The customers (multinational and middle size companies, ranging from telecoms, banks, governments, goods and services) pay for support and features of the software. Software has always bugs and CVEs that need fixing, or new features, or needs for securing its supply chain (with SLSA, SBOMs, etc).
There’s a handful multibillionarie companies that follow this approach with open source: Red Hat, SUSE, Canonical, VMware, etc. Particularly in cloud-native tech like Kubernetes and all that gets deployed on top of it.
If a technology is not open source it really doesn’t exist anymore. Customers have learned from the last 30 years and run away from vendor lock-in (AWS, AKS, Google cloud services…).
Well, my employer pays me to maintain 100% of the time a specific security project that is deployed on Kubernetes. The project is donated to the CNCF (part to the Linux foundation), and my employer doesn’t push any of us in the team to work on any specifics, just to keep improving it in general. All development happens in the open, including slack chats, etc. (Would be happy to share the specific project, written in Rust mainly, but I don’t want to doxx this specific Lemmy account :D)
The customers (multinational and middle size companies, ranging from telecoms, banks, governments, goods and services) pay for support and features of the software. Software has always bugs and CVEs that need fixing, or new features, or needs for securing its supply chain (with SLSA, SBOMs, etc).
There’s a handful multibillionarie companies that follow this approach with open source: Red Hat, SUSE, Canonical, VMware, etc. Particularly in cloud-native tech like Kubernetes and all that gets deployed on top of it.
If a technology is not open source it really doesn’t exist anymore. Customers have learned from the last 30 years and run away from vendor lock-in (AWS, AKS, Google cloud services…).
Oh, I program with open source stacks too. I thought you were referring to a specific FOSS app or SaaS.
Well, my employer pays me to maintain 100% of the time a specific security project that is deployed on Kubernetes. The project is donated to the CNCF (part to the Linux foundation), and my employer doesn’t push any of us in the team to work on any specifics, just to keep improving it in general. All development happens in the open, including slack chats, etc. (Would be happy to share the specific project, written in Rust mainly, but I don’t want to doxx this specific Lemmy account :D)