Getty Images/iStockphoto

Who profits from open source maintainers' work?

Open source is critical to the tech industry, but nearly half of maintainers work unpaid -- and the situation is becoming untenable amid rising corporate use and security concerns.

You might not know Jordan Harband's name, but if you've developed a JavaScript application, there's a good chance you've relied on a package he maintains.

Harband is a software engineer who currently maintains hundreds of widely used open source packages in the JavaScript npm package registry. One of those packages alone is downloaded millions of times per week, with nearly 1.6 billion all-time downloads.

Open source software is increasingly foundational to corporate IT environments, and that growing importance has come with heightened expectations for open source maintainers. But for the individuals like Harband who keep open source software afloat, maintaining their projects is both personally fulfilling and a serious struggle.

The history and changing role of open source software

Although the specific term open source dates to the late 1990s, the community's underlying principles of collaboration and creativity go back decades prior.

"As a development model, open source has been wildly successful because it allows people to build on top of code that others have started with," said Chris Grams, chief marketing officer at Tidelift, which provides funding to maintainers. "They're essentially using building blocks -- like building with Legos versus melting your own plastic."

Image depicting ASBPE 2024 regional gold award recognition

But despite open source's success as a development approach, its business model has been less clear. Developers haven't always agreed on how or whether to make money from open source, and initially, open source saw little corporate interest.

"When open source started in the '80s with Free Software Foundation stuff, in the '90s with Linux ... very few people took it seriously commercially," said Christopher Tozzi, senior lecturer at Rensselaer Polytechnic Institute and author of For Fun and Profit: A History of the Free and Open Source Software Revolution. "Nobody thought that you could make a bunch of money doing this."

But companies' attitudes toward open source changed as its potential value became evident. Today's open source ecosystem differs substantially from that of the 1980s or 1990s: Recent research from TechTarget's Enterprise Strategy Group found that 99% of organizations use open source software in their cloud-native applications or plan to within a year. Among adopters, more than 90% said their codebase is one-quarter to three-quarters open source.

Infographic with data on the number of open source projects, prevalence of open source in codebases and benefits of open source contribution.
Adoption of open source has skyrocketed over the past decade, with corporate open source programs playing an increasingly important role.

Who are open source maintainers?

Although there's no single definition, open source maintainers are generally understood as contributors who play a leading role in an open source project, said Ashwin Ramaswami, a tech policy researcher at Plaintext Group and law student at Georgetown University.

In addition to contributing code, maintainers make strategy decisions, perform code reviews and supervise their projects, which typically involves keeping the community engaged, handling conflicts and recruiting new contributors. And often, maintainers do this work with little to no pay or recognition.

Alex Clark is a Python developer, consultant and open source maintainer who first encountered open source in the early 2000s. "It was like a playground," Clark said. "And that today is still the attraction ... having these examples on the internet available to study or modify."

Over the years, Clark has worked on several open source projects, but he's proudest of Pillow, a library that provides image processing capabilities for the Python interpreter. Pillow itself started as a fork of another open source tool, the Python Imaging Library.

"Back in the day, 2010, I was very annoyed with one specific thing that forking the software fixed," Clark said. "And everyone, maybe not immediately, but everyone needed that fix."

More than a decade later, Clark still maintains Pillow along with a team of three other core developers. Today, Pillow has been downloaded millions of times, is part of many corporate IT environments and was used by NASA in the successful flight of the Mars Ingenuity helicopter.

Clark has found real fulfillment in his project's resounding success. "The Pillow open source stuff is easily the most meaningful thing that I do," he said. "Whether or not I'm being paid for it, it's easily the biggest thing I've done -- the most popular thing."

But that achievement can feel bittersweet when viewed in light of the project's reach. Although Clark said the funding he receives through Tidelift has been essential to maintaining Pillow, he's still not making a full-time salary from open source work, despite wanting the project to be his sole focus.

"Our income is disproportionate if this thing is everywhere -- across the entire globe, used by Fortune-whatever companies," Clark said. "It's disproportionate. And there's no easy way to fix that."

Do open source developers get paid?

Clark's story is similar to that of many maintainers. Although some open source developers receive compensation for their work, often through funding from an employer, many aren't paid at all.

In Tidelift's 2021 survey of open source maintainers, 46% said they weren't paid for their work. And the situation isn't improving, according to Grams: In Tidelift's follow-up 2023 survey, which the company plans to release this April, that figure stayed exactly the same.

"It's a very small minority who are actually making a living from making open source software," Grams said.

Maintainers expressed frustration with the misconception that contributors are unpaid by choice because compensation would go against the principles of open source -- or, at the other extreme, that the majority of open source projects are maintained and funded by large companies. The reality is more complex: Some corporations do support open source software, but many smaller projects are run entirely by volunteers who often wish they were compensated.

"Open source contributors tend to be a narrow set of society that has the time to be able to take on unpaid hobbies," Grams said. That typically means those with more financial resources and fewer responsibilities outside work. Consequently, increasing the diversity and number of open source contributors requires expanding the financial opportunities available in open source.

The challenges faced by open source maintainers

Reviewing issues and pull requests can become overwhelming as a project's user base grows, especially for older projects with multiple versions and integrations. Expectations for maintainers can also skyrocket when corporations with specific needs for their software adopt an open source tool.

"People who are paid full time end up making these issues, and you, as a volunteer maintainer, have to fix it," Ramaswami said.

Community management is another common challenge. When he maintained the front-end library react-jsonschema-form, Ramaswami led weekly calls for contributors where he reviewed pull requests live. "People who were interested were showing up, and now those people are probably more active than I am," he said.

But for larger-scale projects, this type of direct engagement isn't always feasible -- and can take a psychological toll. Interpersonal conflicts and disagreements about project growth are emotionally taxing. And since these conversations often occur in semipublic online settings such as GitHub, maintainers' behavior is under constant scrutiny.

"People get mad, and they vent their frustration in your direction," Harband said. "Sometimes they're polite about it, and sometimes they're hateful about it, but you're still receiving their frustration. That's not trivial to deal with. That's not easy."

Because many maintainers work on projects in their spare time, they're often balancing open source responsibilities with full-time jobs and other personal obligations. Consequently, open source work can easily lead to severe stress and burnout. In some cases, maintainers who reach a breaking point in the absence of adequate support have vandalized their own software or attempted to unpublish their code.

"They lashed out because they were dealing with stress," Harband said. "And I'm confident that if none of them had to worry about money, they would have been able to find help for whatever they needed and would not have needed to take it out on their software and its users."

Organizations' expectations vs. maintainers' capacity

To adhere to government and industry standards, companies using open source need to know whether the maintainers whose packages they're building into their software are complying with those standards themselves. But in Tidelift's most recent research, Grams said, more than half of maintainers surveyed weren't familiar with the standards that organizations increasingly expect them to meet.

Even for open source developers who genuinely want to prioritize security, organizations' expectations might not be realistic. Already-overloaded maintainers are growing frustrated that their responsibilities are now expected to extend beyond writing the code.

"[Maintainers] love doing meaningful work," Grams said. "They want to do things that are creative. One of the things that I don't think maintainers say they enjoy is getting a bunch of requests from the corporate users who aren't paying them money to meet a bunch of standards they don't understand."

The controversial role of corporate support in open source

Many maintainers agree that a change in open source's funding model is necessary, but the community lacks consensus on the best way to get there.

Direct corporate donations are a common funding method, especially for larger projects. Because corporations that invest in open source have a reputational interest in producing reliable software, they're often willing to offer resources to support development, including letting their employees contribute to open source.

But despite benefits such as increased visibility and funding, corporate interests can be at odds with those of open source developers. In such cases, "how do you balance the company's imperatives with what the developers want?" Ramaswami asked.

Whereas an individual developer might prioritize flexibility and the ability to run software locally, a corporation might want to drive users toward paid services and outperform its competitors. As an example, Tozzi mentioned the shift in focus to servers over desktop in Linux's development.

"The corporations who wanted to make money off of Linux were much more interested in Linux for servers, because that's how they were going to make money on it," Tozzi said. "Intel sponsors Linux development on servers because it wants companies like Dell to go and put Intel chips in servers that they sell to other companies to host Linux-based workloads."

But even open source enthusiasts feel it's shortsighted to view corporate involvement as solely negative. Funding from companies is sometimes the only way for projects to continue, at least without pushing maintainers to the point of burnout.

"I don't think corporatization of open source is an inherently bad thing," Tozzi said. "These companies have immense resources that the open source communities don't have on their own. And they can pay developers to write a lot of code that otherwise might not get written or might take much longer."

Emerging alternatives to funding open source projects

Tidelift's model seeks to offer maintainers an alternative income stream that also addresses the problem of open source security. The company funnels enterprise funding to open source maintainers who can validate that their projects meet industry or government standards.

"That's something we can continue to pay [maintainers] for on a monthly basis, as long as their project is still meeting those standards," Grams said -- and once a project receives funding, "they can use that money however they want."

Harband, who also receives support from Tidelift, said he's never personally seen an attempt to wield money to influence development on a project he maintains.

Another funding method is individual donations. Programs including GitHub Sponsors and Open Collective allow donors to financially support specific open source projects. Some projects are exploring recurring revenue streams through platforms such as Patreon, which was originally designed for artists and content creators.

Although the donation approach can mitigate the problems associated with corporate interests, it's not without its own problems. In addition to the stress of seeking out new donors and planning around fluctuating income, the donation model preferences high-profile projects with wider name recognition.

Projects further down the dependency tree, such as many of Harband's packages, are less likely to receive individual donations. In most cases, developers don't pick Harband's packages directly, but instead use them transitively when they choose another tool that relies on his projects.

As a result, Harband said, it's harder for his work to get funding compared with better-known projects. Although some big-name projects redistribute donations to their own dependencies in an attempt to spread out funding more fairly, there's no requirement to do so, and tracking and valuing dependencies can be complex.

Other avenues to funding are based on an emerging view of open source software as infrastructure. The Open Technology Fund recently launched the Free and Open Source Software Sustainability Fund, which provides private- and public-sector financial support for open source technologies.

"The idea is that maybe this could be a long-term vehicle, where you can have this kind of maintenance-type funding to improve the open source ecosystem," Ramaswami said.

In addition to improving funding, providing resources and community support for maintainers can combat burnout. For example, Ramaswami suggested courses on how to sustainably maintain an open source project or groups where maintainers can get advice from others who have faced similar problems.

Maintainers call for a culture shift around open source

While the various solutions are promising, the problems are systemic, and genuinely supporting maintainers requires a larger shift in how open source is viewed and prioritized. Although open source software might be "free" in a literal sense, that doesn't mean it can be taken for granted.

If I'm doing something that provides value to society, I should be able to have the option of doing that without throwing my life into chaos.
Jordan HarbandOpen source maintainer

"The reason you can start a new company so quickly and get to market is because of open source software," Grams said. "You're building on top of all of this code. You're not having to write it from scratch. And these companies are worth billions of dollars. Why are the open source maintainers who actually wrote the code that go into this still unpaid hobbyists?"

And the issue goes beyond fairness. Funding open source is also a strategic investment in future innovation and growth. Support for maintainers in the form of sustainable funding models is necessary to ensure the survival and advancement of open source projects.

Ultimately, open source maintainers need recognition and support, especially if their projects are held to increasingly high standards for performance, security and reliability. When maintainers' work becomes untenable due to burnout and lack of resources, the entire tech ecosystem suffers.

"I'm not trying to get rich on open source -- I just want to be able to fund my life," Harband said. "If I'm doing something that provides value to society, I should be able to have the option of doing that without throwing my life into chaos."

Next Steps

Open source contributions face friction over company IP

Fixing software developer burnout could increase retention

Dig Deeper on IT operations careers and skills