Open Source Has a Sustainability Problem and We Are All Responsible

Left-pad. Log4j. XZ Utils. Each of these incidents revealed the same uncomfortable truth about the modern software ecosystem.

The Foundation Is Fragile

The software stack that powers the global internet — the frameworks, the utilities, the cryptographic libraries, the package managers — runs substantially on code written by volunteers who receive nothing for their work.

This is extraordinary. It is also a systemic risk.

When a single developer maintaining a critical package in their spare time burns out, makes a mistake, or gets compromised, the consequences ripple across millions of applications.

Why This Happens

The economic model of open source is broken in a specific way: the value created is enormous and diffuse; the costs are concentrated and private.

A startup uses an open-source library. The library saves the startup hundreds of engineering hours. The startup grows. The startup goes public. The maintainer of the library continues to work evenings and weekends for free.

The startup is not being malicious. They are being rational within a broken system.

What Good Looks Like

GitHub Sponsors, Open Collective, and similar mechanisms represent early attempts at fixing this. But the real fix requires the largest consumers of open source — the big tech companies — to treat open-source funding as infrastructure investment rather than charity.

What You Can Do

If your company uses open-source software — and it does — advocate for an open-source sustainability budget. Find the projects you depend on and fund them.