The increase in popularity of open source software around the world has turned it into a multi-billion dollar sector that attracts investors from companies around the world. The 2024 Open Source Software Funding Surveycarried out by Github, the Linux Foundation and Harvard University. From its results it is clear that throughout the world, lThe contribution of companies to the sector adds nothing less than 7.7 billion of dollars each year.
Of course, not all the investment that companies make in open source software is economical. In fact, only 14% is made in the form of financial contributions to the different projects. The majority of companies’ contribution to the sector is in the work time of their employees. 86% of investments in open source software are made in this way.
The researchers who carried out the report used information provided to them by 501 sources, whose total contribution to open source software projects each year amounts to about 1.7 billion dollars. The median that companies invest in open source software each year exceeds $520,000. Of them, 345,000 are in the form of work and the remaining 175,000 dollars are in direct economic contributions.
57% of financial contributions went to finance the work of freelancers, and less than a fifth of the amount went to both specific projects (17%) and foundations (16%). Communities (4%), open source software maintainers (4%) and platforms (1%) also received financial injections, although to a much lesser extent.
In addition to shedding light on the investments being made in the sector, the survey has also revealed the existence of dark areas. Thus, 68% of donor companies do not know how much financial support they provided to their different open source software objectives, and 78% did not want, or could not, say what part of their company’s budget was allocated to open source software.
44% of the companies that responded to the survey on which the report is based are based in the United States or Canada, while another 39% are located in Europe. Another 11% are in the Asia-Pacific region. Only 4% are in Africa, and 2% in Mexico, Central America or South America.
In all of them there are different levels of experience in open source. About 44% would have liked to create an open source Project Office. 24% use this type of programs, while only 21% contribute to the projects. Another 18% have published open source projects, and 16% of those surveyed have influence on the projects by holding leadership or maintenance positions.
Regarding security-related initiatives in the sector, they mainly focus on error correction and maintenance. Only 6% of entities stated that they made carrying out complete security audits a priority.
Among the difficulties that the sector is experiencing, in addition to not knowing specifically what type of contributions companies make to this type of projects, is the decentralized nature of the companies’ contributions. In general, there are no centralized groups or policies that encourage organizing these types of efforts, or that undertake to do so. Therefore, reporting on the state of the sector is more complex.
Recommendations for organizations contributing to open source projects
Without the data and enough intent to collect it, scoping an investment can be difficult, according to the Linux Foundation. Therefore, its members recommend that policies and practices be put in place to encourage employees of companies involved in the advancement of open source software to self-report their contributions. Also to use their corporate email addresses, so that there are traces of their company’s contributions, in addition to their own, to the projects to which they contribute.
Additionally, the foundation suggests that open source work be consolidated under a single division in a company, such as a group called, for example, the Open Source Program Office (OSPO). They also advise incorporating monitoring of contributions to the organization’s workflow. 64% of those surveyed do not have an office or area of this type in their organization. Another 7% did not know if they had it or not.
Meanwhile, less than a third of the organizations that participated in the survey require employees to submit commits to projects using their company work addresses, and just over a third actively encourage doing so.
The companies are more likely to contribute to open source projects if they do so through repositories they manage directly (38%), and in projects if they have client-to-server dependencies (34%). 39% of companies contribute to these projects daily, while 60% do so at least once a week.
There doesn’t seem to be any strong correlation between company size and frequency of project code contributions. On the other hand, some respondents indicated that they do not contribute frequently due to lack of resources or commitments to meeting other objectives.