“Morally repugnant shortsightedness”: Why open source security leaders say companies must stop freeloading on maintainers
The Open Source Security Foundation (OpenSSF), a Linux Foundation initiative, has published a strong rebuke of companies that benefit from open source software without contributing back. In a post on The New Stack, OpenSSF leaders argue that this freeloading is 'morally repugnant shortsightedness' that undermines the security and sustainability of the open source ecosystem. They call on organizations to provide financial support, contribute code, and participate in security efforts. The consequence of inaction, they warn, is a growing risk of unpatched vulnerabilities and maintainer burnout, which could lead to systemic failures in critical infrastructure. The OpenSSF is working on initiatives like the Open Source Security Scorecard and the Alpha-Omega project to improve security, but stresses that industry-wide participation is essential.
Developers face increased security risks if companies don't support maintainers.