Sixty percent of open source maintainers consider themselves to be unpaid hobbyists, https://tidelift.com/open-source-maintainer-survey-2023/ With concerns about the security of the software supply chain paramount, this situation looks dangerous for organizations that depend on open source code. The study by Tidelift, released Tuesday, showed that 77% of unpaid maintainers would like to be paid for their work.
Of those open source maintainers who are aware of the new security standards, only 43% are either already using them (28%) or plan to use them in the next year (15%), according to the study.
Open source maintainers are pushing back hard on the expectation that they take greater responsibility for security, according to the study.
What would it take to get more open source maintainers to align their projects with standards like the OpenSSF Scorecards and SLSA?