This is the work-in-progress fund distribution model for the Open Source Endowment.
-
We aim to build a transparent, measurable, and verifiable model that can be iteratively improved by the open-source community and approved by a majority of active OSE donors.
-
It will never be a perfect model, because (1) open-source consumption cannot be measured with 100% precision, and (2) there is no ideal consensus on how to prioritize OSS grants.
We aim to focus our support on the core of open-source ecosystems — roughly the ~1% of packages that account for 99% of downloads and dependencies. Our model is a data-driven approximation of global open-source supply chain usage, designed to surface its most critical yet underfunded components.
It is important to trace dependencies across ecosystem boundaries, not just within them. For instance, Pandas [Python] depends on NumPy [Python], which depends on OpenBLAS [C] (details). This cross-ecosystem view naturally elevates low-level infrastructure libraries in C/C++, Fortran, and similar languages.
Beyond dividing grants between ecosystems, we need to prioritize individual OSS projects within each one. Our goal is to make this process transparent and quantifiable, combining automated scoring with human judgment, especially in the early stages. The model is under active development; its final form will emerge from discussions with OSE donors.
Our approach is a three-stage pipeline — Value → Risk → Eligibility — where each stage narrows the set the next one operates on:
| Step | Goal | Implemented | Roadmap |
|---|---|---|---|
| Value | Find most important packages in ecosystems | Download-weighted PageRank for Python (PyPI), Rust (crates), JS/TS (npm), C/C++ (Debian, Homebrew) based on dependency trees, covering 95% downloads in each ecosystem | Community nominations, critical software lists, cross-ecosystem dependencies |
| Risk | Prioritize risky projects among most valuable | Bus factor and Herfindahl--Hirschman index for contributors, complexity metrics (LOC, etc) using scc | OpenSSF scorecard, active maintainers, issue activity, GitHub Sponsors |
| Eligibility | Filter to fundable projects | OSS license check (63 OSI-approved) | Trademark check (corporate vs community), EOL check |
Detailed methodology lives in docs/: one page per stage — value, risk, eligibility — plus docs/sources/ (one page per data source) and docs/components/ (cross-cutting components — the per-language value pipelines python / javascript / cpp / rust, plus the funding and validation tables). The code mirrors this: src/sources/<source>/ for fetch/process scripts, src/{value,risk,eligibility}/ for the stage pipelines, and src/common/ for shared infrastructure.
Work is currently happening in this repo and the following places:
- bindep (@vladh) — Strategies for finding binary dependencies
- software-finder (@jring-o) — PyPI to GitHub repository mapper