How many companies are relying on open source software?

Hello everyone,

Since the Log4j vulnerability came up, one of the common suggestions is that companies should finance open-source software they rely on.

One of the threads:

If we don’t think about the scale of the problem/investment, it’s understandable why people naturally go in this direction.

However, considering that there are about 20+ million software developers worldwide and almost every application uses open source software, my guestimate would be in the range of one million companies.

In other words, one of the most common expectations is to finance the open source ecosystem through the random and voluntary contributions of one million globally distributed companies.

It even gets more complicated since this is not a static picture; the companies and their dependencies are also constantly changing.

Would anyone be interested in writing an article about these difficulties? And does anyone have good data/research showing how many companies use open source software? It would be better to refer to a solid figure in the article/conversations.

Also, please feel free to comment if you favor the “companies should finance open source” approach:

  • Is there any similar case that works on such a scale?
  • Do we have a way to track the companies’ contribution progress to see which ones are lagging? For example, should we check engineering contributions through public repositories or financial contributions on platforms like Open Collective?
  • Is there any specific method to avoid the “free-rider problem” so the companies that contribute don’t get disincentivized in the long run? Through social pressure, or allowing contributors to have voting rights in the decision-making process?

Thank you!

It’s the same situation that I’ve described in my article A Successful Business Model for Open Source Development

1 Like


Synopsys, “2021 Open Source Security & Risk Analysis Report,”

Edit: I see that you linked to this report in your article – but this report does have a breakdown of % of OSS used by industry.

1 Like