The Open Source Pledge is useful because it makes a soft problem accounting-grade. Companies have spent years saying that open source is critical infrastructure, but the phrase often stops just before the invoice. The Pledge changes the unit of discussion: a member company should pay at least $2,000 per year per full-time equivalent developer to open source maintainers or foundations of its choosing, and only cash payments count toward that obligation.[1]
That sounds simple enough to be dismissed as a slogan. It is stronger than that. The governance signal is not that one more donation page exists. The signal is that the Pledge turns maintainer support into a recurring operating line tied to headcount, excludes payments to company-controlled projects, asks for transparency through public reporting, and says the quiet part plainly: open source sustainability is not solved by goodwill, stickers, cloud credits, or conference applause.[1][3]
As of 2026-05-21T06:33:29Z UTC, the member page lists 36 current companies and reports $3,690,880 paid to maintainers over the last year, with $7,156,281 paid since launch.[2] The largest listed member by developer count is Posit at 160 developers and $4,688 per developer; Sentry is listed at 132 developers and $5,682 per developer; Sanity is listed at 73 developers and exactly $2,000 per developer.[2] Those numbers do not make the Pledge a complete funding model for open source. They do make it legible enough to compare behavior across companies instead of relying on the usual unpriced rhetoric.
The important constraint is cash
The Pledge's most important governance choice is narrowness. Its about page says the goal is to get companies to pay maintainers of software they depend on, and then draws a hard boundary around what counts.[1] Hiring developers to work on open source can be valuable. Cloud credits can be useful. Sponsoring an event may help a community gather. But for the Pledge, those are not substitutes for cash reaching maintainers.[1]
That boundary matters because many corporate open source programs blur three different activities: improving a company's own developer relations, funding neutral ecosystem infrastructure, and paying the maintainers of dependencies the company does not control. All three can be useful, but they are not the same. A vendor can spend heavily on its own plugin ecosystem and still leave the third-party libraries inside its product underfunded. The Pledge tries to prevent that accounting trick by excluding projects a company controls and projects that exclusively benefit the company's own ecosystem.[1]
The rule is not anti-participation. The same guidance says code contributions, advisory participation, and board work can be good additions.[1] The hierarchy is the point. Participation is additive; cash support is the floor. For maintainers, that distinction is not philosophical. It affects whether someone can justify time on release hygiene, issue triage, security response, documentation, and boring compatibility work that does not create a launch post.
Why this arrived now
The Pledge officially launched on October 8, 2024, after Sentry had already run an internal funding program for several years.[3] David Cramer's launch post framed the program around two operating goals: pay maintainers directly and do it sustainably as the company grows.[3] That second clause is easy to overlook. A one-off grant can rescue a release or soften a bad quarter, but it does not change the way a company budgets for dependency health. A per-developer formula does.
The broader timing also fits the evidence. Tidelift's 2024 maintainer survey reported that 60% of maintainers still described themselves as unpaid hobbyists, while paid maintainers were 55% more likely, on average, to implement critical security and maintenance practices than unpaid maintainers.[4] The same release listed specific gaps: paid maintainers reported higher adoption of two-factor authentication, static code analysis, vulnerability response, disclosure plans, signed releases, peer review, dependency management, and reproducible build practices.[4]
That does not mean cash automatically creates healthy maintenance. It means unpaid maintenance has a predictable ceiling. Security work, compatibility testing, release signing, documentation, and issue response all compete with paid employment, family time, and burnout. When companies treat these tasks as free externalities, they should not be surprised when the work arrives late, unevenly, or not at all.
The Pledge is a governance primitive, not procurement
The cleanest way to read the Pledge is as a governance primitive for small and mid-sized companies. Procurement wants a vendor, an SLA, a support queue, and contract remedies. The Pledge does not promise those. It even emphasizes no-strings-attached payments as the primary intent.[1] That makes it less like buying support and more like internalizing a dependency cost that was previously pushed onto volunteers.
This is why the model is especially interesting for companies that are too small to run a foundation-grade open source office but large enough to know their dependency graph matters. A five-developer company can understand a $10,000 annual commitment without inventing a new department. GitButler's public report is a good example: it mapped five full-time developers to a $10,000 annual pledge and disclosed payments including $6,000 to Tauri and $3,000 to Svelte.[6] That is not a perfect dependency-impact model. It is a public, auditable starting point.
The same simplicity is also a limitation. A flat per-developer number does not know whether a company depends heavily on cryptography, packaging, databases, UI frameworks, CI tooling, or language runtimes. It does not automatically solve which maintainers should receive money, whether funding should go through individuals or foundations, or how to balance critical but invisible dependencies against high-profile projects. The Pledge handles this by emphasizing transparent annual reports and direct judgment rather than central fund allocation.[1][6]
The hard part is selection
Once a company accepts the headcount formula, the next governance problem is choosing recipients. A dependency graph is an input, not a moral algorithm. The most imported package is not always the most underfunded. The most visible maintainer is not always the person doing the highest-risk work. A foundation may provide useful continuity but may not pay individual maintainers directly. A direct maintainer payment can be efficient but may create tax, legal, or conflict concerns for both sides.
The Pledge's eligibility rules help by narrowing obvious abuses: payments should go to Open Source Definition projects, company-controlled projects are out of scope, and ordinary platforms such as GitHub Sponsors, Open Collective, thanks.dev, and ecosyste.ms Funds are acceptable channels only when the underlying payment fits the criteria.[1] Still, the selection problem remains a real operating task. A good annual report should explain not only who was paid, but why those projects were chosen.
That is where the Pledge can improve corporate open source practice even before the dollar totals become huge. It makes companies inventory their dependency exposure, discuss maintainers as counterparties rather than scenery, and decide whether their existing "open source support" spend actually reaches the people maintaining the software they ship. TechCrunch's 2024 survey of funding efforts placed the Pledge alongside other equity-free approaches from FOSS funds, fellowships, and VC-backed grants; the common thread was that widely used projects often create value without having an obvious company behind them.[5]
What would prove it is working
The strongest success signal would not be a bigger logo wall. It would be repeatable reporting quality. A mature member report should state the developer-count basis, total pledge amount, recipient list, payment channel, any relationship to the recipient, and selection method. It should also separate controlled-ecosystem spend from eligible maintainer payments. That gives maintainers and users a way to evaluate whether the company is paying for dependency health or merely rebadging marketing spend.
The second success signal is recipient diversity. If funding concentrates only in already-famous frameworks, the Pledge may still help, but it will miss much of the fragile infrastructure layer. The best reports will combine visible projects with less glamorous libraries, release tooling, packaging infrastructure, documentation systems, security-response work, and foundations that demonstrably route money toward maintenance.
The third signal is habit formation. A company that joins once and then disappears has made a donation. A company that publishes a report every year has created a governance loop. The per-developer formula is valuable because it grows with engineering headcount and avoids the annual drama of whether open source deserves a discretionary line this time.[1][3]
The boundary condition
Open Source Pledge should not be treated as the final answer to open source sustainability. It does not replace paid support contracts, security audits, foundation budgets, public-interest funding, maintainer employment, or stronger contributor norms. It also cannot force every beneficiary company to participate. The Pledge is narrower: it gives companies a public, measurable, cash-based minimum for paying maintainers outside their own walls.[1][2]
That narrowness is why it matters. Open source governance often gets trapped between moral language and procurement language. The Pledge creates a third lane: not charity, not a vendor contract, but recurring payment for infrastructure the company already uses. If enough companies adopt that lane, the most important change may be cultural. "We depend on open source" stops being a closing line in a keynote and becomes a budget question someone can audit.[2][5]
Sources
- Open Source Pledge, "About the Pledge" - official rules for the $2,000 per developer norm, eligible payments, direct-maintainer focus, out-of-scope company-controlled projects, and cash-only treatment.
- Open Source Pledge, "Members" - current member table, developer-count basis, dollars per developer, and aggregate payments over the last year and since launch.
- Open Source Pledge, "Join the Pledge" by David Cramer (October 8, 2024) - launch post explaining Sentry's direct-funding origin, sustainability goal, and scaling rationale.
- Help Net Security, "Paid open-source maintainers spend more time on security" (September 23, 2024) - independent summary of Tidelift's 2024 maintainer survey findings on paid and unpaid maintainers.
- TechCrunch, "Open source projects draw equity-free funding from corporates, startups, and even VCs" by Paul Sawers (November 10, 2024) - independent context on the Pledge and adjacent funding models for open source projects.
- GitButler, "GitButler's Annual Open Source Pledge Report" by Scott Chacon - member report example mapping five developers to a $10,000 pledge and disclosing recipient payments.
- Wikimedia Commons, "File:FOSDEM 2024 welcome.jpg" by RichiH - source page for the real photographic cover image of a FOSDEM 2024 audience.