In 2014, OpenSSL had a gigantic security problem: Heartbleed. Its root cause? A combination of blind trust in the open-source programming method and a shoe-string budget. Less than a year later Werner Koch, author and sole maintainer of the popular Gnu Privacy Guard (GnuPG) email encryption program, revealed he was going broke supporting GnuPG.
Koch’s story had a happy ending. First, The Linux Foundation, via its Core Infrastructure Initiative (CII), donated $60,000 to GnuPG. Then, e-payments vendor Stripe and Facebook agreed to sponsor the program’s development to the tune of $50,000 a year.
That’s great, but something’s seriously wrong when small, but vital open-source programs can be ignored until either the code breaks from neglect or its programmers abandon it to make a living from more lucrative projects.