The Dilemma

Open source has powered the modern internet: Linux, Kubernetes, React, Python, PostgreSQL, you name it. Nearly every commercial SaaS company stands on the shoulders of unpaid volunteers.

But here’s the catch:
✅ Billions of dollars in business value
✅ Millions of users
✅ Thousands of maintainers…many unpaid, overstretched, and at risk of burnout

Who really pays to keep this entire ecosystem alive?

The Reality Check

1️⃣ Direct Sponsorships
Platforms like GitHub Sponsors, OpenCollective, and Patreon have let individuals contribute dollars straight to maintainers. But amounts are still modest.

A 2023 survey showed that only 12% of open source maintainers earn more than $1,000 per month from donations (GitHub Octoverse 2023).

2️⃣ Corporate Funding
The largest projects — think Kubernetes, Linux, Node.js — are under the umbrella of foundations like the CNCF or Linux Foundation, which get massive vendor sponsorship.

✅ Google pays for K8s
✅ Microsoft backs VSCode
✅ Meta supports React

…but smaller projects don’t get anywhere near that. Even popular tools like eslint struggled to raise sustainable funds until they formed a formal foundation.

3️⃣ The Unseen Costs

Time is money.

Most maintainers are donating their nights and weekends to triage issues, review pull requests, and write security patches. This “free labor” is the hidden cost baked into everyone’s supply chain.

And it’s fragile:
when maintainers burn out, security holes go unpatched.

Example: The widely used library event-stream was hijacked by a malicious actor in 2018 because its original maintainer couldn’t support it anymore and handed it to a stranger.

Who Should Really Pay?

✅ The enterprises who profit from OSS — they should commit real budgets to dependencies they rely on.
✅ Platform vendors — they should invest in stewardship, not just consumption.
✅ Governments and nonprofits — they should support digital infrastructure the same way they do roads and bridges (The New Stack).
✅ Engineering managers — they should prioritize OSS maintenance contributions in employee time, not see it as “side work.”

Community Voices

From Reddit r/opensource:

“Open source feels like everyone eats the buffet and nobody wants to wash dishes.”
(reddit.com)

On Hacker News:

“I work 12 hours in my day job, then another 4 hours maintaining a library millions use for free.”
(news.ycombinator.com)

What Might Actually Help

✅ More corporate maintainers — treat OSS contribution as part of the day job
✅ Dependency audits — identify critical packages and direct funding
✅ Security-minded support — fund security reviews of widely used packages
✅ Recognition & rewards — promote maintainers like MVPs, because they truly are

The Risks If We Ignore It

• Fragile packages abandoned

• Supply chain attacks (think colors/faker drama)

• Talent loss as maintainers burn out

• Trust erosion in OSS overall

Final Takeaway

Open source is not free — it is paid for in human time and goodwill, both of which can run dry.

If your business depends on it, you should help sustain it — financially, technically, and with respect for the humans behind the code.