Hello everyone,
Since the Log4j vulnerability came up, one of the common suggestions is that companies should finance open-source software they rely on.
One of the threads:
If we don’t think about the scale of the problem/investment, it’s understandable why people naturally go in this direction.
However, considering that there are about 20+ million software developers worldwide and almost every application uses open source software, my guestimate would be in the range of one million companies.
In other words, one of the most common expectations is to finance the open source ecosystem through the random and voluntary contributions of one million globally distributed companies.
It even gets more complicated since this is not a static picture; the companies and their dependencies are also constantly changing.
Would anyone be interested in writing an article about these difficulties? And does anyone have good data/research showing how many companies use open source software? It would be better to refer to a solid figure in the article/conversations.
Also, please feel free to comment if you favor the “companies should finance open source” approach:
- Is there any similar case that works on such a scale?
- Do we have a way to track the companies’ contribution progress to see which ones are lagging? For example, should we check engineering contributions through public repositories or financial contributions on platforms like Open Collective?
- Is there any specific method to avoid the “free-rider problem” so the companies that contribute don’t get disincentivized in the long run? Through social pressure, or allowing contributors to have voting rights in the decision-making process?
Thank you!