Sustainability of OSS is an important, but often overlooked issue. The private sector is struggling to find the right model to maintain and sustain OSS. The International Development Agencies need viable long-term strategies to sustain the OSS projects they are developing, funding, or using.
Two young colleagues invited me for coffee to discuss their proposal to develop an open source software (OSS) system for administering government programs in developing countries. The idea of replacing costly, custom-built proprietary systems with open-source solutions tailored for specific country requirements was very appealing.
“Why pay millions of dollars for a proprietary solution when an open source system will be free?” exclaimed one of the colleagues.
I inquired cautiously, “Have you considered how to maintain these systems once they are deployed? Who will pay for customization and on-going support to the country clients? How do you consistently ensure the quality of the code?”
“The international OSS community will volunteer their time to maintain and improve these systems.” was the reply.
The world’s digital infrastructure relies on OSS. The share of OSS is increasing rapidly and now represents almost 60% of the world’s software codebase. As with any public good, OSS suffers from the free rider problem—there are no clear incentives for the authors of OSS to continue to support and maintain their products. Moreover, there is no legal entitlement for end-users of OSS to on-going support. OSS components might be used in other OSS products with multiple levels of nesting; systems distributed across organizations and individuals complicate the introduction of common standards and governance structures. In the case of roads and bridges people have a reasonable expectation that these public goods will be maintained with dedicated public funds. In contrast, OSS consumers often do not realize they are free riding on passionate contributions of individuals and firms that are “…ignored and unappreciated until something goes wrong.”
Given the complexity of today’s IT ecosystem, software products quickly become obsolete and potentially put the end-user at risk without the constant maintenance and support services. OSS is particularly vulnerable because of the voluntary nature of the maintenance efforts. Bugs need to be fixed and the software needs to be updated to maintain operating system compatibility as well as new security requirements. Users require improvements and new functionality. Community contributions should be reviewed and merged or rejected. Maintenance and support activities represent 40% to 80% of the total cost of a given commercial software product. The assumption that “Open source software will continue to fall from the sky like manna from heaven and that the people behind it can be abstracted away … is just really wrong,” concludes a founder of License Zero, Kyle Mitchell.
The private sector is struggling to find the right financing model for OSS projects. Many questions do not have clear answers: Should individual contributors, who are often involved in many OSS projects get paid? Or instead, should projects and products themselves get financial support? How can we best fund projects developed by globally distributed teams while at the same time preserving the voluntary spirit of the open source communities? What will happen to the Open Source movement when, instead of social gratitude, the contributors expect financial compensation for their work?
A few Open Source business models ranging from training, providing hosted services, and developing proprietary add-ons (the so called “open core” model), were suggested, but worked for only handful of developers. Patreon is a crowd-source platform that provides a means to accept donations to projects. License Zero is a platform that offers two licensing models: a free license for non-profit and/or open source users, and a commercial license to use for profit or in closed source (at a fee of 1% of the cost of private licenses). Tidelift assists developers with maintenance, security and licensing in the hope that these services will help fund the OSS projects.
While showing potential, these initiatives are still in the early stages of adoption and are generating only very modest contributions. By way of example, Open Collectives, one of the biggest platforms in this space, collected less than $3M since its inception in 2015. It is still unclear how these financing models will impact the Open Source community. Some large corporations (e.g. AT&T, Salesforce, Capital One, etc.) subsidize contributors to work part/full-time on popular open source projects. This is a laudable step by commercial entities, but there is no requirement for transparency in the decision making about which OSS projects are subsidized.
The multilateral development agencies (MDAs) are also increasing their reliance on OSS in three distinctive ways. First, some components of an MDA’s internal enterprise IT systems may be open source (e.g. Linux, Apache Tomcat and Nifi). Second, researchers and policy practitioners are developing open source systems and algorithms for use in policy analysis or operational interventions (e.g., Open Tenure by UNFAO, the World Bank Transport and Digital Development Global practice has published 50 OSS repositories). Third, the MDAs may finance the development of OSS by particular software firms (e.g. Plataforma de Gestión Catastral Multipaís by IDB) in order to create a general global public good.
The sustainability of OSS is a relevant concern for each of these use cases. Traditionally, the MDA's central IT organization would mitigate the lack of maintenance services in OSS by stipulating a maintenance and support contract with a third party commercial entity (e.g. RedHat for Linux). This approach will not scale in the new reality of wide adoption of the OSS. Almost two-thirds of the top open source projects on GitHub are supported by one or two individuals (Eghbal 2017); many projects are developed by globally distributed communities of volunteer contributors. In most cases, there is currently no clear business entity that could credibly provide an SLA for these applications and systems.
What are the options for the MDAs to address the sustainability of the OSS they use? Few ideas come to mind, but, clearly, these are very preliminary and the whole approach require more thought and testing:
- The MDAs could provide grants necessary to achieve certain OSS targets (e.g., MOSIP Digital Identity project). If these one-time grants could evolve into an on-going commitment instead, it would help resolve the sustainability issue for a predictable period of time. Some metrics would need to be developed to determine that an application is ‘viable’ and retains its eligibility to continue to receive the grant.
- The MDA could join and contribute to organizations such as Digital Impact Alliance Open Source Center at the UN Foundation, that is created to allow public entities to co-invest in the Open Source technologies in the effort of delivering the sustainable digital products.
- The MDAs could also try adopting the experience of large corporations and offer a full- or part-time employment to the contributors to the OSS that is a part of the mission-critical systems.
- A solid maintenance strategy needs to be in place when projects are funded by an MDA, developed by third parties, and the ultimate end-users are the MDA’s clients. MDAs need to be thoughtful about the economics of the OSS projects they sponsor and implement mechanisms to insure the software’s long term viability, especially in developing countries where access to commercial alternatives is both limited and costly.
The MDA should increase their leadership in the international development community for sponsoring OSS projects and helping to create organizations to provide maintenance and support services in an organized and coordinated way. In summary, the MDAs and the World Bank are well positioned to improve the worldwide adoption of OSS and help create strategies for addressing OSS sustainability.