Because Open Source software is free, some companies struggle to understand why it would make financial sense to pay for the Open Source software they use. But more and more companies are starting to see that paying the maintainers of the Open Source software they rely on reduces their company's exposure to risk, saving them money in the long run.
This is because paying maintainers helps companies safeguard the stability, security and innovation that keeps their products going. Paying maintainers enables them to help you comply with upcoming cybersecurity legislation. And companies that pay maintainers get a competitive advantage by attracting customers, employees and contributors.
Here's a breakdown of the reasons why you will benefit from paying the maintainers your company depends on, and, in doing so, becoming one of the pioneers of a better Open Source ecosystem.
1. Pay maintainers to avoid stability and security problems
Why does software become unstable and insecure if we don't pay maintainers? Well, if you don't pay for the Open Source software you use, someone else has to bear the cost of developing it. Most often, this cost takes the form of a reduction in living standards for Open Source maintainers, who have to work an unpaid and burnout-inducing second shift after their day job.
This arrangement harms the maintainers that your work relies on. But it harms you too, even if most of the time it's hard to notice. Maintainer burnout means the Open Source software you rely on becomes less stable and secure. Issues with widely-used Open Source software are always being uncovered, be they bugs, accidental security issues such as Log4Shell, or maliciously introduced exploits such as the XZ Utils backdoor.
These two exploits were enabled by mental-health-harming maintainer burnout, with some maintainers of critical software at times working 22 hour days for free. The only reason these exploits didn't cause a catastrophe affecting hundreds of millions of people is that they were discovered early. But how many more vulnerabilities in industry-wide infrastructure lurk undiscovered? As soon as maintainers burn out, supply chain attacks become easy.
Don't let your business rely on at-risk software — pay the maintainers who can make your stack sustainable and secure. Paying to avoid the liability caused by unstable and insecure software just makes financial sense.
2. Pay maintainers to safeguard the Open Source innovation you rely on
Innovative Open Source projects have enabled us to watch YouTube videos, go to space, exchange medical records and keep in touch with friends and family. Open Source projects have a competitive advantage in innovation, since they have access to a global contributor base of subject matter experts. Microsoft's own managers have remarked that “commercial quality can be achieved / exceeded by OSS projects”. But if only those who make personal sacrifices can be maintainers, maintainership is discouraged, which leads to a decrease in Open Source innovation. If you want your business to be able to continue leveraging innovative Open Source software, the most sustainable way is to pay the maintainers who do the innovating.
3. Pay maintainers to conform to new cybersecurity legislation
The EU's Cyber Resilience Act, which sets out minimum cybersecurity requirements that must be met before software is placed on the EU market, has come into force. By December 2027, companies will have to ensure that both their internally authored software, and the entire Open Source supply chain their software depends on, complies with these regulations.
Auditing all of the Open Source packages you depend on, and all of the packages they depend on, is daunting. The most reliable way to ensure compliance is to collaborate with Open Source software stewards — basically, foundations — that take on the work of certifying certain Open Source packages. But at least 50% of foundations say they have insufficient financial support to actually ensure CRA compliance.
Open Source foundations are your greatest ally in ensuring you comply with EU law, but they can't do this if they don't get paid. That's why your company should pay the Open Source foundations relevant to your ecosystem.
4. Pay maintainers to demonstrate thought leadership
Being a forward-thinking Open Source pioneer that pays maintainers reflects positively on your company's brand, which can persuade customers to choose you over a competitor. Paying maintainers tells customers that you care about the health of your industry, because you're in it for the long haul, instead of focusing on short-term profits. It shows that you're connected to the prominent companies, foundations, maintainers, CEOs and writers that recognise the Open Source sustainability crisis. Most of all, it shows that you are a thought leader that understands their field deeply and anticipates problems before they occur.
To communicate these values to customers, the Open Source Pledge regularly promotes member companies, be it on the Nasdaq tower in Times Square, in outdoor advertising campaigns in San Francisco, or online. Join us by paying maintainers.
5. Pay maintainers to build connections with contributors
Your company probably depends on Open Source contributors in one way or another. Often these are the contributors that add features to the Open Source libraries you depend on, but they could also be contributors that improve Open Source or source-available projects that your company has published.
These contributors are important to your business, because they enable you to leverage not only your employees' skills, but also the skills of a global base of specialised developers, which is a real business advantage. It's in your interest to not only attract contributors, but also to ensure contributors stick around to help.
Though Open Source contributors are not primarily motivated by money, people will be more likely to contribute if they know they will be paid fairly for their work.
6. Pay maintainers to make recruiting easier
Developers are aware of the crisis that Open Source sustainability faces. If developers looking for work know that you take seriously the sustainability of the Open Source ecosystem they work within, they'll be happier working for you than for your competitor. Becoming a member of the Open Source Pledge is a great way to convey your values to prospective employees. Open Source Pledge members are eligible to use our member badges on their website and job board, and also get their job postings listed on the Open Source Pledge job board.
If these arguments make sense to you, use platforms like thanks.dev, Open Collective, GitHub Sponsors and ecosyste.ms Funds to pay the maintainers you rely on. If you pay these maintainers at least $2000 per full-time equivalent developer you employ per year, you'll be eligible to become a member of the Open Source Pledge.