After the Heartbleed bug in OpenSSL was discovered in 2014, it came to light that OpenSSL, a critical piece of internet infrastructure used for securing communications, was maintained by a very small team with limited financial resources. The situation sparked a debate about the lack of support for such a crucial project.

The OpenSSL team and its supporters pointed out the disparity between the project's importance and the lack of financial and development support it received from the broader industry, which heavily relied on it.

In 2016, Nadia Eghbal published a report titled "Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure," funded by the Ford Foundation. The report highlighted the critical but often underfunded work of maintaining open-source software.

The report itself is a comprehensive complaint about the lack of financial support for developers of crucial open-source infrastructure, based on extensive research and interviews with open-source maintainers.

Feross Aboukhadijeh ended an experiment aimed at funding open-source maintainers by displaying sponsorship messages during software installation. The experiment sought to directly compensate maintainers for their work on open-source projects.

he experiment sparked a debate about the sustainability of open-source projects, highlighting the disparity between the value created by maintainers and the financial support they receive. Feross pointed out the irony of companies paying thousands for services related to open-source software while contributing little to the maintainers of such software.

Evan You, the creator of Vue.js, shared his journey from childhood in China to developing Vue.js full-time, funded by a Patreon campaign. His background spans from playing with Flash in high school to studying art and design in college, eventually leading to a career in tech at Google and then creating Vue.js.

Evan did not explicitly express a complaint but highlighted the challenge of making open-source work financially sustainable. He had to initiate a Patreon campaign to support his full-time dedication to Vue.js, addressing the broader issue of compensating open-source maintainers for their valuable contributions to the tech community and industry.

At the Game Developer Conference in San Francisco, during a panel on "ANGRY BIRDS – An Entertainment Franchise in the Making," an audience member identified as Erin Catto, the creator of the Box2D physics engine, requested credit from Rovio for using his engine in Angry Birds.

Despite having written the Box2D phyiscs engine used in Angry Birds, it appears that Erin Catto did not even receive acknowledgment, let alone financial compensation from Rovio, the creators of Angry Birds.

Andres Freund discovered a backdoor in xz/liblzma, compromising SSH server security. This vulnerability, hidden in xz versions 5.6.0 and 5.6.1 tarballs but not in the git source, was activated during configuration through an obfuscated script, leading to potential system compromise.

While not directly attributed to financial or resource constraints, this incident highlights the vulnerability of open-source projects to security risks when lacking sufficient resources for comprehensive audits and oversight.

Let's not get started with software supply chain attack just yet ...