Don't Kill the Goose That Lays the Golden Eggs

March 2026 saw back-to-back supply chain attacks targeting OSS security tools, CI/CD pipelines, and high-trust npm maintainers like the Axios package (100M weekly downloads). In response, some companies declared open source broken or dead — a position this piece pushes back on strongly. Open source's ubiquity makes it a target precisely because of its enormous value (estimated at $8.8 trillion by a 2024 Harvard study). Closed-source supply chains face the same risks with less transparency. The real problem is that most OSS infrastructure is maintained by unpaid solo maintainers bearing growing security burdens. The appropriate response is to fund, support, and protect them — not to abandon open source.