I have setup a GitHub discussion on this very topic.
Some references before we start.<p>1. This triggered the discussion <a href="https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license;" rel="nofollow noreferrer">https://www.hashicorp.com/blog/hashicorp-adopts-business-sou...</a><p>2. If you think the current situation is OK, read this paper <a href="https://yuyue.github.io/res/paper/sponsor-chi2022.pdf" rel="nofollow noreferrer">https://yuyue.github.io/res/paper/sponsor-chi2022.pdf</a><p>3. Another case that points out inefficacy of the current model <a href="https://marak.com/blog/2021-04-25-monetizing-open-source-is-problematic" rel="nofollow noreferrer">https://marak.com/blog/2021-04-25-monetizing-open-source-is-...</a><p>4. One more to add to above <a href="https://feross.org/funding-experiment-recap/" rel="nofollow noreferrer">https://feross.org/funding-experiment-recap/</a><p>5. Paywalled <a href="https://www.businessinsider.com/open-source-developers-burnout-low-pay-internet-2022-3" rel="nofollow noreferrer">https://www.businessinsider.com/open-source-developers-burno...</a> (From Google cache <a href="https://webcache.googleusercontent.com/search?q=cache:mw03m6yA5jAJ:https://www.businessinsider.com/open-source-developers-burnout-low-pay-internet-2022-3&cd=9&hl=en&ct=clnk&gl=kz" rel="nofollow noreferrer">https://webcache.googleusercontent.com/search?q=cache:mw03m6...</a>)<p>6. <a href="https://www.dhs.gov/news/2022/02/03/dhs-launches-first-ever-cyber-safety-review-board" rel="nofollow noreferrer">https://www.dhs.gov/news/2022/02/03/dhs-launches-first-ever-...</a> (the first issue they looked at was Log4j vulnerability)<p>Please join the discussion, let's learn everybody's view on this topic. Maybe we shall come up with some new ideas?