Posts Tagged ‘Open Source’
AWS invests in strengthening open source infrastructure at the Eclipse Foundation
In our recent open letter and blog post on sustainable stewardship of open source infrastructure, we called on the industry to take a more active role in supporting the systems and services that drive today’s software innovation. Today, we’re excited to share a powerful example of what that kind of leadership looks like in action.
The Eclipse Foundation is pleased to announce that Amazon Web Services (AWS) has made a significant investment to strengthen the reliability, performance, and security of the open infrastructure that supports millions of developers around the world. This commitment will benefit multiple core services, including Open VSX Registry, the open source registry for Visual Studio Code extensions that powers AI-enabled development environments such as Kiro and other leading tools.
Sustaining the backbone of open source innovation
For more than two decades, the Eclipse Foundation has quietly maintained open infrastructure that forms the foundation of modern software creation for millions of software developers worldwide. Its privately hosted systems deliver more than 500 million downloads each month across services such as download.eclipse.org, the Eclipse Marketplace, and Open VSX. These platforms serve as the backbone for individuals, organisations, and communities that rely on open collaboration to build the technologies of the future.
AWS’s investment will help improve performance, reliability, and security across this infrastructure. The collaboration reflects a shared commitment to keeping open source systems resilient, transparent, and sustainable at global scale.
Open VSX: a model for sustainable open infrastructure
Open VSX is a vendor-neutral, open source (EPL-2.0) registry for Visual Studio Code extensions. It serves as the default registry for Kiro, Amazon’s AI IDE platform, and is relied upon by a growing global community of developers. The registry now hosts over 7,000 extensions from nearly 5,000 publishers and delivers in excess of 110 million downloads per month. As a leading registry serving developer communities worldwide, including JavaScript and AI development communities, Open VSX has become a vital piece of open source infrastructure that supports thousands of development teams worldwide.
By supporting Open VSX, AWS is helping to strengthen the foundations of this essential service and reinforcing the Eclipse Foundation’s ability to provide secure, reliable, and globally accessible infrastructure. Their contribution reflects the importance of collective investment in maintaining the resilience, openness, and security of the tools developers use every day.
This sponsorship highlights the shared responsibility that all organisations have in sustaining the technologies they depend on. It also sets a strong example of how industry leaders can contribute to ensuring that the services we all rely on remain trustworthy, scalable, and sustainable for the future.
Improving reliability, security, and trust
The AWS investment is helping strengthen security, ensuring fair access, and improving long-term service reliability. Ongoing work focuses on enhancing malware detection, improving traffic management, and expanding operational monitoring to ensure a stable and trusted experience for developers around the world.
As part of this collaboration, AWS is providing infrastructure and services that will improve availability, performance, and scalability across these systems. This support will accelerate key roadmap initiatives and help ensure that the platforms developers rely on remain secure, scalable, and trustworthy well into the future.
A shared commitment to open source sustainability
AWS’s contribution demonstrates how industry leaders can make strategic investments in sustaining the shared infrastructure their businesses depend on every day. By investing in the services that support open source development, AWS is helping to ensure that critical technologies remain open, reliable, and accessible to everyone.
The Eclipse Foundation continues to serve as an independent steward of open source infrastructure, maintaining the tools and systems that enable software innovation across industries. Together with supporters like AWS, we are building a stronger foundation for the future of open collaboration.
But this is only the beginning. The long-term health of open source infrastructure depends on collective action and shared responsibility. We encourage other organisations to follow AWS’s example and take an active role in sustaining the technologies that make modern development possible.
Learn how your organisation can make a difference through Eclipse Foundation membership or direct sponsorship opportunities. The future of open innovation depends on all of us; and together, we can keep it strong, secure, and sustainable.
Businesses built on open infrastructure have a responsibility to sustain it
The global software ecosystem runs on open source infrastructure. As demand grows, we invite the businesses who rely on it most to play a larger role in sustaining it.
Open source infrastructure is the backbone of the global digital economy. From registries to runtimes, open source underpins the tools, frameworks, and platforms that developers and enterprises rely on every day. Yet as demand for these systems grows, so too does the urgency for those who depend on them most to play a larger role in sustaining their future.
Today, the Eclipse Foundation, alongside Alpha-Omega, OpenJS Foundation, Open SSF, Packagist (Composer), the Python Software Foundation (PyPI), the Rust Foundation (crates.io), and Sonatype (Maven Central), released a joint open letter urging greater investment and support for open infrastructure. The letter calls on those who benefit most from these critical digital resources to take meaningful steps toward ensuring their long-term sustainability and responsible stewardship.
The scale of open source’s impact cannot be overstated: A 2024 Harvard study, The Value of Open Source Software, estimated that the supply-side value of widely used OSS is estimated to top $4.15 billion, while the demand-side value reached $8.8 trillion. Even more striking, 96% of that value came from the work of just 5% of OSS developers. The authors of the study estimate that without open source, organisations would need to spend more than 3.5 times their current software budgets to replicate the same capabilities.
This open ecosystem now powers much of the software industry worldwide, a sector worth trillions of dollars. Yet the investment required to sustain its underlying infrastructure has not kept pace. Running enterprise-grade infrastructure that provides zero downtime, continuous monitoring, traceability, and secure global distribution carries very real costs. The rapid rise of generative and agentic AI has only added to the strain, driving massive new workloads, many of them automated and inefficient.
The message is clear: with meaningful financial support and collaboration from industry, we can secure the long-term strength of the open infrastructure you rely on. Without that shared commitment, these vital resources are at risk.
Open VSX: Critical infrastructure worth investing in
The Eclipse Foundation stewards Open VSX, the world’s largest open source registry for VS Code extensions. Originally created to support Eclipse Foundation projects, it has grown into essential infrastructure for enterprises, serving millions of developers. Today it is the default marketplace for many VS Code forks and cloud environments, and as AI-native development and platform engineering accelerate, Open VSX is emerging as a backbone of extension infrastructure used by AI-driven development tools.
Open VSX currently handles over 100 million downloads each month, a nearly 4x increase since early 2024. This rapid growth underscores the accelerating demand across the ecosystem. Innovative, high-growth companies like Cursor, Windsurf, StackBlitz, and GitPod (now Ona), are just a few of the many organisations building on and benefiting from Open VSX. It is enterprise-class infrastructure that requires significant investment in security, staffing, maintenance, and operations.
Yet there is a clear imbalance between consumption and contribution.
Since its launch in September 2022:
- Over 3,000 issues have been submitted by more than 2,500 individuals
- Around 1,200 pull requests have been submitted, but only by 43 contributors
In a global ecosystem with tens of thousands of users, fewer than 50 people are doing the work to keep things running and improving. That gap between use and support is difficult to maintain over the long term.
A proven model for sustainability
The Eclipse Foundation also stewards Eclipse Temurin, the open source Java runtime provided by the Adoptium Working Group. With more than 700 million downloads and counting, Temurin has become a cornerstone of the Java ecosystem, offering enterprises a cost-effective, production-grade option.
To help maintain that momentum, the Adoptium Working Group launched the Eclipse Temurin Sustainer Program, designed to encourage reinvestment in the project and support faster releases, stronger security, and improved test infrastructure. The new Temurin ROI calculator shows that enterprises can save an average of $1.6 million annually by switching to open source Java.
Together, Open VSX and Temurin demonstrate what is possible when there is shared investment in critical open source infrastructure. But the current model of unlimited, no-cost use cannot continue indefinitely. The shared goal must be to create a sustainable and scalable model in which commercial consumers of these services provide the primary financial support. At the same time, it is essential to preserve free access for open source users, including individual developers, maintainers, and academic institutions.
We encourage all adopters and enterprises to get involved:
- Contribute to the code: Review issues, submit patches, and help evolve the projects in the open under Eclipse Foundation governance.
- Sustain what you use: Support hosting, testing, and security through membership, sponsorship, or other financial contributions, collaborating with peers to keep essential open infrastructure strong.
Investing now helps ensure the systems you depend on remain resilient, secure, and accessible for everyone.
Looking ahead
The growth of Open VSX and Eclipse Temurin underscores their value and importance. They have become cornerstones of modern development, serving a global community and fueling innovation across industries. But growth must be matched with sustainability. Because those who benefit most have not always stepped up to support these projects, we are implementing measures such as rate limiting. This is not about restricting access. It is about keeping the doors open in a way that is fair and responsible.
We are at a turning point. The future of open source infrastructure depends on more than goodwill. I remain optimistic that we can meet this challenge. By working together, industry and the open source community can ensure that these vital systems remain reliable, resilient, and accessible to all. I invite you to join us in honouring the spirit of open source by aligning responsibility with usage and helping to build a sustainable future for shared digital infrastructure.
Empowering Cloud Autonomy and Interoperability: Introducing Eclipse Cloud
The Eclipse Foundation is excited to announce the formation of the Eclipse Cloud Interest Group, aimed at empowering cloud providers, users, and industry vendors to independently build, manage, and operate cloud services, promoting freedom from vendor lock-in, interoperability, and resilience across diverse cloud environments.
Why This Matters
In today’s digital landscape, the need for flexible, scalable and interoperable cloud solutions has never been greater. Vendor lock-in can stifle innovation, limit choices, and create unnecessary barriers for cloud users. The Eclipse Cloud Interest Group believes that cloud autonomy and interoperability are the keys to unlocking the full potential of cloud technologies. Imagine being able to switch between cloud providers seamlessly, adopt services that best meet your needs, and ensure your operations remain resilient no matter the platform. That’s the vision we’re working to achieve.
How We’re Making a Difference
This initiative doesn’t prescribe specific technologies or methods for building cloud infrastructure and service. Rather, it focuses on creating a framework for interoperability and portability. Key components like virtualisation, containerisation, orchestration, observability, billing, and identity management should be accessible, switchable, and manageable across different platforms. The goal? To make multi-cloud environments not just possible but practical and efficient.
To support this goal, the group will focus on several key areas, including the emergence of critical cloud components necessary for the development of autonomous cloud infrastructures, cloud service portability, and multi-cloud managed services interoperability. The group will also investigate ways to ensure that cloud services not only meet interoperability requirements but also adhere to expected quality, performance, and service level standards.
Our work is rooted in open source technologies, which already power much of today’s cloud infrastructure. By leveraging existing projects like Eclipse Xpanse (portable managed services), Biscuit (decentralised authentication), the Eclipse Conformity Assessment Policy and Credential Profile (standards compliance), and XCP-ng (high-performance enterprise virtualisation), we’re building a strong foundation to empower developers and organisations alike.
Aligned with EU Values
The Eclipse Cloud Interest Group aligns closely with the European Union’s Data Act, which emphasises switchability between cloud providers. By supporting these regulatory goals, we’re helping to advance digital sovereignty and strategic autonomy, ensuring Europe remains at the forefront of innovation while protecting user choice and independence.
What’s Next?
We’re just getting started, but the Eclipse Cloud Interest Group already has strong support from organisations like Clever Cloud, Gaia-X, Vates, and Overnet. Together, we’re laying the groundwork for the future of cloud services, with plans to evolve this Interest Group into an Eclipse Working Group to drive specifications and development activities.
Join Us!
Whether you’re a cloud provider, user, vendor, or part of the broader open source community, we invite you to join us in shaping the future of the cloud. Together, we can create a more autonomous, flexible, and interoperable cloud ecosystem.
The Eclipse Cloud members will be this week at FOSDEM with a BoF session planned in Track C, Saturday February 1st 15:00. A number of workshops to present the Interest Group are also planned in Barcelona on March 3rd (collocated with the Mobile World Congress) and in London on March 31st (collocated with Kubecon). Don’t miss the opportunity to learn more firsthand!
Stay tuned for updates, opportunities to contribute, and ways to get involved. Subscribe to our mailing list and become part of this exciting journey toward a better cloud future!
The Cyber Resilience Act is Here
With the recent publication of the EU’s Cyber Resilience Act (CRA) in the EU official journal, a 3 year race now begins for compliance by the global technology industry. This legislation sets new cybersecurity requirements that manufacturers and the open source projects they rely upon must meet. The open source community via the Open Regulatory Compliance (ORC) Working Group, is working with numerous open source foundations, SMEs, and industry to establish processes to comply with this new regulatory landscape.
The Race to Compliance
The CRA defines clear targets and timelines, marking the start of a sustained compliance journey. This effort will require time, energy, and resources and the ORC Working Group is here to support the open source ecosystem. Our mission is to guide open source participants and adopters in aligning with CRA requirements through practical frameworks and expertise to support their regulatory journey from start to finish.
How the ORC Working Group Supports Open Source Compliance
The many foundations and other stakeholders which are members of the ORC Working Group are dedicated to guiding the open source community toward successful CRA compliance. Through active community engagement, we’re creating practical resources and adaptable frameworks that empower projects to meet regulatory standards, while preserving open source values. As a community, we have identified the following 4 pillars to guide this effort:
- Bridging the Knowledge Gap: The ORC Working Group prioritises education and training to empower the community with tools to adopt compliant development practices. By creating resources, like cyber resilience guidelines for example, and continuously updating them to align with emerging regulations, we simplify CRA compliance for open source maintainers, projects, communities, and foundations.
- Establishing Compliance Frameworks: We’re defining best practices, processes, and tools that can be translated into specifications addressing regulatory needs. These frameworks prioritise security and compliance for open source projects. Additionally, we will work with standardisation bodies to ensure that open source perspectives help shape global regulatory standards.
- Institutional Engagement: Collaboration with regulatory authorities is central to effective compliance. The ORC Working Group is committed to engaging with these institutions, gathering feedback, and supporting the adoption of community-driven compliance frameworks. This ensures our work aligns with both industry standards and regulatory expectations.
- Strengthening Community Support: Community engagement drives this effort. Through events, workshops, and comprehensive documentation, we keep members informed and prepared for CRA compliance. In the coming months, the ORC will launch additional guidance initiatives to ensure that the open source community is supported every step of the way.
Ultimately, the CRA provides the community and industry an opportunity to deliver more secure products while making open source more sustainable. It will be a new challenge for our community. However, by working together on practices and standards to facilitate compliance we will achieve its laudable goal: making the digital products that are so prevalent in our lives more secure.
Join the Effort
Joining ORC is your opportunity to contribute directly to a compliance strategy that not only upholds cybersecurity requirements but also supports ongoing open source innovation. Early involvement with the ORC Working Group offers a chance to contribute to the foundational compliance framework that will guide our community and influence how standards are implemented industry-wide. Join us in shaping how the CRA is implemented to set the open source community up for success under these new regulations.
Life at Eclipse 