zum Inhalt springen

    Open Source Software: Discussion Paper on Sustainable Funding Structures

    Tags:

    Open source software is a central foundation of modern digital infrastructures, yet it is often developed and maintained with limited resources. A discussion paper by the National Test Institute for Cybersecurity NTC analyses the structural challenges within the open source ecosystem and shows how sustainable funding, security, and innovation capacity can be strengthened.

    Open source software is now a central pillar of our digital world. From cloud services and enterprise applications to government platforms, it is embedded in nearly every modern infrastructure. Around 97 % of all analysed software products contain open source components, often as core building blocks.

    2026-diskussionspapier-ossIllustration: AI-generated image / National Test Institute for Cybersecurity NTC 

    At the same time, a structural challenge is becoming apparent: many of these critical components are maintained by small, underfunded developer teams. Time and resources for systematic security analyses, professional maintenance, and long-term development are often lacking.

    Against this backdrop, the National Test Institute for Cybersecurity NTC, with support from the Mercator Foundation, has published a discussion paper on the current state of open source software. 

     
    Structural Challenges in the Software Supply Chain 

    The analysis shows clearly that open source is ubiquitous but structurally underfunded. Many key components are maintained by individual contributors, while security considerations often take a back seat to rapid development.

    In addition, regular independent security assessments are lacking, even though they could significantly strengthen the cybersecurity and resilience of the entire software supply chain.

    Sustainable Structures for Secure Open Source Software 

    To address these challenges, the NTC advocates professionalizing the security of open source software and promoting the sustainable development of open software ecosystems. The following measures are necessary:

    • systematic security analyses of central open source components

    • support for maintainers in remediating vulnerabilities
    • the establishment of stable structures that enable adequate compensation, continuous maintenance, and long-term stability

    In addition, resilient and sustainable alternatives are required. These include in particular: 

    • open protocols
    • interchangeable components

    • transparent architectures

    These elements form the foundation for digital sovereignty and independent IT ecosystems.

    A New Ecosystem for Open Source

    The discussion paper proposes the development of a new open source ecosystem that brings together the interests of developers, companies, and government, ensures sustainable financing, improves security and quality, and fosters innovation.

    A central coordinating organisation—an OSS Coordinator—could close legal, organizational, and security-related gaps, strengthen collaboration, and bring together requirements from the market and the community.

    Invitation to the Discussion

    The discussion paper is intended as a contribution to the strategic discussion on the future of digital infrastructures. The NTC aims to further develop this model together with interested stakeholders from government, industry, research, and the community in order to develop viable solutions for a secure, sustainable, and independent digital infrastructure.  


    The discussion paper is available in German and English, and the Executive Summary is also available in French and Italian. Additional language versions can be accessed via the website’s language navigation.