 Our journey towards a sustainable solution to open-source sustainability Starts a few years back in April 2014 Exactly who here recognizes this logo Any takers Yeah It is the logo of the Heartblade bug a bug so bad That it compromised the confidentiality of four and a half million US patient records and cost the industry an estimated 500 million dollars That bug was a pivotal moment where the tech industry realized that open-source was ubiquitous critical and highly undefunded ubiquitous Because the open SSL library that had this bug Was actually relied upon by two-thirds of active websites on the internet critical Because the open SSL library was responsible for encryption keeping communication private making bank transactions secure Securing medical records, etc and undefunded because Open SSL only had one full-time maintainer and was operating on a ridiculously small budget of Roughly two thousand dollars per year. Of course This created like a seismic shock in the industry and Everyone started talking about the problem of open-source sustainability of maintainer burnout And people starting started to try to find solutions The first solutions that emerged Were very much focused on preventing another Heartblade bug First one was the core infrastructure initiative. There was an industry-wide effort backed by the large tech companies and organized by the Linux Foundation and Had a pretty large fund That was administered by the Linux Foundation itself and the steering committee of composed of industry experts and Its goal was really to harden the security of key open-source projects but because its focus was essentially on core infrastructure I Eat to prevent a new Heartblade It really was not looking at making open-source as a whole more sustainable As a result a lot of other Efforts started existing a really interesting one Was open-source developers deciding to leverage existing tools such as patreon So patreon is originally aimed at artists musicians and writers You know its its goal is to create a meaningful revenue stream for artists and it had in The person of evanu pictured here a real success story Evan was able to quite quickly Collect roughly $17,000 per month in order to fund him working full-time on the view.js project however There there aren't that many other similar examples of a Single open-source developer being able to essentially get the equivalent of a reasonable full-time tech salary to focus fully on open-source Outside of working for a company. Let's look at another different Attempt to create a similar kind of revenue stream for open-source developers Gitcoin So what exactly is good coin well good coin is actually multiple things But central to it is a github issue market where as a developer was the owner of a project You can essentially add bounties to github issues and developers Submit their work as a pull request and claim the bounty as such And the platform actually has been distributing quite a bunch of money Over half a million dollar in 2018 only right. It's blockchain based so developers actually receive bounties in ether But what's quite interesting about get coin is it's a whole ecosystem So it also provides a patreon-like solution called grants and a small ad network code fund What is code fund while code fund leverages the fact that open-source projects usually have websites and that those websites are Great places to Find developers interested in a specific set of technology Right. So the ads are very much focused on hiring and their contextual ads So, you know, they avoid all of the tracking issues that Advertisement usually has on the web from a financial perspective Code fund has been roughly a creating $10,000 of monthly revenue Of which 60% so six $6,000 per month is redistributed to project maintainers Open-source sustainability has even attracted venture capitalists Which was OSS capital have created a venture fund specializing in open-source based companies Another really interesting project is open collective so open collective initially was designed for Essentially communities to self-organize and it has been applied quite effectively to open source So open collective even created an open of 501c6. So a non-profit to collect funds for open source and provide Transparency and then redistribute that money to the maintainers of Open-source projects as they saw fit So the real big success story of open collective is of course web pack which has been funded in four to five hundred thousand dollars per year and created like a really Really win-win situation for key sponsors. There's a really interesting story about how Trivago funded web pack through open collective And essentially as a result got a ton of interest from JavaScript developers who wanted to join the company because they saw it as really Caring about open source That said open collective has somewhat of a long tail problem because essentially most of the money is going to a few projects that have a lot of visibility and The the rest of the projects aren't getting as much money and so in order to solve that Open collective created back your stack The idea behind back your stack is that as the owner of a project or as a company that relies on on a bunch of Open-source projects or has a bunch of projects on their github you can basically just run a code and It will tell you not only your dependencies, but the dependencies of your dependencies recursively And then allow you to essentially fund the whole dependency tree through open collective This is actually a very similar scheme to what tidelift another company operating in this space has Created as a business model So what is tidelift exactly? Well, it's essentially on Red Hat's business model, but for the long tail. So it provides to companies a number of things around an open-source project including security updates maintenance legal assurance, etc for all of the open-source Projects that an organization relies on And how does it does it? How does it do it? Sorry Well, that's the really interesting aspect is it do it by paying the actual Maintainers of the projects to do the work to keep those projects up to date and secure And so contrary to the other Projects that we've talked about there's no real success story yet of a set of developers haven't built a business On top of tidelift, but there's certainly like a lot of interest for it so you know We've looked at a few Solutions around open-source sustainability But I think it's also time to Consider Taking a different look at those and seeing whether they really address the problem In a way that seems like a good fit and frankly There are a number of limitations of addressing open-source Sustainability through just the lens of funding right the first problem is Whether or not it actually scales like it is the current level of funding that we're providing realistic compared To the ubiquity of open source to the fact that open source is everywhere Secondly we can really wonder whether Money is really the problem and what's missing from open source, right? So essentially all we asking the right problem was this Thirdly, and I think that's also really key is it's important to wonder whether Solving open-source Sustainability through funding alone Would create the kind of outcomes that we want to see in the industry Don't we don't we risk a future where we'd have on one side Charity-funded open-source developers and on the other sort of corporate developers writing essentially glue code And so you know being fairly well-paid, but having really really boring jobs and Lastly, I think and that's sort of where I believe is the real answer to open-source sustainability long-term is To have a different look at what the real value of open-source is And and to try to Address this issue with that perspective in mind. All right, so let's look at scaling first So this is a hundred dollars bill if you stack a hundred dollars Sorry a hundred bills of a hundred dollar you get ten thousand dollars in this nice Little stack here For reference that is the monthly revenue that code fund That we've just talked about is making from advertisement Now if we stack a hundred of those Right, so two orders of magnitude more We get to one million dollars So this is roughly the amount of money that open collective is Collecting Prior or at least was in 2018 in 2019. I don't know what the numbers offer 2019. Sorry, but roughly around that That's also The amount that tied left the other company that were talked about earlier has committed to pay developers From on the VC funding that they received But how much is really one million dollars? Comparing to sort of like the size of open-source in the world and a good example of that a good way of Thinking about that to me is to sort of have a look at the worldwide developer population and see how many developers there are actually as a start and secondly To start thinking about how much money are these developers paid like what's the Total mass of salary paid to developers worldwide So this is data from a developer census that was run in 2018 and it basically says that there are roughly 12 million full-time professional developers a Little over 6 million that are working part-time and roughly 4 million that are non-professional, right? So a bit above 20 million on developers Let's do some some quick back-of-the-envelope math to see what kind of like salary Total salary that creates worldwide So if we take a 65,000 annual salary for developers for full-time developers This gives us roughly 780 billion dollars Spent worldwide on full-time developers add to that roughly 35k for the 6 million part-time developers per year and you get another 210 billion dollars if you add this up it gives you roughly 1 trillion dollars Spent in wages per year on software developers So that doesn't account for everything else right from the computer to the rooms in which they work to Taxes paid on on the salaries, etc. etc, right? Just salary and you know those numbers might be high for some parts of the world But they're also you know 65 and 35k, but they're also quite low for other parts of the world So a trillion dollar gives us a good sort of like, you know guesstimate of roughly how much money is spent So now let's sort of like compare it back to the 1 million dollars that we're spending on funding open source so if you take a hundred of those sort of like Bill a stack of a hundred dollar bills You get a pallet like a wooden pallet and and you stack on all those and that gives you a hundred million dollars right Now get ten of those and you have one billion dollars ten pallets Four hundred dollar bills one billion dollars, but remember the wages we're talking about is not one billion It's a trillion dollars. So let's have a look at what that means right Here you have ten billion dollars Right, so you have for size of a full full-sized truck on the left Let's have a look at what one trillion dollar means you need to stack a hundred of those to find a one trillion dollar right So one trillion dollars that skyscraper right there are made of hundred dollar bills on wooden pallets on stack wooden Pallets for size remember down there. We have a one million dollars Right, so what can we say about this? Well that there's a huge discrepancy between some of the money that is spent on developers worldwide right and the money that is used to fund open source right now and so that begs the question is Money really what's missing right? Are we trying to solve the right problem here? and so what an interesting way of looking at this is Looking at the amount of developers That are actually fully employed by a company and they're not looking for actual funding right? So the you know the Linux kernel is an interesting example because we have data for this from the next kernel development report So in 2016 right right two years after an hardly bug But that was that has been consistent before and was consistent on after Roughly 93 percent 92 percent. Sorry of developers working on the next kernel We're employed they were doing that as part of their job. So it's it's not like It's suddenly the you know, they will suddenly spend more time because they're paying for it That they you know they get funded for it, right? It's more of a question of maybe do they have enough time to work on this and you know before we sort of like dive deeper into If it's not money then then what is it I think it's worth spending a bit more time considering What would the the outcome be? if we really found a way to fund open source developers on one side and a really for me a really key Quote in that space is one by DHH the creator of Ruby on Rails who wrote in 2013 and an article called the perils of mixing open source and money the following thing He said this part of the reason Much of open source is so good and often so superior to closed-source commercial projects is the natural boundary of constraints if You're not being paid or otherwise compensated directly for your work You're less likely to needlessly embellish it. You're solving the problems for you and your mates Likely in the simplest way you could so you can get back to whatever you originally intended to do Before starting to shave the yak So what is DHH talking about here? He's essentially saying that there are real benefits and having a culture of developers working on Projects one on products on software and as part of that Taking a little bit of time to package sort of like Well-scoped solutions as open-source projects that they can open source Rather than build a whole industry and a whole Organization of people doing sort of open-source as a business So I think that's a really interesting aspect is to say that the frugality of having to build open-source projects like this makes the projects really really focused on solving specific problems and not sort of like Development for the sake of them of development Again as I said before the other real risk for me of Really hoping to fund open-source strictly through Essentially money charity like donations is the real risk of building this sort of like separate culture where you have on one side open-source developers Funded by large corporations creating open-source software that is then You know and and these developers living Not really well like not really having ends meet Having to to go from funding to funding having to fight to sort of like Hustle the sort of get enough funds to continue being able to work on a project right was the risk all the risks that we've seen before Maintain a burnout etc Projects getting closed security issues not being resolved The project is not being patched etc. And on the other hand, you know this sort of like corporate cast of developers Was really nice salaries, but essentially writing glue code around open-source software created mouseware And that doesn't seem like a really beneficial Great environment to work in for actually neither of the players in the script And I think this sort of brings us to a last question, which is what is the real value of open-source? And isn't it time to sort of look beyond the value of just the source code and consider all of the other aspects of open-source and all of the other benefits of Contributing to open source that you can have outside of just the source code itself So, you know the way that we've been sort of thinking about this open-source sustainability problem is To think of open source as a pool of comments like all of the software available to everyone Built by open-source developers that you sort of see around this pool here And on the other hand like across this sort of border in the middle corporations relying on open-source software to build stuff and And so we've realized that there's a real problem here because no one's paying for these open-source developers and as a result the software has problems and so we're just throwing money at the problem, right? So funding open-source essentially through cash was the hope that this will motivate all of these different actors in this mythical open-source ecosystem to contribute to the pool of comments and And as a result that corporations funding this open-source projects and the And the other ones just benefiting from those funds We'll be able to sort of capture the perceived value of this pool of comments This in my opinion really misses the big picture of what the true value of open-source is and if you've been part of an open-source Ecosystem, I mean and to some degree all of you being here today are part of one right at different levels obviously But you've realized that a lot of the value and an open-source ecosystem Isn't just the code being funded, right? It's in the code being worked on sorry. It's actually all of the Interactions all of the learnings all of the benefits of being in a community that is working together on solving really complex and difficult Coding problems and so The real value and I've talked about that in other talks, but the real value is The the benefit and the learning that as an individual Participating in this community you're getting right and so the real value all of you are actually taking back with you Home but also to the companies that enable you to work in this to participate in this ecosystem And so the real question then becomes Not sort of How you can capture the value as a corporation right the capture the value of the code But how you should really? Refocus your attention to sort of understand how you can capture and how you can Capture the value that is created by this whole set of interactions And to better understand that to better understand how companies should get Involved in open source. It's good to stop looking at corporations as just these like entities But also consider that these entities are full of developers that are themselves Quite capable of actually contributing to open source and in lots of cases do And so instead of really focusing on just these developers contributing to open source Let's remember that the real value of open source is in all of these interactions right And so, you know, if you actually allow as a company your developers to participate in this ecosystem, right? all of those Interactions are going to help your developers influence the project Learn from others Etc right and that as a result of these interactions as a result of this community Your developers participating in that ecosystem would actually bring all of the value that they're required back home And that's how corporations truly benefit from open source Not only and not just by using the code that's the output of this whole process But really by getting their engineers involved in the process and leveling them up improving Allowing allowing them to grow and benefit from this ecosystem and becoming better engineers Understanding and adopting better practices, etc. Yeah, you know as a conclusion I think it's really important to understand that charity likes funding to open source Alone is not going to be the solution, right? Of course, it's a great ad and it's wonderful if we can allow a number of community members to Live open source differently and work on open source full-time are not necessarily working for cooperation If that's what they want and if like the whole ecosystem benefits as a result, right? But the real way forward is to normalize engineers like you all contributing to open source as part of their day job and To make that possible the best solution is to make corporations and organizations Really understand the return on investment of having their teams contribute to open source Voila, that's it for today people. I would love to have questions about this And I'm happy to entrust them in the chat. Thank you so much for your time and your attention Bye-bye