In mid-2024, Tidelift fielded its third survey of open source maintainers. More than 400 maintainers responded and shared details about their work, including how they fund it, who pays for it, and what kinds of security, maintenance, and documentation practices they have in place today or would consider in the future. They also shared their thoughts about some “in the headlines” issues like the recent xz utils hack and the impact of AI-based coding tools. In this post, we share the third of twelve key findings. If you don’t want to wait for the rest of the results, you can download the full survey report right now.
In each of our maintainer surveys over the last few years, we’ve asked a variety of questions to learn more about how maintainers get paid for their work. In our first finding from this year’s report, we shared the results from a question where we forced maintainers to categorize themselves as a professional, semi-professional, or unpaid hobbyist, and 60% of maintainers placed themselves in the unpaid hobbyist category (they could only choose one answer).
Later in the survey we asked a slightly different question about maintainer income, and allowed them to choose as many answers as applied to them:
Which of the following describe the source of your maintainer income (Choose all that apply)?
Before we delve too deeply into the answers, here’s an aside for any survey nerds like us (we know you are out there!). The way questions are worded or otherwise set up can have a large impact on the answers, and we have a good illustration of that here.
In the earlier question, we forced a single response, versus in this question, we let maintainers choose multiple answers that applied to them. Interestingly, even though the earlier question taught us that 60% of maintainers consider themselves unpaid hobbyists, when prompted with a set of potential income sources, only 47% report that they do not get paid to maintain projects. We asked both of these questions in our previous survey as well (and this particular question in all three surveys), and the results have stayed remarkably consistent over time, as the chart below shows.
So what gives? Why is there a 13-percentage-point (60% vs. 47%) swing on what seems like a very similar datapoint? Because of the way this question is worded, it likely comes down to the amount of money maintainers are being paid. Some maintainers who consider themselves unpaid hobbyists probably only receive a nominal amount of income and not enough for them to begin to think of themselves as semi-professional or professional maintainers. Even if they technically received some payment for their work, it isn’t enough to make them identify as a professional or semi-professional maintainer. Or perhaps being prompted with some potential income sources or being able to choose multiple responses made them provide answers with a more nuanced perspective.
The percentage of maintainers who report they don’t get paid to maintain projects (47%) has stayed consistent in all three surveys (46% in both previous surveys), as has the percentage who report receiving income from another organization or individual (e.g. Tidelift, GitHub Sponsors, foundations, etc.) to maintain a project (32% in this survey, 31% in the previous survey, and 32% in the survey before that).
But we did see a slight drop in the percentage of maintainers who consider maintenance to be an explicit part of their paid job responsibilities. In this year’s survey, only 24% cited salary or wages from their employer as a source of maintainer income, which is less than the 2023 survey (28%) and the 2021 survey (27%), but still close enough that the difference is likely not statistically significant.
Things get more interesting when we look at the follow-up answers from maintainers who report receiving income from another organization or individual to maintain a project. As we did in our previous surveys, we asked maintainers where that income was coming from. The percentage of maintainers receiving income from donation programs like GitHub Sponsors has risen slightly, from 16% in 2021, to 24% in 2023, and to 25% in 2024. As we noted earlier, 24% of maintainers receive income from their employer because maintenance is explicitly part of their job responsibilities (and, again, that is down from 28% and 27% in previous surveys).
At 19%, Tidelift is the third highest reported source of income, up from 2023 (16%) and 2021 (15%). Side note: in case you were wondering how Tidelift’s maintainer partners figured into the results here, the large majority (70%) of survey respondents are not Tidelift maintainer partners, which is consistent with the 2023 survey (70%) and 2021 survey (68%).
The number of maintainers who report getting paid directly by companies (not their employer), governments, individuals, or foundations, is much lower than any of the top three income sources.
In this survey only 5% of maintainers report receiving income directly from companies (this answer choice was not an option in previous years). Another 5% report getting direct payments from individuals, which is steady compared to 2023, but much lower than the 10% of maintainers receiving this type of income in 2021. And only 3% of maintainers report that they have received income from open source foundations, which has remained steady across all three surveys (it may be surprising to some that this percentage is not higher).
Because governments around the world have taken a greater interest in open source software security over the past few years in the wake of prominent security incidents like SolarWinds, Log4Shell, and xz utils, we asked maintainers in our latest survey whether they were receiving income directly from governments or other public entities. But to date, this income source is a non-factor, with only 1% of maintainers reporting receiving direct payments from governments or other public entities.
As you review these findings, don’t lose sight of the fact that none of these sources of maintainer income are being reported by more than one quarter of maintainers. This is one of several warning signs you’ll find throughout this year’s report that show we have a lot of work to do to ensure the amazing open source maintainers we all depend on have the financial support they need to keep their projects healthy, safe, and secure.