The Open Source Security Foundation (OpenSSF), working in tandem with a number of other well - known open - source software foundations, has put out a joint statement. In this statement, they express that they can no longer shoulder the unpaid burden of protecting the worldwide software supply chain. These foundations are now calling on enterprises to provide financial support for open - source infrastructure, with the amount of payment being determined by the scale of their usage.

The statement highlights that although open - source software drives innovation and offers great convenience, the expenses associated with maintaining its security are substantial. It stresses the need for a global collaborative effort to distribute the responsibilities. The foundations put forward a recommendation to establish a payment mechanism. This mechanism would be used to fund crucial initiatives, including the formation of security teams, the execution of vulnerability scans, and the conduct of code audits. Through these measures, the overall security of the open - source ecosystem is expected to be significantly strengthened.