Open Source Isn’t Free: The Sustainability Crisis in Cloud-Native
My friend Ron Gula, co-founder of Tenable, used to always say to me that “with open source software, there is free as in freedom and free as in beer.” While both are free, there is a huge difference. For most of us, the freedom part of free open source isn’t as important as the free in beer part. We don’t make many changes to the code, just use it and build on top of it. And when some do, they don’t always contribute back those code changes to the project as most open source licenses require.
Unfortunately, many users of open source really do think the software they are using carries no cost just because they don’t pay for the code. However, there is no free beer and there is no really free software. That software you are using for “free” represents the work product, time, effort and very often the cost of individuals who contribute these to open source projects.
Let’s get real: Open source software isn’t magic. It’s not conjured out of thin air by anonymous developers in the night. It’s built, maintained, supported and scaled by actual human beings — some of them volunteers, some paid by companies and foundations, and many juggling both community contributions and full-time work. And that effort costs real money.
Take a look at major open source projects in the cloud-native world — Prometheus, OpenTelemetry, Fluent Bit, Argo, you name it. These are not niche tools. They’re critical infrastructure for everything from observability to orchestration to CI/CD. And yet, many of them are underfunded, undermanned and over-relied upon.
For example, hosting large-scale CI/CD projects like Jenkins or Spinnaker through the Continuous Delivery Foundation can run into the six figures annually. That’s just for hosting and infrastructure — not even accounting for developer time, governance or community management. Someone has to write the check. And often, it’s not the companies using the software.
The Linux Foundation, CNCF, and other daughter foundations have stepped up to support many of these projects — through working groups, events, funding programs and ecosystem development. But even CNCF, arguably the most successful of them all, is now managing over 200 open source projects. That’s a lot of mouths to feed. And as someone who works with these communities, I can tell you — there are cracks forming.
Which brings me to my friend Brian Fox, co-founder at Sonatype. Brian has been vocal lately about the sustainability crisis in open source software, speaking at events like Open Source Summit and urging users and enterprises to think more critically about their responsibilities. Watch this Techstrong.tv interview with Brian here.
He’s not wrong. The numbers are staggering. Depending on the survey, somewhere between 95% and 97% of users of open source software contribute nothing back — not financially, not in code, not in documentation or bug reports. And yet these same users often rely on this software for mission-critical workloads. It’s a digital commons problem at scale.
So what are we doing about it?
We’ve seen some companies attempt monetization through open core models — offering enhanced enterprise features or hosting a SaaS version of their open source tool. Others rely on support, training and certification. These models work — for a few. But many projects and the companies behind them struggle to find sustainable business models in a world where users expect enterprise-grade capabilities for free, forever.
This imbalance leads to contributor burnout. It also introduces long-term risk. When a maintainer gets sick, or quits, or just disappears, critical code may stop being updated. When a company can’t turn a profit with a hosted or open core version of an open source project, they withdraw their support of it. Security patches don’t get pushed. Documentation goes stale. And for the thousands of projects that don’t have CNCF or big vendor support behind them, that’s the norm — not the exception.
We like to say that software is eating the world. But open source software is what’s feeding the beast — and most of it is built on shaky foundations.
I’m not here to sound the alarm without offering hope. I still believe in the power of community. I believe that companies can — and should — be better stewards of the open source projects they rely on. Financially support them. Contribute back code. Send your developers to help triage issues. Sponsor the next bug bash or contributor summit. It all counts.
And let’s educate developers too. Just because code is licensed permissively doesn’t mean it’s without consequence. Developers need to understand the difference between free as in beer and free as in freedom — and the cost of taking without giving back.
AI won’t save us from this one, by the way. Generative models can’t maintain communities or govern pull requests. Foundation funding can only go so far. The only real solution is a cultural one — a shift in how we value and support the code we all rely on.
Cloud-native isn’t going anywhere. In fact, it’s becoming the foundation for AI, digital transformation, edge computing and everything else on the horizon. But let’s not build the future on foundations we’re unwilling to maintain.
There’s no such thing as a free beer. And if we keep drinking without paying the tab, the bar’s going to close.
