Companies large and small are committing funds to support the maintainers of key open source software projects in the wake of high-profile vulnerabilities such as Log4j, Heartbleed, and Shellshock.
Despite most software today being underpinned by open source projects, their developers and maintainers are often unpaid volunteers working in their spare time. For example, Apache’s Logging Services team of 16 unpaid volunteers is responsible for maintaining the popular Log4j logging framework, which was recently the subject of a major vulnerability.