Introducing the Open Source Sustainability Initiative — and our first Gold Partner
Announcement
Open source maintainers carry something most enterprise users don't fully see: the quiet weight of knowing that people are still running version X.Y long after you've moved on. The expectation of a fix, even for something you declared end-of-life two years ago, doesn't vanish when you publish the blog post.
We built the Commonhaus Foundation to give maintainers a better home. Part of that promise is making it easier to clearly communicate end-of-life, so projects can move forward without guilt. But communication alone doesn't solve the problem for the organizations that genuinely can't upgrade yet.
Today, we're taking a concrete step toward addressing that gap. We're launching the Open Source Sustainability Initiative (OSSI), and we're proud to welcome HeroDevs as its founding Gold Partner.
What the OSSI is, and what it isn't
The OSSI isn't about extending the life of abandoned software indefinitely. It's about creating a transparent, governed path for organizations that need continued security support during a migration window, and it's about ensuring that maintainers aren't the ones who have to provide it.
When a Commonhaus project declares a version end-of-life, OSSI gives them something to point to: a set of vetted, certified partners who can take on the ongoing CVE remediation work for users who aren't yet ready to upgrade. Project maintainers can focus on what's next. Users who need more time have a clear, credible option.
Participation in OSSI doesn't grant partners governance rights or influence over project direction. The foundation's bylaws and each project's existing governance remain unchanged. OSSI is a bridge, not a handoff.
HeroDevs as our founding Gold Partner
HeroDevs has built their business around Never-Ending Support (NES) for end-of-life open source software, a model that pairs ongoing security patching with coordinated vulnerability disclosure. As OSSI's first Gold Partner, they're bringing that capability directly into the Commonhaus ecosystem.
To start, HeroDevs has established partnerships with the Hibernate, Jackson, and Quarkus communities, three widely adopted Commonhaus projects, to provide commercial support for enterprise teams still on EOL versions while their migrations are underway. HeroDevs has committed to participating actively in those communities, including providing assistance at the direction of maintainers and community leadership.
Over time, we expect this to expand to more Commonhaus projects. We'll work with each community on how and whether that makes sense for them.
The problem we're trying to solve
The pressure on open source maintainers has never been higher. AI-assisted development is accelerating dependency sprawl and vulnerability discovery simultaneously. Maintainers are expected to coordinate disclosure, respond to enterprise escalations, and plan for succession, often without compensation or organizational backing.
The Commonhaus Foundation exists to change that calculus, one project at a time. The OSSI is a piece of that: a way to reduce the tail-end maintenance burden so maintainers can hand off gracefully and move forward.
Learn more and get involved
The OSSI is open to other organizations that meet the requirements, active Gold or Silver sponsorship, SOC 2 Type 1 and 2 certification, and substantive prior CVE work on EOL software relevant to our projects. If that describes your organization, we'd like to talk.
Full details, partner commitments, and joining requirements are at commonhaus.org/about/ossi.html.