The Code Beneath Everything: Open Source as Public Infrastructure

The infrastructure hiding in plain sight

Most of the digital services people rely on, government portals, health record systems, payment rails, the everyday web, run on open-source software somewhere in the stack. It is genuine infrastructure, as foundational to modern public life as the electrical grid, and like the grid it is largely invisible until it fails. This primer is about taking open source seriously as public infrastructure: understanding why it has become foundational, why that creates a responsibility most institutions have not accepted, and what it takes to keep it sound.

The argument is that open source is not merely a cheaper or more transparent way to build software but a shared public asset that the institutions depending on it must help sustain, and that the gap between how much the public sector uses open source and how little it maintains it is a real risk to the services everyone relies on.

Why open source became foundational

Open source earns its place in public infrastructure for concrete reasons, not ideological ones. Because the code is inspectable, it can be trusted and audited rather than taken on faith, which matters when it runs systems the public depends on. Because it is reusable, an investment one institution makes can serve many, rather than every agency rebuilding the same capability behind its own wall. Because it avoids proprietary lock-in, it keeps institutions free to adapt, switch providers, and build on what exists instead of being captive to a single vendor's pricing and roadmap. And because it can be shared and jointly governed, it lets institutions, and even nations, collaborate on common foundations.

These properties are why open source increasingly underpins digital public infrastructure worldwide, the shared software layers that deliver identity, payments, health, and information at scale. International bodies now treat open-source digital public goods as core tools for delivering public services, precisely because the alternative, proprietary dependency at population scale, is fragile and expensive in the long run. Open source, in other words, became foundational because it has the properties public infrastructure needs.

The maintenance gap

Here is the uncomfortable truth about this foundation: it is widely used and thinly maintained. The labor of keeping open-source infrastructure sound, security patching, dependency updates, documentation, community governance, is essential, ongoing, and chronically under-resourced, often resting on a small group of contributors relative to the vast number of institutions that depend on their work.

The structural problem is a mismatch between use and contribution. Many public institutions use open source without contributing back to its upkeep. This is permitted, and it is also a slow-building risk, because it concentrates the maintenance burden on a few and leaves the shared foundation under-supported relative to how much rides on it. When a widely used component has too few maintainers, a single burnout or a single unpatched vulnerability becomes everyone's problem. The grid analogy holds: a shared system that everyone draws from and no one is responsible for maintaining is a failure waiting for its moment.

From consumption to contribution

The fix is a shift in posture from consuming open source to helping sustain it, and the practices are increasingly well defined. Institutions can contribute back the improvements they make rather than only taking. They can fund maintenance and security directly instead of relying on volunteer goodwill, through dedicated time, paid maintainers, or permanent funds for critical software. They can establish open-source program offices with real budgets to manage how they use, contribute to, and govern open source. And they can require security by default, with software bills of materials and vulnerability disclosure, so the foundation is sound rather than merely free.

The principle underneath is that the digital infrastructure powering public services deserves the same sustained investment as the physical infrastructure that connects communities. We do not expect roads to maintain themselves on the goodwill of passing drivers, and we cannot expect the code beneath public services to maintain itself on the goodwill of a few unpaid contributors. Treating open source as public infrastructure means funding its upkeep as infrastructure, not admiring it as a free gift.

What this means for public-interest infrastructure

Recognizing open source as public infrastructure changes the obligation that comes with using it. The measure is not only whether an institution builds on open source but whether it helps keep the open-source foundation sound through contribution, funding, and governance. That favors a contribution posture, supported maintainers, real budgets, security by default, over the default of quiet consumption that leaves the shared base under-resourced.

This is the Foundation's stewardship concern at the level of the code itself, and it is the technical bedrock the rest of this series builds on. Open source is the infrastructure beneath public digital life. Treat it as infrastructure to be sustained, contribute to its upkeep, fund its maintenance, govern it responsibly, and the foundation holds. Treat it as a free resource to be consumed, and the foundation everyone stands on quietly weakens until the day it gives way.

References

1. Dries Buytaert. Funding Open Source like public infrastructure (2026). Institutions using open source without contributing shift maintenance onto a few; governments should move from consumption to contribution and invest as in roads and bridges. https://dri.es/funding-open-source-like-public-infrastructure

2. United Nations Office for Digital and Emerging Technologies. UN Open Source Week 2025. The essential but invisible labor of maintainers; security, governance, dependency management, and burnout. https://www.un.org/digital-emerging-technologies/content/open-source-week-2025

3. Public Digital. Digital public goods. Open-source digital public goods delivering national services and advancing the SDGs; sustainability as the dominant challenge. https://public.digital/pd-insights/signals/signals-5/digital-public-goods

4. Digital Public Goods Alliance. Our policies to unlock the promise of digital public goods (2025). Open-source program offices with fixed budgets, permanent maintenance funds, security by default via SBOM and vulnerability disclosure. https://www.digitalpublicgoods.net/blog/our-policies-to-unlock-the-promise-of-digital-public-goods

5. UN Development Programme. Digital public infrastructure. Open-source technology and multi-stakeholder stewardship of digital public goods at global scale. https://www.undp.org/digital/digital-public-infrastructure

6. Linux Foundation Europe. Building Digital Public Infrastructure Through Open Source (2025). Horizontal open-source infrastructure enabling innovation across sectors and avoiding proprietary dependency. https://linuxfoundation.eu/newsroom/building-digital-public-infrastructure-through-open-source-key-insights-from-un-open-source-week-2025