Sustaining OpenTelemetry: Moving from dependency management to stewardship

A practical model: Structured contributor pipelines The next cohort: OpenTelemetry with CNCF Why this matters now Posted on March 31, 2026 by Bloomberg CNCF projects highlighted in this post Modern software runs on open source. In fact, “free” and open source software generates more than $500 billion in annual value in the U. S. alone and an estimated $8.8 trillion in total global value. For most organizations, “dependency management” means tracking what you use, scanning for known vulnerabilities, and patching when you’re forced to. That work matters—but it mostly addresses what’s visible: direct dependencies, known CVEs, and near-term upgrades. However, the real risk lives below the surface. Open source is made up of many complex ecosystems: deep transitive dependency chains, small maintainer teams, uneven review capacity, and critical projects that are “everywhere” but owned by no one. When a project’s human bandwidth collapses – through maintainer burnout, underfunding, or a thin contributor pipeline – security and stability degrade quickly. The result is a recurring pattern the industry knows too well: emergency patch cycles, fragile forks, and “silent” maintenance debt that compounds until it becomes a business outage – sometimes even global disruption. Bloomberg has been developing – in partnership with nonprofit foundations that support open source – a mentorship-based approach to open source stewardship that focuses on the key missing ingredient: creating sustained contributor capacity for maintainers and projects. Instead of one-off patches, we run time-bound cohorts where Bloomberg engineers – including many who have never contributed to open source – spend volunteer hours learning to contribute directly to a project with structured support from experienced open source guides: A clear onboarding path (setup, starter issues, contribution norms) Weekly office hours with project maintainers and mentors A focus on high-leverage maintenance work that maintainers rarely have time for, such as issue triage, tests, docs, small-to-medium fixes, examples, and tooling We’ve successfully tested this model across multiple cohorts with the pandas project – run in partnership with NumFOCUS and the project’s maintainers – and most recently scaled it through a cross-industry collaboration with NVIDIA.