Open Source Has a Sustainability Problem and We Are All Responsible
The infrastructure of the modern internet runs on open-source software maintained by unpaid volunteers. This is both remarkable and unsustainable.
Isaac Paha
5 December 2025
Contents
Left-pad. Log4j. XZ Utils. Each of these incidents revealed the same uncomfortable truth about the modern software ecosystem.
The Foundation Is Fragile
The software stack that powers the global internet — the frameworks, the utilities, the cryptographic libraries, the package managers — runs substantially on code written by volunteers who receive nothing for their work.
This is extraordinary. It is also a systemic risk.
When a single developer maintaining a critical package in their spare time burns out, makes a mistake, or gets compromised, the consequences ripple across millions of applications. The XZ Utils backdoor in 2024 came perilously close to compromising SSH authentication on a significant fraction of Linux servers globally.
Why This Happens
The economic model of open source is broken in a specific way: the value created is enormous and diffuse; the costs are concentrated and private.
A startup uses an open-source library. The library saves the startup hundreds of engineering hours. The startup grows. The startup goes public. The maintainer of the library continues to work evenings and weekends for free.
The startup is not being malicious. They are being rational within a broken system.
What Good Looks Like
GitHub Sponsors, Open Collective, and similar mechanisms represent early attempts at fixing this. Some companies — notably Tidelift and FOSSA — have built businesses around funding open-source sustainability.
But the real fix requires the largest consumers of open source — the big tech companies — to treat open-source funding as infrastructure investment rather than charity.
Some do. Most do not.
What You Can Do
If your company uses open-source software — and it does — advocate for an open-source sustainability budget. Find the projects you depend on and fund them. The cost is trivial relative to the risk you are mitigating.
React to this essay
835 total reactions
Discussion
198 commentsShare your thoughts
0/500 characters
Kwame Asante
2 days agoThis is exactly the framing I needed. The leapfrog argument isn't new, but the specific connection to M-Pesa and what comes next is compelling. What sector do you think produces the first $100B African company?
Priya Nair
3 days agoThe risk section is what most optimistic takes on African tech skip entirely. The value extraction problem is real and worth a full essay of its own.
Thomas Webb
5 days agoReally well argued. I'd push back slightly on the median age statistic though — demographic dividend requires the right education and infrastructure investments to materialise. What's your take on the skills gap?