Running the internet, under-funded and under-staffed? - How to achieve a sustainable open source ecosystem

A presentation at re:publica 2024 in May 2024 in Berlin, Germany by Jutta Horstmann

Slide 1

Slide 1

Running the internet, under-funded and under-staffed? How to achieve a sustainable open source ecosystem re:publica, May 29 2024 | Jutta Horstmann | CEO, Mailvelope

Slide 2

Slide 2

vs. Luca Florio, CC BY-SA 2.0, via Wikimedia Commons

Slide 3

Slide 3

Economic Sustainability The project has funding to continue operations

Slide 4

Slide 4

Economic Sustainability The project has funding to continue operations for years to come.

Slide 5

Slide 5

Slide 6

Slide 6

Slide 7

Slide 7

Slide 8

Slide 8

Source: https://xkcd.com/2347

Slide 9

Slide 9

Credit: Leena Snidate / Codenomicon, CC0, via Wikimedia Commons

Slide 10

Slide 10

OpenSSL Credit: Leena Snidate / Codenomicon, CC0, via Wikimedia Commons

Slide 11

Slide 11

“So the mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn’t happened more often.” – Steve Marquess, OpenSSL

Slide 12

Slide 12

GnuPG

Slide 13

Slide 13

Reactions

Slide 14

Slide 14

Log4J

Slide 15

Slide 15

xz Utils

Slide 16

Slide 16

The situation today ● 96% of the surveyed codebases included OSS ● 77% of the code in the codebases was OSS ● 49% of code bases included OSS that had had no developer activity in the past two years – Synopsys ‘24 Open Source Security Report (audited > 1,700 codebases across 17 industries, source) ● 60% of open source maintainers describe themselves as “unpaid hobbyists.” ● 44% of all maintainers said they are the only person maintaining a project. – Tidelift study 2023, https://thenewstack.io/open-source-needs-maintainers-b ut-how-can-they-get-paid

Slide 17

Slide 17

How to make a living from building Open Source software?

Slide 18

Slide 18

The Economics of Open Source

Slide 19

Slide 19

Voluntary, unpaid work

Slide 20

Slide 20

Voluntary, unpaid work

Slide 21

Slide 21

Lack of contributors Lack of funds Vicious cycle Lack of business / product development

Slide 22

Slide 22

Sustaining F/OSS: Business and Funding Models

Slide 23

Slide 23

Unrestricted funds Dual licensing / paid product Paid services Ads Crowdinvesting Investment / VC Grants Donations Awards GitHub Sponsors Crowdfunding Universal Basic Income Paid internship Restricted funds High effort beyond product work Paid contributor Low effort beyond product work

Slide 24

Slide 24

Scales with success Ads Dual licensing / paid product Donations Paid services Crowdfunding Grants Does not scale Awards Unpredictable GitHub Sponsors Investment / VC Paid internship Crowdinvesting Paid contributor Universal Basic Income Predictable

Slide 25

Slide 25

Examples

Slide 26

Slide 26

Adblock Plus What is it? What does it do? License: Developed by Browser extension Block ads, tracking, malware GPL Adblock Inc (subsidiary of eyeo GmbH) Available since 2006 Funded by ● Ads / paid services: Acceptable Ads revenue ● Freemium ● Donations

Slide 27

Slide 27

Drupal What is it? What does it do? License: Developed by CMS / DXP Framework for web content publishing GPL Community Available since 2001 Funded by ● ● ● ● ● Donations Grants (Drupal association) Sponsorships Paid contributors Paid services

Slide 28

Slide 28

GnuPG What is it? What does it do? License: Developed by: Crypto engine implementing PGP standard Encrypt & signs data and communications; key management system GPL Werner Koch / g10 Code GmbH Available since 1997 Funded by ● ● ● ● Public contract (Germany, for GPG4Win and VS-Desktop) Crowdfunding Donations (by larger companies like Stripe, Facebook) Paid services (g10 Code GmbH)

Slide 29

Slide 29

Mailvelope What is it? What does it do? License: Developed by Browser extension Encrypt webmail communications AGPL Thomas Oberndörfer, Mailvelope GmbH Available since 2012 Funded by ● Grants ● Paid subscriptions (Mailvelope Business)

Slide 30

Slide 30

Mozilla Firefox What is it? What does it do? License: Developed by Browser Encrypt webmail communications Mozilla Public License (MPL) Mozilla Foundation & Mozilla Corporation Available since 2004 Funded by ● Donations (Mozilla Foundation) ● Paid services / Ads (Mozilla Corporation, 81% (2022) from Google paying for making it the default search engine)

Slide 31

Slide 31

MySQL What is it? What does it do? License: Developed by Database Management System Stores and manages information in databases GPL and proprietary MySQL AB Available since 1995 Funded by ● Donations (Mozilla Foundation) ● Paid product via dual licensing

Slide 32

Slide 32

Learnings Longevity built on ● keeping the organization small ● finding a profitable paid services business model ● building a profitable paid services ecosystem ● dual licensing ● securing (unrestricted) grants ● securing (large) donations

Slide 33

Slide 33

Economic Sustainability The project has funding to continue operations for years to come.

Slide 34

Slide 34

Beware! ● Tip jars / Gig economy ● Restricted funds ● Short-term grants ● Grant writing overhead ● Donation taxation Tomwsulcer, CC0, via Wikimedia Commons

Slide 35

Slide 35

How about… funding Open Source maintainers with public money from (corporate) taxes? applying licensing that requires you to pay money when you build commercial offerings on top of OSS?

Slide 36

Slide 36

Licensing “I want everyone to be able to use my code only for non-commercial purposes.” ● Commons Clause: https://commonsclause.com ● Sustainable License: https://manishrjain.com/sustainable-license-faq ● Heather Meeker: https://heathermeeker.com/about-me/

Slide 37

Slide 37

What Open Source sustainability means for US Source: https://www.acquia.com/blog/series/women-of-drupal

Slide 38

Slide 38

< 10% female contributors to Open Source repositories Sources: https://www.toptal.com/open-source/is-open-source-open-to-women, https://community.sap.com/t5/open-source-blogs/women-in-open-source/ba-p/13508760, https://www.computer.org/csdl/magazine/co/2022/12/09963732/1Iz0RZM9Wbm

Slide 39

Slide 39

18% Gender pay gap: In Germany, women earn 18% less than men. (2022, DESTATIS)

Slide 40

Slide 40

9h Gender care gap: Per week, women work 9h more unpaid than men do. (2022, DESTATIS, Germany)

Slide 41

Slide 41

How can one expect women to contribute to Open Source when that means spending spare time we don’t have, on another topic we are not going to be paid for? https://www.toptal.com/open-source/is-open-source-open-to-women

Slide 42

Slide 42

Open Source sustainability enables diversity. Source: Created by Midjourney

Slide 43

Slide 43

Thank you! Jutta Horstmann Mailvelope GmbH CEO, Mailvelope GmbH https://www.mailvelope.com jutta@mailvelope.com @mailvelope (X, Mastodon) https://www.linkedin.com/in/jhorstmann/ https://www.linkedin.com/company/mailvelope/ @smphr (Mastodon) PGP: 89D1 69A3 ECAD CA3D A4E6 F3A7 DFA4 EE0F 9113 4859