The simple version
Open source software is code that anyone can read, copy, and modify for free. It also happens to run most of the internet, power nearly every smartphone, and underpin the AI boom — and the people who write it rarely get paid for that specific work.
Why this is weirder than it sounds
Consider what your company actually runs on. The web server handling your traffic is probably Nginx or Apache, both free. The database storing your customer records is likely PostgreSQL or MySQL, both free. The operating system on every server in your data center is almost certainly Linux, free. The programming languages your engineers use — Python, JavaScript, Ruby — free. The tools they use to manage code, build software, and ship it: mostly free.
This is not a fringe situation. A study by the Harvard Business School estimated that if companies had to build the open source software they use from scratch, the cost would run to roughly $8.8 trillion. That number covers only the demand side. The supply side, what it actually costs volunteers and contributors to produce this code, is a small fraction of that figure.
The gap between value created and money paid is almost unprecedented in any other industry. It is the defining economic oddity of modern software.
How this happened
Open source did not emerge from altruism. It emerged from frustration.
In the early 1980s, a programmer at MIT named Richard Stallman found that he couldn’t fix a bug in a printer driver because the manufacturer wouldn’t share the source code. His response was to start the GNU Project and establish the principle that software should be free to study, modify, and distribute. Linus Torvalds released the Linux kernel in 1991 for more practical reasons: he wanted a free operating system he could tinker with. Neither man was primarily trying to build an economic movement.
The economic logic that followed is what made open source scale. Writing software is expensive once and nearly free to distribute. That asymmetry means that when many organizations share a piece of infrastructure, each one bears a fraction of the cost. If a hundred companies each need a database, and one company builds it in-house for $10 million, that’s $10 million times a hundred. If they collaborate on a shared open source version, the total cost might be $20 million, shared unevenly, with most companies paying almost nothing.
Every participant captures nearly all the value. Nobody captures the full price.
The companies that got rich giving code away
This might seem like a recipe for bankruptcy. It turned out to be a recipe for dominance.
Red Hat built a billion-dollar business (eventually acquired by IBM for $34 billion) by giving away Linux and charging for support, certification, and enterprise reliability. MongoDB, Elastic, and HashiCorp followed a similar path: release a powerful open source core, then charge for hosted versions, advanced features, or organizational tooling that large enterprises need.
Amazon, Google, and Microsoft tell a different story. They use open source extensively, contribute to it selectively, and profit most from the cloud infrastructure that runs it. Amazon Web Services built much of its early technical advantage on Linux and open source databases. The company didn’t pay for the code. It paid engineers to configure and operate it at scale, then charged customers for access. That business is now worth more than most countries’ GDP.
This created a long-running tension. Open source projects generate enormous commercial value, often for companies that contribute little back. The maintainers who write the code frequently do so in their spare time, underpaid or unpaid, while the cloud providers selling access to their work generate billions in profit.
The fragility hiding in plain sight
In 2021, a critical vulnerability called Log4Shell was discovered in a Java logging library called Log4j. The library was free, maintained largely by volunteers, and embedded in software used by hundreds of millions of systems worldwide — including products sold by Apple, Amazon, Cloudflare, and many others. Patching it required coordinated effort across the entire industry. The people most responsible for fixing it had never been paid to build it.
This is not an isolated case. The Heartbleed bug in 2014 affected OpenSSL, a cryptography library that secured a significant portion of internet traffic and was maintained for years by a tiny team with minimal funding. After the vulnerability was discovered, money finally started flowing in. The lesson had to be learned repeatedly.
The economic problem is a classic free rider scenario. When everyone can use something without paying, there is insufficient incentive for anyone to fund its maintenance. The result is critical infrastructure running on the equivalent of volunteer fire departments.
GitHub Sponsors, the Open Source Security Foundation, and programs at major tech companies have begun to address this, but the funding remains vastly out of proportion to the value at stake.
Why this matters now
The AI boom has made the open source question sharper. Large language models depend on open source training frameworks, open source programming languages, and open source tooling at every layer. Meta released the Llama model family as open weights, setting off a cascade of derived models that reshaped what any well-funded research team could build. Whether Llama is truly “open source” in the traditional sense is a legitimate debate, but the strategic logic is the same: give away the core, compete on infrastructure, services, and talent.
The companies that win in AI will not necessarily be the ones that write the most foundational code. They will be the ones that best assemble, operate, and build on top of code that was largely written by others. That is a recognizable pattern. It is exactly what happened with Linux, with databases, and with the web.
The value of open source software keeps growing. The mechanism for funding the people who write it has not kept pace. That gap is not a technical problem. It is a collective action problem, and collective action problems are solved by changing incentives, not by hoping volunteers stay motivated forever.
The most valuable thing in tech that nobody pays for is, eventually, going to require paying for.
