Omkhar<p>$8.8 trillion. Yes, with a T.</p><p>In 2024, my friend Frank Nagle (et al.) at Harvard Business School dropped a paper titled The Value of Open Source Software </p><p><a href="https://www.hbs.edu/ris/Publication%20Files/24-038_51f8444f-502c-4139-8bf2-56eb4b65c58a.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">hbs.edu/ris/Publication%20File</span><span class="invisible">s/24-038_51f8444f-502c-4139-8bf2-56eb4b65c58a.pdf</span></a></p><p>It’s not light reading, but here’s the TL;DR:</p><p>* Supply-side value of creating and maintaining popular open source software? About $4.15 billion.</p><p>* Demand-side replacement cost if companies had to rebuild that OSS themselves? A casual $8.8 trillion.</p><p>Let that sink in. Open source software is quietly propping up the global economy like a tired BOFH running on coffee and unpaid emotional labor.</p><p>And how do we reward open source maintainers, the unsung heroes keeping the digital world upright?</p><p>Enter the AI Slop Era.</p><p>Take <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> — creator and lead maintainer of cURL and libcurl — two of the most widely used OSS projects in existence. Instead of sipping margaritas on a beach somewhere (as he should be), he's busy triaging nonsense AI-generated “exploits” reported via HackerOne.</p><p>Want a peek into his inbox of doom?<br>1. HackerOne cURL Hacktivity <a href="https://hackerone.com/curl/hacktivity?type=teamFilter" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackerone.com/curl/hacktivity?</span><span class="invisible">type=teamFilter</span></a><br>2. Filter by: Report State = Not Applicable<br>3. Feel: 😬 existential dread</p><p>This is what happens when people feed vibe-code into an LLM, squint, and hit “submit.”</p><p>So, what can you do?</p><p>* Using AI to vibe-code security bugs? Please stop. Seriously. Shut the laptop. Go touch grass. Maybe talk to a human.<br>* Using OSS in your business? Chances are, you are. Time to give back — with funding, sponsorships, or actual engineering help.<br>* Using OSS personally? Thank a maintainer. Donate. Contribute. Even fixing a typo in the README helps.</p><p>Open source built the internet. It’s still holding it together with duct tape and goodwill.</p><p>Let’s treat it — and the people behind it — like the $8.8 trillion miracle it is.</p><p><a href="https://infosec.exchange/tags/aislop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aislop</span></a> <a href="https://infosec.exchange/tags/opensourcesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensourcesoftware</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/touchgrass" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>touchgrass</span></a></p>