Source: Content compiled from IEEE

A new saga is unfolding in the open source world. Matt Mullenweg, the founder of the open source web content management system WordPress, has accused WordPress web hosting provider WP Engine of infringing the WordPress trademark. WordPress powers about 40% of the world's websites. The two companies are currently embroiled in a legal dispute.

As Mullenweg wrote in a post on his personal website, "We gave WP Engine a choice of how to pay its fair share: either pay the license fee directly or make an in-kind contribution to the open source project. This is not about money-grabbing: it's an expectation that any business that makes hundreds of millions of dollars from an open source project should give back, and if they don't, then they can't use their trademarks."

Mullenweg also criticized WP Engine for not investing enough time in the open source project despite making a lot of money from it. WP Engine fought back, filing a lawsuit against Mullenweg and Automattic, the company behind WordPress.

At the heart of the debacle is what Dries Buytaert, the founder of the open source content management system Drupal, calls the "maker-taker problem." "The creators of open source software (the makers) find their work used by others (usually service providers) who profit from it without contributing in a meaningful or fair way (the takers)," he wrote in a blog post.

For Chad Whitacre, head of open source at application monitoring software company Sentry, "The whole point of the open source license we have is this permissionless sharing — it's the blessing and curse of open source." Everybody can use it, but that's exactly what puts us in a position where we can't support it directly through the market."

01 Open source developer discontent is rising

The conflict between WordPress and WPEngine also highlights the transformational role of open source technology. What began as small, emerging projects by passionate, collaborative software developers have grown into a vital part of the vast infrastructure of computers and the internet. In fact, the Linux Foundation estimates that approximately 70% to 90% of today's applications are composed of open source software.

Increased reliance on open source puts pressure on project maintainers, especially when it comes to providing timely software updates and critical security fixes. In late 2021, a vulnerability in the widely used Log4j tool was one of the most high-profile security incidents in the open source world. Earlier this year, a backdoor attack against the Linux compression tool was discovered - attackers posing as contributors earned the trust of maintainers over a two-year period, allowing attackers to insert dangerous code into the tool. Both security vulnerabilities were found in small open source projects maintained by small teams or even lone volunteers, all of which are affiliated with large enterprises.

Compounding this challenge is the growing sense of maintainer burnout, which portends disaster. According to a 2024 survey by Tidelift, a company that works with and pays open source maintainers to implement secure software development practices, the top three reasons respondents disliked being a maintainer included not being compensated financially enough or not being compensated at all, feeling like they were not valued or had a "thankless job," and increased personal stress. It's no surprise, then, that more than half of maintainers have either quit or considered quitting their job. 

Find kinds of semiconductors in www.easelinkelec.com.

02 How to solve the open source crisis

So how can companies that benefit from open source projects better support the community? Whitacre suggests "three levers to solve the open source sustainability crisis and avoid maintainer burnout." The three levers revolve around commercialization, taxation, and social recognition.

Commercialization is the traditional path, which is finding a business model to fund open source projects. "You don't pay directly for the open source software, you pay for something else that supports or funds the open source work," Whitacre said. He cited the classic example of making the software itself free and open source, but charging for support and services. "The key to the commercialization lever is that you need something scarce to do business with. Open source is post-scarce by definition and intent, so you have to find something else that is scarce."

Taxation is another way to support open source technology financially. In Germany, for example, the Federal Ministry for Economic Affairs and Climate Action is funding the Sovereign Tech Fund, a program of the Sovereign Tech Agency that invests in "projects that benefit and strengthen the open source ecosystem." Currently funded projects include the Unix-like operating system FreeBSD, the Java ecosystem testing framework JUnit, the PHP Foundation behind the PHP programming language, and the OpenJS Foundation, which hosts a range of JavaScript projects.

Similar programs under the purview of the Sovereign Tech Agency include a scholarship to pay open source maintainers and services that improve the resilience of open source software, such as code security audits, help with known security issues, and a bug bounty and fix platform. As the Sovereign Tech Agency notes, "The open source ecosystem, while hugely successful, is also increasingly fragile. There are many more people using software than contributing to it. Now is the time to invest in the digital commons, volunteer communities, and open source ecosystems to build the digital world we want to see."

The final piece of the puzzle, according to Whitacre, is social recognition. Drupal does this by recognizing and incentivizing the efforts of contributors through a credit system. Individuals and organizations that contribute to Drupal (whether through code, documentation, submission of case studies that demonstrate the software's success, or financial support) receive credits, which can include exposure and advertising on the Drupal site, as well as benefits such as early access, discounts, and event sponsorships.

03 Businesses can pledge to help

Whitacre himself is harnessing the power of social proof as the leader of the Open Source Pledge, an organization dedicated to paying maintainers directly. By joining the pledge, companies pay at least $2,000 per full-time developer per year to the open source maintainers of their choice. "That means if a company employs 50 developers, they're paying at least $100,000 per year to the maintainers of the open source software they rely on," Whitacre explained.

Members of the Open Source Pledge must also publish a blog post detailing how much they pay maintainers. "We need companies to voice their support and participation in the pledge on their blogs, in their own voices, to encourage other companies to do the same," Whitacre said. "It's about accountability and awareness."

The Open Source Pledge was founded just over a month ago and currently has only two dozen members, most of which are "smaller, developer-focused startups that have been highly aligned with open source from the beginning," Whitacre said. The group's goal is to expand to large enterprises, which may take some time.

Looking to the future of open source software, Whitacre hopes to see more programs like Drupal and hopes to see government agencies and the technology sector work together to promote the management of open source projects.

"Through commitments, we are trying to get the money flowing, but this is only half of the equation," Whitacre said. "That's the very important half and the part we need to start and focus on now. The other half is how to make sure the money actually does what we want it to do. We need to inspire this commitment from the entire industry, expand it, and get other companies to join us."

View more at EASELINK