Open source software (OSS) has become critical digital infrastructure, powering approximately 96% of codebases and constituting up to 90% of commercial software stacks. Traditionally maintained by volunteer communities, recent high-profile security vulnerabilities, such as Log4Shell in 2021 or the xz utils backdoor this year, have highlighted the unsustainability of relying solely on volunteer labour for maintaining such crucial infrastructure.