the European Commission in 2021 saying companies in the EU invested around
1 billion euros in open source software in 2018, which brought a positive impact on the
European economy of 65 to 95 billion euros.
We predicted an increase of 10% in contributions would annually generate an additional 0.4
to 0.6% GDP.
So there is money going on.
But where is it going to maintainers?
And by what mechanisms does it flow to maintainers?
I do want to briefly say, why do we even care about funding software maintenance?
So we have got 90% of companies are using open source.
That is nice.
That makes me feel good.
FOSC constitutes 70 to 90% of any given piece of modern software solutions.
That is sick.
Love it.
89% of code bases contained open source, more than four years out of date.
That makes me a little nervous.
84% of code bases contained at least one known open source vulnerability.
That is actually even more uncomfortable.
So there is a lot of reasons to fund open source maintenance.
We can hear all day talking about them.
It is the underpinning of everything that we are basically functioning with this society.
But also let's not have it fall apart.
So what do we know about FOSC maintainers and money?
Most of what we know about this comes from tidelifts state of the open source maintainer
report.
Here they find that 60% of maintainers are unpaid hobbyists.
And of that 60%, 77% would prefer to be paid.
I know.
It is pretty wild.
44% are solo maintainers.
So if they won the lottery and moved to remote islands, the dream that we all share, there
is no one to pick up the project and go forward.
A lottery aside, 58% have at least considered quitting a project and 22% have actually quit
maintaining a project.
It is not bad.
You shouldn't have to maintain a project the rest of your life.
Building an open source project does not put you in an eternal prison.
You can never free yourself from it.
Things should end and you should be able to move on.
But as we can see, if we have one maintainer and a lot of things depending on it, this
is kind of an issue.
Fortunately, one of the many paths forward they found is 56% said that earning more money
for maintenance work would actually help keep them from quitting.
So that is good.
So where does this money pass through?
Let's talk about funding platforms.
So places that enable payments to false projects and maintainers.
So they are kind of this middle space that helps the money move.
There is a lot more platforms in the space than there used to be, which is fantastic.
This led to a lot of specialization.
So you have got platforms like Thanks.dev and Stack Aid, which are looking specifically
at dependency funding.
We have got the crowd funding model.
We have got the classic ongoing crowd funding with Patreon, which a lot of software developers
use.
We have got tipping platforms.
We have got ones focused on recurring income.
And of course, we have direct tips.
In this, I am going to mention two platforms that are focused very specifically around
the open source space and that cover a bunch of these different techniques, which is GitHub
sponsors and open source collective, which is a fiscal host under open collective.
There is also a lot more models that people are looking at, which I don't have space for
here.
So there is a subscription model that Tidelift explores.
There is service marketplace like Open Teams.
We have got experiments in quadratic funding with Gitcoin.
We could be here all day, which is good.
We need this kind of diversity.
So in terms of what kind of money is moving through, GitHub sponsors have seen $40 million
come through since 2019.
I know this looks like a copy-paste error, but I just imagine I actually think open source
collective also has had exactly $40 million come since 2019 and saw $10 million in 2023
alone.
So the growth of money coming through spaces like this shows that as we make it easier for
folks to find and support projects that they want to support, we are able to funnel money
through there, which is great.
It lowers the barrier.
One of the main sources of using platforms like this is FOSS contributor funds.
So the way that, indeed, defined this when they kind of set out what a FOSS contributor
fund was was a framework for selecting open source projects that a company supports financially,
specifically designed to encourage open source participation and help companies take an active
role in sustaining the projects they rely on.
So colloquially, a FOSS fund is any instance of a company funding projects, usually they're
dependent, these are like a semi-organized way, at least, without expecting anything concrete
in return.
So that's kind of flowing through here.
Companies have been giving to open source for a long time and certainly much longer than
2019, but the rise of the structured program referred to as a FOSS contributor fund, you
can really trace back to, indeed, and Duane O'Brien in 2019.
And since then, a lot of companies have made public announcements saying not just here's
what money we're going to give to open source directly, but here's how we're going to distribute
that money and involve our own employees in it, which is really cool.
GitHub sponsors found that the average value of an organization sponsorship versus an individual
is 15 times, which is actually reflective of that companies do have a lot more money
than I personally have.
So that makes a lot of sense.
In terms of how much money is actually coming through FOSS funds, though, like my back of
an app can math is based on public announcements and based on what data we can see, maybe $12
million last year, which is life changing for a number of projects and life changing
for a number of maintainers and like paltry, like honestly kind of a pathetic number when
you look at the overall value of open source.
In terms of scale, we see companies like Century and other companies give up to like $500,000,
which is great.
We see a few thousand across the map, which is good.
Here's a few of the patterns that we see in this space.
First of all, this isn't a sustainable model for the ecosystem.
This is a supplementary model.
And it's good, right?
But we can't pretend that we're going to maintain this whole ecosystem in this philanthropic
effort for companies to give back.
It's supplementary.
We also see that FOSS funds are usually not a stable source of income for maintainers.
They're often giving like one time, it's employee voted, which is very positive, but means that
you can't understand when you're going to get that income and you probably aren't necessarily
going to get it again.
We've also found that expecting companies to fund open source for the positive press
is a failed path.
The majority of companies that are giving money directly to open source projects do not
talk about it openly.
They don't get out there and to get their PR department like let's party.
There's a number of reasons for this.
I think one of them is what can seem like an incalculable sum internally to get someone
to sign off on, to give to open source can look pathetic from the outside.
We've all thought for money for stuff and been like, I did it.
I got however much.
But then people look at the total value of the company who are external and they're like,
well, shouldn't the company be given more?
And so I think that's one of the strains there in terms of companies not talking as publicly
about it.
FOSPONs are also particularly vulnerable to real or imaginary macroeconomic conditions.
They took a hit definitely in 2023 and there's stuff that gets cut pretty early when companies
come through and do a little snip, snip.
So that also affects the stability.
A lot of FOSPON stuff is associated with OSPOS, open source programs offices, which are fantastic.
FOSPONs funding is not a focus however for OSPOS.
OSPOS are using their limited resources to get employees engaged with open sourcing at
the company to give back to open source, which is amazing.
FOSPONs are a tool to get employees engaged, not one of the core kind of means to an end.
And I will close this with the companies that have shared their funding structures and talked
about what they're doing in this space has paid off.
This may not be a huge number, but the reason that it's even where it is is because people
went out and said this is how our company is doing it, this is how we're structuring
it and I think you should do it too.
So that is working.
We've got a lot of space for improvement here.
We've got a lot of improvements we can do in data in terms of identifying dependencies
so we don't rely on charisma to choose projects, which is a big problem in this space.
We can improve data around the benefits that funders receive, not individual benefits from
projects, which are hard to juggle, but overall when we pump money into this ecosystem, what
are we doing?
Are we actually making it more secure?
Are we making it more stable?
How do we prove that and thus make this funding less vulnerable to cuts?
I would also encourage you to check out FOSPONs and see if there's stuff that you want to
do around this.
In terms of individuals sending money to open source maintainers, if you give money to an
open source project or a maintainer, nice job.
Awesome.
Thank you.
It's actually having an impact.
One of the really interesting things here is that across funding platforms, individuals
are significantly outperforming FOSPONs in the amount of money that they are given to
independent projects, which is very sad and pathetic from a company perspective, but it's
like pretty badass from a you perspective.
Nice work.
It's interesting because in 2023 we learned that it's more resilient.
When companies cut their budgets back, people didn't cut their budgets the same way, which
is incredible because I don't know about you, but my groceries are 25% more expensive.
Again, super nice work.
It's not something we can structure the ecosystem across, but it shows how much people actually
really care about the software that they use.
We just have to have better mechanisms for that caring to be reflected by larger organizations.
Let's talk about foundations.
Where is the money?
The money is going somewhere.
The most common method of funding open source projects is joining or starting a foundation,
which is an organization that can take care of fundraising, legal needs, corporate relationships,
all this great stuff.
In terms of how much money foundations are bringing in, in 2022 the top 32 software foundations,
if you take out Wikimedia, brought in $304 million, which is pretty cool.
Linux Foundation brought in 58% of that.
It's got to be higher this year.
The numbers aren't out for this year, but given the phenomenal increase in fundraising
that the LF accomplished this past year, I bet that that percentage is even higher.
There's a lot of different approaches across foundations, but I will focus specifically
more so on kind of the Linux Foundation's approach, just because it's so dominant in
the ecosystem.
The way that foundations support projects is through a wide variety of resources, legal,
financial services, project governance, how hosting, all these essential things.
We ask open source maintainers to wear like 15 hats to be an accountant and a lawyer and
a community manager and everything all at once.
Foundations say, well, what if we took like 12 of those hats off and you only had to wear
like three, which is great.
That's something that enables projects to continue.
The hat that foundations do not tend to be doing anything with here is that foundations
are not usually paying money to project maintainers for the purpose of maintaining a project.
That is not the way that foundations really function in general, with some notable exceptions,
but small exceptions.
Instead, they lead into this model of the professional maintainer.
LF research in 2023 found among critical open source projects, the majority of maintainers
and court contributors enjoy full-time employment.
This is our 13% of maintainers that are professional maintainers we see in tidaliff survey, but
they're not paid by foundations.
These are people paid by companies, for-profit companies, to maintain projects that those
companies are dependent on and rely on.
As software foundations aren't paying for project maintenance and they are bringing in these
other resources, part of that also is they have a very tight loop with companies because
they have to be out there advocating for these companies to hire full-time maintainers.
Foundations are helping maintain this whole ecosystem effect, which is really important
in how a lot of these projects are surviving.
They also make donating to open source really easy for companies.
The administrative burden of donating to a ton of different projects is a rough one
and different platforms are trying to address that, but foundations make it really simple.
You give them a big lump sum and they tell you what level you're at and they give you
a nice prize to show your executives and you're like, yeah, your finance team isn't mad at you.
That's something I think that's really important.
I think, here we go, this brings up a couple of questions.
Is there a model where we see more maintainers paid by foundations, especially around maintainers
who don't want to be employed by a large corporation?
Is there an ability to build in more resiliency for when corporate cuts come in and we see
maintainers of top projects cut at companies?
Can we build in resiliency within foundations?
Given that foundations have, for the most part, unlocked the code in terms of getting corporate
giving, are there ways to distribute that benefit to the broader ecosystem that includes
independent projects that aren't within a foundation?
How do we take those learnings and bring them out more broadly?
Let's talk a little bit about grants and government money.
Grant is a one-time funding agreement.
You say, I'm going to do something and then they give you money and then you do it.
They come from two main sources.
We've got philanthropic orgs and we've got them coming through governmental agencies.
My favorite example of government investing in sustainable open sources is the sovereign
tech fund.
This is an initiative out of the German government.
If you haven't read about the work they're doing, I plead with you, please read about
it.
It's fantastic.
They've been talking about it a year at Fosden.
They've been talking about it all week and also all year because they gave 15 million
euros to open source projects and maintainers in the last one year.
I think it's a really important model.
Seeing governments step in to support critical open source software maintenance, I think
it was really key.
Here we see the European Commission in 2022 saying there's a clear need for a European
funding mechanism to help sustain critical open source software communities.
I'm an American so I'm going to say there's a clear need for America to also do that.
Just put your country name in there, I guess.
Or we could all work together, I don't know.
Traditionally the space that we see grants in is the scientific and academic software
funding space.
If you talk to people in the scientific software space, they're like, oh yeah, grants.
I eat grades for breakfast.
If you talk to anybody else, like me, I'm like, what the hell is a grant?
I don't know.
Software gets that.
There really is a limited understanding of grant funding opportunities outside that academic
and scientific space.
But agencies like NSF, NASA are looking to advance software with an academic research
relationship.
That doesn't usually mean maintenance.
That means building something new.
Similarly with these philanthropic orgs, like Moore, Sloan, CZI, they want to see cool
when things happen.
But grants traditionally have not been a way to fund ongoing software maintenance, which
we're seeing this theme come over and over again.
Let's do that theme again.
Who else doesn't fund maintenance?
Let's talk about venture capital.
VC financing is when someone with a lot of money says, I think one day you too could
make a lot of money and I'll bet on it.
That comes in through when there's a related business built on top of a round of project.
OSS Capital, who's best known for doing funding around open core kind of stuff in the space,
said in 2022, the COSS category has grown dramatically over the last decade from $10
billion to $500 billion plus today.
Even so, we are still in the early stages of costs, which we believe will grow into a
$3 trillion category by 2030.
The VCs are hungry and they see there is money.
They are increasingly coming around knocking.
For founders who want to work with VCs, I think one of the things that we really need
here is for folks to make sure they're working with VCs who understand the peculiarities and
strengths of open source.
Then really importantly on the maintainer side, we need more resources to help people
understand if VC funding, if individual investing, is actually right for them and their projects.
Are they a hockey stick project?
Do they want to be?
Do they want to live that life?
We need a lot more resources to prep people for when someone shows up at the door and
says, do you want a lot of money?
Sign this and also you have to do this now.
Are we preparing people to make that decision?
Speaking of which, we thought about this a lot this year.
This was our first time running GitHub's Accelerator.
It was a really exciting experiment and we are doing it again this coming year.
I would look for applications to open up on that soon.
What we did was we ran this Accelerator specifically for open source software maintainers.
That for us meant there was no one size fits all approach.
There's not one answer to this.
We wanted to bring in a diversity of projects and say, how do we help experiment what sustainability
is going to mean to you?
What's financial sustainability?
We want to look at a lot of different models and help you find the right one.
For some of those, they did go on and get nice funding, go into iCombinator.
For many of them, other things that meant starting businesses on top.
If I had time to go through business models on top of open source here, then I would be
going through it right now.
But also, you would be here a lot longer in very uncomfortable chairs listening to the
same person.
That's why they only gave me a half an hour.
Please forgive me.
We need a lot better education on what those paths were, and that's something we're trying
to start tackling.
The way that we did this is we took 20 open source projects.
We gave them $20,000 funding for projects.
We did a 10-week program to say, let's bring in experts who have found ways to be sustainable
with their open source projects to talk about how they did it and give that perspective
and mentorship.
This is the previous year we did a FOSS fund.
We gave $500,000 to open source, 2022, 2023.
We said, how do we take the same amount of money, but give more material support on top
of it?
We found a lot of the same barriers that people find.
None of this is a surprise, but I think some of the key stuff is understanding on pros
and cons of business models, the strains on solo-maintained projects.
There's difficult community perception.
In open source, you're expected to magically do everything for free, for the good of the
world, but I still eat food.
People judge you when you're trying to make money so you can keep doing the thing you
love.
There's really complicated stuff there.
Maybe there's a therapy component next year.
I don't know if I should pitch that.
There's a lack for folks who are outside of foundation structure of legal guidance,
accounting guidance and stuff that's specific to the ecosystem.
We also need more opportunities for mentorship for people who have taken specific paths.
That's something that's really lacking.
There is one experimental method I would like to mention since we don't have a ton of time.
Simon Willison, a data set co-founder of Django, was part of the accelerator.
One of the things that he's really been trying out is this experiment to say, let's have
companies pay maintainers to speak to your team.
We know there's limited money for FOS funds, but there's money sitting around underutilized
in company training budgets and consulting budgets.
We've seen those pools and be like, what do you even spend that on?
Spend it on maintainers.
Bring them in to talk to the team.
The internal team gets to speak to the experts behind the software.
You get a time box commitment for the maintainer, so they're not having a contract where they
have to keep your shit running forever.
They're financially supporting projects.
How do we find some more creative ways to get projects funded like this?
I also think this ties into some of Filippo Volsorta's experiment with retainer agreements.
But again, we can talk about that later.
Let's put it together.
This time I will actually pause if you want to take a picture of this slide.
I know I just ran past it earlier.
There was a single tear coming out of so many people's eyes that they like their phone captured
something else.
We've talked about how money flows to open source maintainers and the many paths that
it takes.
We've talked about that open source is still being funded for only a small portion of its
value.
Most companies are not going to magically step up to fill that hole.
That's not how capitalism works.
While companies rely on open source, little of that funding is trickling down.
Of what funding does trickle down, it's mostly not trickling down for maintainers doing maintenance
work as opposed to new features.
Most maintainers are not able to financially support their work unless companies choose
to hire them for it.
In more limited cases, if they start their own businesses, but that's still kind of the
majority of maintainers are being employed by a company.
Current funding structures, as we said, not focused on maintenance at all.
We need better models to support this.
We need new models.
I personally also really, as you heard, believe government funds aimed at critical suffer
maintenance or promising development, among others.
Some missions for you because you're here.
You get homework.
We're in a university.
We need more data.
What's working?
What's not?
Can your org do a survey?
Can you release trends that you're seeing?
Is there anything you can do there?
We need more companies publicly committing to funding.
Even if we need a bigger model than that, we got to keep stuff going for now.
Can you get out there and actually say, we're going to commit to funding, we're going to
do a FOSS fund, here's what we're doing?
Add yourself on FOSS funders.
Is there something you can do there?
2023 was a reminder that corporate budgets and priorities are fickle.
It was a painful, painful reminder in this.
Any funding planning that we do has to take this into consideration.
How do we make it harder to cut open source funding that we do achieve?
Maintainers need more resources and more mentorship to decide how to sustain their projects.
Do you have experience in this?
Can you help mentor other open source maintainers?
In the past and what has and has not, that just as importantly worked for you.
I think we should do what we can to advocate for government funding, which is something
that has been happening a lot this week across Europe.
And how do we get this conversation out of the echo chamber and into the broader ecosystem?
So a few things to consider.
A special thank you to a lot of people who were very, very wonderful and helpful in this.
That is what I came here to say.
And miraculously, I didn't run over.
So here we are.
I think we have time for about one question.
One question.
Don't mess it up.
Okay.
I'm kidding.
The hand at the back went up first.
So I'm going to go all the way up.
This is more of a question that are a comment than a question, but...
If you have other questions, I put my email up there.
So you can use that.
I'm also pretty easy to find.
I'm not good at hiding.
So this is more of a comment than a question.
I'm kidding.
So you sort of mentioned this a little bit in your talk, but over the last 18 months,
roughly half a million people have been publicly laid off in the tech sector.
Yes.
Along with massively budgeting in private sector technology companies.
Pretty brutal.
A big question, but could you speak towards the impact on open source communities that
this may have had that you've been seeing from your side?
And are there any insights that you can provide here?
Thank you.
That is a very good question.
And for anyone who couldn't hear it, it was around the enormous amount of layoffs and
budget cuts in the last year, like what influence have I been seeing across the ecosystem?
When I started this talk, everyone I talked to, I said, what about 2023?
And do you have any data on 2023?
I was like begging people for data on 2023.
It turns out 2024 just started.
And we don't have the data yet.
Which I was very sad about.
But we know anecdotally a lot of open source program offices had really harsh cuts.
We also know that money is bouncing back very quickly.
That nature is healing, it seems.
But I don't know how fast that actually starts to trickle back down.
And I think that we're going to have the opportunity to look back at 2023.
I think you're asking the right questions and say, what can we learn from this so that
the next time this happens, we shouldn't have to be, but we're more resilient.
Like, we're ready as an ecosystem to brace for fickle corporate budgets.
I wish I had a better answer there.
All right, thanks, Kara.
Yeah.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.