In the ever-evolving world of open-source software (OSS), the need for sustained support and resources is becoming increasingly critical. As OSS continues to play a central role in global infrastructure, its long-term viability often hinges on securing proper funding for maintenance, improvements, and innovation. However, many of these projects face a constant challenge of underfunding, particularly in areas vital to cybersecurity and software security. To address this gap, new funding instruments have emerged, aimed at ensuring the survival and continued advancement of OSS projects.
In this report, Jukka Ruohonen, Gaurav Choudharya, and Adam Alamia of The University of Southern Denmark delve into two prominent funding bodies dedicated to supporting OSS, particularly in the realm of cyber security. By analyzing their funding patterns, we explore how they prioritize critical software components, such as supply chains, cryptography libraries, and operating systems, which are integral to the safety and stability of our digital world. Beyond funding, this study also highlights the intersection of critical infrastructure and the sustainability of OSS, connecting these efforts to recent cybersecurity regulations. The findings offer a nuanced understanding of how sustainability, cybersecurity, and the “tragedy of the commons” shape funding decisions in the OSS landscape.
