Open Source is Broken, and it’s Our Fault - Lotte Pitcher - NDC London 2026

The Open Source Sustainability Crisis

• ⚠️ Many profitable products rely on the unpaid work of a small group of maintainers, leading to burnout and abandoned projects.
• 💡 High-profile incidents like Heartbleed, Log4j, and XZ Utils highlight critical vulnerabilities and the extensive dependency on under-resourced open-source projects.
• 🧩 The XKCD "Dependency" cartoon illustrates how modern digital infrastructure often rests on the thankless efforts of a single, uncompensated individual.

Challenges for Maintainers

• 🧠 Maintaining open source involves much more than just coding, including triaging issues, fixing bugs, reviewing pull requests, managing security, and writing documentation.
• 📉 The lack of income and negative comments can lead to burnout and "empathy fatigue" for dedicated maintainers who often work in their spare time.
• 🚀 Projects often start from a maintainer solving a personal problem, but the initial "cute puppy phase" of excitement can turn into a burden of maintenance and guilt.

Paths to Sustainability

• 💰 Maintainers can explore options like employment by large companies (e.g., JSON.NET), sponsorships (e.g., Fluent Validation), or commercialization through dual licensing (e.g., AutoMapper).
• ⚖️ Dual licensing allows commercial entities to pay for licenses while offering free tiers for smaller users, but it requires significant effort in business setup and legal expertise.
• 📈 Commercialization, despite its challenges, can lead to a healthier project situation, with increased releases and a re-established positive relationship between maintainer and project.

How Consumers Can Help

• ✅ Identify key open-source dependencies and invest in the highest-risk ones, either financially through sponsorship/licensing or by contributing time.
• 🤝 Encourage and enable employees to contribute during work hours by triaging issues, improving documentation, or making targeted pull requests for bug fixes.
• 🗣️ Maintainers should be more transparent about their needs and project status, making it easier for users to understand how to provide support.

Tools and Future Outlook

• 🛠️ The OSS Health Skills repository offers tools to automate the analysis of open-source project funding and bus factors, helping identify high-risk dependencies.
• 🤖 While AI can generate code, it does not replace the human element of governance, security, maintainability, and trustworthiness that open-source projects provide.
• 💖 Reframing investment in open source as risk reduction rather than charity, saying "thank you," and inspiring others through contributions are crucial for a sustainable ecosystem.