The Linux Foundation’s research arm just published a report about interviews with 32 maintainers of critical open source projects (local copy). Only 62% of these maintainers, i.e. 20 people, were employed by their organizations to work on these open source components. I consider this low and would have expected a higher number.
What’s worse, only 38% of the interviewed maintainers said that they feel a high degree of support for their work. Why is this bad? Because there is an obvious disconnect between the organization’s investment decision (employ someone to work on specific critical open source components) and the day-to-day grind at the company, where this strategic decision is not wholly recognized.
It shouldn’t be like this. A company that uses open source components in their products creates a dependency on them. If this is a critical dependency, for example, if it is a first-level dependency that establishes compatibility with an important ecosystem that the company is selling their products to, the company needs to engage with this open source project.
In my seminar on open source business strategy, I discuss how creating open source dependencies in your products should be viewed as an investment decision and one at that which needs safeguarding. Check it out!