The open source software business model is severely flawed by relying on "free labor" from some of the most talented and sought after people working in Computer Science and Software Engineering fields. New regulations in the EU and the US are requiring software producers to implement and distribute trustworthy products, based on prudent and practical Secure by Design internationally adopted principles and practices, described in CISA's Secure Software Acquisition Guide, and NIST Guidance, which the Apache Blog refers to (click Read More below).
This is another positive step in the quest to provide software consumers with "radical transparency" into the trustworthiness of software products, to protect consumers from risky products. My hope is that the Apache Foundation will establish a path forward for all open source projects AND find a way to reasonably compensate open source developers and maintainers as they pursue a more trustworthy digital ecosystem.