Introduction
This is a summary of the Open Source Software Funding Report (which is
a summary of the Open Source Software Funding Survey conducted by Github,
Linux Foundation and researchers from Harvard University) published on 19 November,
2024
Also check out the Open Source funding toolkit that has been developed using
insights from this report; and the Secure Open Source fund announced
on the same day.
About the survey
The primary audience for the survey included OSPOs, Heads of Engineering and Product, C-Level Executives, and other individuals with a solid understanding of their organization's open source engagement.
Most surveys that we have come across so far are from publicly available contributions data, while the findings here are self reported (by organisations that are active in/ care about open source. More on this later).
I was very curious on how "employee labor" from organisations all over the world with different working schedules, PPP etc. was converted to a particular dollar value.Scale
- - Organizations contribute $7.7 billion USD annually to open source software
- - The majority (86%) of contribution value is employee labor
You can read in detail about the approach here.
Note that the (159) survey respondents collectively contribute $1.7
billion annually. The survey has then extrapolated this amount to all
organisations that are active in OSS.
How can the contribution value from the survey be scaled up for all organizations?
Our survey was targeted towards organizations most likely to support open source. Simply scaling up the total value represented within the survey to match an estimate of the total number of organizations who participate in OSS is likely to overestimate the total value of contribution. To correct this bias, we use a calibrated bootstrap procedure to account for the fact that our survey likely is skewed towards large contributors. We describe our extrapolation methodology in detail in the appendix.
We begin with a sample of organization-affiliated commits to public GitHub repositories from April 2022 through April 2023. Individual commits can be matched to organizations by linking the domain name of the commit author's email address to organizations domain, under the assumption that that employee is contributing to open source as on behalf of their employer. We next use this sample to approximate how many organizations contribute to open source each year.
They focus too much analysing where contributions (labor/code) are coming from. This feels weird because we usually look at these studies from a financial contribution point of view and not commits. But well, 86% of contributions is employee labor so I can't blame the authors.
This is my favorite insight from the study. 57% of the reported financial contributions by organisations are going towards contractors (specialists who do open source work).
What this means is for most organisations, open source contributions are either "in-house" or hiring specialists who do open source work for them. Just to reiterate, a majority of the already miniscule financial contributions are NOT going to projects/maintainers
After contractors, organizations support bounty platforms, foundations, communities, projects, and individual maintainers.16% contributions go towards foundations and 4% towards communities. Most foundation contributions are basically memberships to orgs like the Linux Foundation, which may come with their own perks.
Blind spots for funding specificsFrom my experience talking to folks in at least the Indian ecosystem, I would rather modify this statement to
Organizations have a great sense of why they contribute to OSS but seem unlikely to describe the value of this investment in refined detail. This is revealed by a dropoff in relative response rates for questions about funding specifics.
"Organizations love talking about why they love open source but usually find it difficult to put money where their mouth is."
There obviously are outliers and I agree that labor is a critical blind spot, and it's difficult to evaluate contributions in terms of employee labor. That in my view is another reason to just financially contribute to projects they thrive on.
Detailed findings
Code Contribution
Organizations are most likely to contribute to repositories that they directly manage (38%) but a close second are projects that are upstream dependencies (34%).
Organizations are more likely to contribute in the form of bug reports (19%), features (19%), general maintenance (18%), documentation (16%) than they are to contribute by providing governance (7%), cybersecurity audits (6%), and legal advice (3%).
The lack of audits shows that security in OSS is not really a priority for organisations (outside of bug reports and features)
OSS work is more likely to be part of the employee’s job (52%) than the entire job (31%).
Organizations do not seem to cite excessive contribution “red tape”: most employees can contribute without explicit approval (38%) or as long as it doesn't interfere with core work (33%).
Most organizations (77%) do not pay more for open source contributions above and beyond the employee's normal salary.
Are there any code contribution activities that are not allowed by your organization?
Most organizations (43%) do not report any code contribution types that are explicitly forbidden by their org.
If they do, contributing to projects with particular licensing requirements seems more likely to be prohibited (25%) as is contributing to projects maintained by competitors (10%).
There don't seem to be any major restrictions except contributing to projects with complicated CLAs, bureaucracy or something that discloses company IP.
Some organizations in regulated industries like financial services outright prohibit open source contributions!Just another instance of Zerodha setting a good example.
Non code contribution
If respondents make non-code contributions, it's most likely to be through donations (21%), foundation membership (17%), or event sponsorship (14%).
Breaking the donations category down further, 11% of organizations donate to foundations, non-profits or general funds while 10% donate directly to maintainers or software projects.
Supporting open source research efforts is another encouraging form of non-code support cited by respondents.
Providing speakers is the most common form of event sponsorship (30%) relative to financial sponsorship (22%), marketing (19%), logistics support (15%) or content curation (14%).
The what? I'm glad no organisation so far has offered to “provide speakers” for IndiaFOSS as a sponsorship.
If organizations support a foundation, the most cited reason is that the foundation supports open source projects that are useful to them.Even for organisations that just want to give back to open source with no preference for specific projects etc., it makes sense going through this route and having a foundation identify projects to fund and pay them. We have seen this interest from some sponsors/partners through the FOSS United grants program.
What is the value of providing speakers for events? For logistics support or content curation? Unless respondents factored these services in when answering questions about non-code contribution levels, the survey might still be undercounting this potentially valuable form of contribution.
I refuse to assign any value to these. This is volunteering at best.
Top cited reasons for contributing to open source: concern for project sustainability (10%), giving back (10%), innovation (9%)
- Small organizations demonstrate a stronger concern for project sustainability and a desire to give back.
- Large organizations seem to place more emphasis on risk mitigation, desire to promote standards and interoperability.
Final thoughts
It's definitely interesting to see a self reported study on OSS contributions. I was definitely hoping for more insights on financial contributions than dollar values attached to employees working on OSS - which is in no way a lesser contribution, just not a very accurate representation of "the state of open source funding" in my opinion.