Funding FreeBSD
FreeBSD runs in production infrastructure at Netflix, Sony, Juniper, Apple, and many others. The FreeBSD Foundation coordinates development with 13 staff (6 developers, 7 in leadership, operations, and advocacy) plus around 19 contractors, on a budget of roughly $2M per year.
The Foundation has been spending more than it brings in for three years. Net assets have dropped from $5.8M in 2021 to $4.0M at the end of 2024. From September 2026, the Cyber Resilience Act adds reporting and compliance obligations on top of existing work.
FreeBSD is critical infrastructure for many companies, but the organization that carries a significant part of the maintenance work has finite resources. Read together, the financial statements, the donor list, and the upcoming CRA obligations make the problem more legible than it first appears.
The numbers
Financial data comes from the Foundation’s published P&L statements (2021-2025) and IRS 990 filings via ProPublica (2019-2020). The P&L, from the Foundation’s own accounting, gives a cleaner breakdown than the 990s, which bundle donations and investment performance into a single “total revenue” line.
| Year | Donations | Expenses | Investment Income | Net Income | Net Assets |
|---|---|---|---|---|---|
| 2019 | $2,267,428 | $1,092,042 | - | - | $5,473,615 |
| 2020 | $1,244,504 | $1,174,561 | - | - | $5,765,289 |
| 2021 | $1,281,437 | $1,260,643 | +$182,591 | +$203,592 | $5,818,368 |
| 2022 | $1,231,096 | $1,280,936 | -$340,655 | -$390,555 | $5,280,629 |
| 2023 | $1,268,896 | $1,928,906 | +$259,133 | -$400,126 | $4,880,502 |
| 2024 | $1,524,259 | $2,602,008 | +$224,582 | -$853,594 | $4,026,908 |
| 2025 (Q1-Q3) | $700,460 | $1,978,525 | +$147,733 | -$689,277 | TBD |
2019-2020: P&L reports not published. Donations and expenses from 990 filings, net income not shown (990 “total revenue” mixes donations with investment performance, making the comparison unreliable). 2021-2024: all figures from Foundation P&L. Net assets from 990 balance sheets for all years.
The pattern the numbers show is simple: donations have been growing, but expenses have been growing faster. From 2022 to 2024, donations moved from $1.23M to $1.52M, with the 2024 figure the highest since 2019. Over the same period, expenses rose from $1.3M to $2.6M. The Foundation invested in more developers, broader platform support, hardware work, and CRA readiness, and donations did not keep pace.
Investment returns shift the annual bottom line but do not change the ratio between recurring revenue and operating spend. In 2022 the market subtracted $341K; in 2023 and 2024 it added $225-259K. The structural gap sits between donations and expenses, and market swings move the annual result around that gap rather than closing it.
Part of the 2024 deficit reflects targeted investment in hardware support: the FreeBSD Laptop Project spent over $750K with Quantum Leap Research on Wi-Fi, USB4, Thunderbolt, and HDMI. Similar work is planned for 2026, so reserve use does not end with that line. The 2025 figures through September show $700,460 in donations against roughly $2M in expenses, with the Foundation’s own summary noting that “2025 expenses exceed projected revenue deliberately, using reserve funds.”
The 2024 fundraising goal was $2M, against $1.52M raised (76%); in 2022 the $1.4M goal closed at 88%. Reserves dropped from $5.8M in 2021 to $4.0M in 2024, which at the current rate corresponds to roughly four to five years of runway. The Foundation reports that 2025 is tracking better than 2024 and that a change of accounting firms delayed some quarterly reports; the table will be updated as the new numbers arrive.
Who pays
The Foundation publishes its donor list organized by tier. For 2025 it looked like this:
| Tier | Companies |
|---|---|
| $250,000+ | Quantum Leap Research |
| $100,000-$249,999 | NetApp |
| $50,000-$99,999 | ARM, Juniper, Meta, Netflix |
| $25,000-$49,999 | Beckhoff |
| $10,000-$24,999 | AMD, E-CARD, Entersekt, Stormshield, Tailscale |
| $5,000-$9,999 | Framework Computer, Intel |
Set against the companies that actually build products on FreeBSD, the tier donations tell a less even story than the list alone suggests:
| Company | FreeBSD use | Donation level | Corporate decision? |
|---|---|---|---|
| Netflix | CDN/streaming infrastructure | $50-99K | Yes, corporate donor |
| Juniper | JunOS (routers/switches) | $50-99K | Yes, corporate donor |
| Meta/WhatsApp | Server infrastructure | $50-99K | Yes, corporate donor |
| Sony | PS3/PS4/PS5 kernel (220M+ consoles) | $500-999 | No: employee match (PlayStation Cares) |
| Apple | macOS/iOS userland derived from FreeBSD | $250-499 | No: employee match |
| Cisco | Network products | $250-499 | No: employee match |
| Microsoft | Azure components | $1-5K | No: employee match |
| Infrastructure | $1-5K | No: employee match |
Some companies appear as recognizable corporate donors. Others appear at levels consistent with employee matching programs or with forms of support that are hard to attribute publicly to a single corporate decision.
Employer matching
A discussion on r/freebsd, later confirmed by the Foundation, clarified one part of this. Some entries attributed to companies are employee donations processed through an employer matching policy. One employee contributes, files a matching request, and the company appears on the donor list. The Foundation can usually tell the difference internally, but matching gifts are not broken out separately in the public list.
The Koum donations
The Koum donations remain an exceptional case in the Foundation’s financial history, both in amount and in origin. Jan Koum, co-founder of WhatsApp, grew up in government housing and learned to code on FreeBSD because it was free. He was hired at Yahoo partly because Yahoo ran FreeBSD, and built WhatsApp on FreeBSD servers. After Facebook acquired WhatsApp for $19B in 2014, Koum donated $1M that year and another $500K in 2016. The Koum Family Foundation continued to appear on donor lists through at least 2022.
Those $1.5M in total exceed the donation revenue of any single year since, including the $1.52M raised in 2024, and shaped the reserve trajectory for nearly a decade. They had a real effect on the accounts, but they are not a repeatable basis for a continuing funding model.
Attribution and opacity
For some companies, support exists but does not read cleanly in public records. Sony is the clearest example. The PS4 runs FreeBSD 9 (Orbis OS) and the PS5 runs FreeBSD 11, across hundreds of millions of consoles. On the donor list, Sony appears at the $500-999 tier through PlayStation Cares, an employee matching program.
Colin Percival (FreeBSD Release Engineering Lead, Tarsnap founder) noted in 2022 that “Sony has definitely paid for a significant amount of code in FreeBSD. Most or all of it was done very quietly though.” Where attributed at all, contributions appeared under a consulting company name. Searching FreeBSD’s commit history for “Sponsored by: Sony” returns one commit (amd64: clear PSL.AC in the right frame), and the consulting company referenced by Percival does not appear in any searchable commit database. Sony’s SN Systems team also contributes to LLVM (300+ commits), which benefits FreeBSD indirectly through its toolchain. Decades ago, Sony employee Jun-ichiro Hagino (itojun) co-funded FreeBSD’s IPv6 implementation through the KAME project; itojun died in 2007.
Sony’s PS4 open source disclosure page lists around 80 packages, including “FreeBSD Kernel”, “BSD libc”, and “Network FreeBSD”. The PS5 page lists 6 packages. FreeBSD is not among them. The BSD license permits this.
The publicly observable situation is incomplete. Part of the technical contribution can pass through consultancies, intermediate corporate names, or adjacent ecosystems without translating into visible financial support to the Foundation.
The OpenBSD contrast
A comparison with OpenBSD suggests that the problem is not only industrial presence but also the kind of dependency that companies can name. Several companies that barely register on the FreeBSD donor list give materially more to the OpenBSD Foundation:
| Company | OpenBSD | FreeBSD |
|---|---|---|
| $50-100K (Platinum) | $1-5K (employee match) | |
| Microsoft | $25-50K (Gold) | $1-5K (employee match) |
| Meta | $50-100K (Platinum) | $50-100K (corporate) |
OpenBSD is smaller, a Canadian non-profit with no US tax deduction, zero paid staff, and roughly a $400K budget. Its most visible output is OpenSSH: a recognizable, auditable dependency that shows up in security audits and compliance checklists, and is easy to link to a budget line. LibreSSL and pf share those characteristics.
FreeBSD’s value is often embedded more deeply into products and is, for that reason, less visible to the processes that generate sponsorship. The PlayStation does not ship with a “Powered by FreeBSD” label. Netflix’s CDN does not advertise it. The dependency is real and widespread, but less nameable.
Why this happens
The gap between industrial use and financial contribution is not surprising when read as a classic public-goods problem. The BSD license is a deliberate philosophical choice, and what follows is not an argument that it should have been GPL. It is an observation that this kind of freedom produces a specific economic pattern, and that pattern has been studied for a long time.
Free rider problem
Mancur Olson’s The Logic of Collective Action (1965) showed that rational actors do not voluntarily pay for public goods when they can benefit without paying. The BSD license maximizes freedom and adoption while leaving the incentive structure intact: anyone can benefit from the common resource without contributing to it. The community made that trade knowingly, and it has paid off in adoption, with the sustainability cost carried by the Foundation.
Bystander effect
Darley and Latane (1968) described the pattern where a larger group of potential helpers makes it easier for each one to assume that someone else will act. When Apple, Sony, Cisco, Microsoft, and Google all depend on FreeBSD, each of them can assume that another participant will absorb the cost.
Visibility
Public communications from the Foundation focus on delivery: conferences, 15.0 shipping on time, hardware support gains. Quarterly financial reports are where the numbers live, but they are not where most readers look. From the perspective of a potential sponsor reading only the blog, there is no strong public signal that the Foundation needs help. Nadia Eghbal’s 2016 Ford Foundation report Roads and Bridges made the same observation for open source infrastructure more generally: under-investment persists because the state of the resource stays invisible until it breaks.
Technical contributions vs funding
A significant share of corporate contribution to FreeBSD consists of maintaining dependencies that primarily serve the contributing company. Netflix improves the network stack it runs on. Microsoft maintains the Hyper-V drivers that matter to its hypervisor. Sony patches the compiler used by its SDK. Google writes gVNIC drivers for its cloud platform. This work does benefit FreeBSD, and in some cases, most clearly Netflix, it benefits it substantially.
It is a different thing from funding the shared work that does not belong to any single product: release engineering, security advisories, CI and CD, documentation, community coordination, operational costs. That work benefits every user and rarely has a corporate owner, which also makes it the part most exposed to under-funding.
Fundraising with 13 people
In the Q1-Q3 2025 financials, the explicit fundraising line sits at $1,946 over nine months, a very small figure against the overall budget. For comparison, US non-profits commonly spend 15-25% of budget on fundraising; 15% of this Foundation’s budget would be roughly $300,000.
The Foundation has clarified that a large part of fundraising work is carried out as staff time and is not captured in the dedicated line: donor relationships, campaign planning, and corporate conversations live inside other budget categories.
That clarification does not eliminate the constraint. Fundraising, technical delivery, and regulatory work compete for the same people, and in a 13-staff organization anything that demands sustained attention from the same group reduces throughput elsewhere.
In that setting, donated skills can move the outcome, especially in areas that are not the Foundation’s home terrain. I reviewed the donation page in March 2026: it does not include the elements that behavioural research associates with higher giving, such as suggested amounts, impact framing, a progress bar, or social proof. I wrote about this in more detail in a separate post on donation page design. Qualified time on fundraising pages, UX, grant writing, or documentation can have a disproportionate effect compared with what the same work would cost the Foundation to do itself.
What could change
If the problem is structural, the plausible corrections are structural too: a mix of corporate funding, donated skills, dedicated CRA funding, public or government support, and better visibility of the financial situation.
Corporate funding
Companies that embed FreeBSD in products or services already have a formal channel to fund the Foundation through the partnership program: Platinum ($250K+), Gold ($150-249K), and Silver tiers. In 2025 the program had one Platinum and one Gold member. For a project with this degree of industrial use, the question is how much of that channel is used rather than whether it exists.
Donated skills
Part of the bottleneck does not require new salaries. Qualified time on fundraising, UX, grant writing, CRA documentation, or financial analysis can move the work that engineering staff currently absorbs as a side task. An ICSE 2020 study (Overney et al., “How to not get rich”) found that very few open source projects receive meaningful donations, and those that do rarely communicate their financial situation clearly. More than 80% of the Foundation’s budget goes into program work, which leaves real margin for donated work on non-engineering problems.
Dedicated CRA funding
CRA compliance introduces work that does not sit cleanly as undifferentiated overhead and needs a dedicated funding line, whether through grants, contributions from commercial users affected by CRA requirements, or a mix of both. The Sovereign Tech Agency grant (EUR 686,400) completed in December 2025 and showed the model can work on a bounded piece of work.
Public and government funding
Where regulators create new obligations for open source stewards, there is also a strong argument for funding part of the capacity needed to meet them. The STA grant is a small precedent. A commercial path is less obvious: Tidelift raised $73.5M in venture capital over seven years to “pay maintainers through enterprise subscriptions,” and was acquired by Sonar in December 2024 for its security intelligence, not its sustainability mission.
Visibility
The financial situation is public, but it is not surfaced in a way that easily produces attention or behaviour from people who depend on the project. When fragments of the data in this analysis appeared on r/freebsd, some readers donated inside the same thread.
The CRA problem
The CRA does not create the sustainability problem, but it compresses it in time and adds work that requires operational continuity. The EU Cyber Resilience Act entered into force in December 2024. From September 11, 2026, “open source stewards” must report actively exploited vulnerabilities within 24 hours, send detailed reports within 72 hours, and publish mitigation guidance within 14 days. Full compliance is due by December 2027. I wrote a broader overview in a separate post on the CRA and open source.
The Foundation has declared itself a steward and approved six CRA readiness workstreams in January 2026: security and vulnerability handling, SBOM toolchain, documentation, legislative engagement, public project repository, and communications.
From a regulatory standpoint, the Foundation has an advantage: a single recognizable entity that can speak for the entire operating system, with one SBOM story and one point of contact. The equivalent question for Linux, who is the steward for the kernel, still does not have a clean answer.
That advantage coexists with a clear organizational weakness: release engineering and part of the security response remain volunteer-run. The Foundation provides developer support and infrastructure but does not manage releases or run the security team directly. If a key release volunteer is unavailable during a CRA reporting window, there is no paid backup position, and the readiness work itself is financed from reserves that have been declining for three years.
The steward model places most of the CRA cost on the Foundation, while the benefit, reduced compliance risk for products that embed FreeBSD, sits with the manufacturers. Red Hat already has CVE Numbering Authority status and CSAF/VEX infrastructure. Canonical markets CRA compliance as an Ubuntu Pro differentiator. Those companies treat compliance as a business expense. Companies shipping FreeBSD inside their products, including Netflix, Sony, and Juniper, are themselves manufacturers under the CRA, and their compliance work does not flow back to the Foundation.
A Linux Foundation readiness survey (2025) found that 62% of the open source ecosystem is unfamiliar with the CRA and that 50% of stewards cite funding as their biggest gap. The Foundation has already cut the scope of its readiness effort, dropping community education, cross-project engagement, and effectiveness measurement.
What I don’t know
The Foundation answered several questions for this analysis, which closed most of the open gaps. One question remains outside the public picture: what happens when the Foundation approaches corporate users, how many decline, how many do not respond, how many were never asked. That information is probably sensitive, and I cannot say how much of the divergence depends on never-contacted companies, on requests without response, or on explicit refusals. That detail would change the reading of some absences on the donor list.
Disclosure
This post uses public Foundation sources, fiscal filings, and a handful of clarifications received from the Foundation in March 2026, integrated into the text where relevant.
Closing
FreeBSD’s industrial value does not convert cleanly into stable support for the organization that maintains the shared work.
Readers who want to check the underlying numbers or support the Foundation directly can start from the Foundation financials and the public donor list.
Sources: FreeBSD Foundation P&L statements and balance sheets (primary source for 2021-2025 financials), IRS 990 filings via ProPublica (2019-2020 and net assets), FreeBSD Foundation donor list, FreeBSD Foundation partnership program, FreeBSD CRA Readiness, Linux Foundation CRA Readiness Report, ORC Working Group. Academic references cited inline.