Hilary Carter and Martin Woodward | 18 December 2024
We’ve long understood that people are the engine that powers open source. Prior research has found different ways to measure the value, aggregate investment, or cost to rebuild open source. Yet, the state of actual open source investment has remained an opaque subject with limited visibility or understanding of the amount, or its impact
This summer, GitHub and Linux Foundation partnered with researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. The goal was to measure organization-driven investment with interest in the how and why organizations invest in open source software (OSS). The insights can then be used to inform recommendations to improve monitoring and investing in open source to create a more sustainable and impactful open source economy and people.
The audience included Open Source Program Offices (OSPOs), heads of engineering, C-Level Executives, and was distributed to Linux Foundation and GitHub mailing lists, as well as partner organizations like the TODO Group. Responses came in from 501 organizations globally.
Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the published report, we found:
- Organizations have varying levels of open source experience. Nearly 44% either have or would like to create an OSPO, 24% consume while only 21% contribute to projects, 18% releasing projects, and 16% influencing projects via leadership or maintainer roles.
- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).
- The median responding organization invests $520,600 (2023 USD) of annual value to OSS
- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.
- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.
- Respondents invest $162MM financially to contractors (57%), foundations and projects/communities (37%), maintainers (4%), and bounties (1%).
- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.
In this research, we discovered a few key obstacles that make this kind of data capture challenging. First, as noted above, we discovered that organizations have blind spots when it comes to the specifics of their contributions. Many respondents knew where they contribute, but only a portion of those could answer how many labor hours went into their OSS contributions or the percentage of budget that went to OSS. Second, the decentralized nature of organizational contributions, without explicit policies or centralized groups that encourage and organize this effort, make reporting even more challenging.
Without the data or the impetus to collect it, capturing the scope of investment can be elusive. From these gaps, we recommend that policies and practices are put in place to encourage employees to self-report their contributions, and do so using their employee email addresses to leave fingerprints on their work. We also suggest that open source work is consolidated under a single banner, such as an Open Source Program Office (OSPO). Finally, we suggest incorporating contribution monitoring into the organization’s pipeline. We developed a toolkit to help improve data capture and monitoring.
We are excited to apply learnings from this research across our programs and help bring more visibility to how organizations fund open source. We all stand to benefit from unlocking more funding for open source.