Abstract
Cardano's infrastructure depends on open source software maintained by a handful of individuals with no formal support, succession planning, or continuity funding. Research shows 96% of commercial codebases contain OSS with fewer than 10 contributors. Critical protocol libraries, wallet SDKs, developer tooling, and indexing infrastructure have single maintainers, no succession plans, and no stable funding beyond episodic grants.
This program establishes a community-governed, data-driven open source sustainment architecture. Funded through direct treasury withdrawal, operated by an independent entity, and overseen by two advisory councils — an External Open Source Advisory Council and a Technical Community Advisory Council.
Four programs: (1) a Maintenance Fund providing long-term retainer funding for the highest-risk infrastructure, selected by dependency data; (2) a Maintainer Development program building structured mentor–mentee pipelines; (3) a CodeForUs bounty program for targeted delivery work; and (4) an Ecosystem Activation Reserve funding contributor entry programs. Selection follows published dependency centrality data, not relationships. Reporting is public and quarterly. All programs carry explicit sunset criteria. The operator is replaceable by community governance. Total: 12,000,000 ADA over 36 months.
Motivation
Cardano has evolved into a large scale public infrastructure ecosystem, but the operational structures required to sustainably maintain that infrastructure have not evolved at the same pace. Critical tooling, libraries, governance systems, developer infrastructure, and ecosystem services still depend heavily on fragmented coordination, volunteer labor, short term grants, or the stability of individual organizations.
The purpose of establishing a decentralized Open Source Program Office (d(OSPO)) alongside the Open Maintenance Framework (OMF) is to provide a neutral operational layer responsible for coordinating, sustaining, and stewarding Cardano’s open source infrastructure as a long term public good. This is not intended to replace governance or centralize authority, but to operationalize governance outcomes in a transparent and accountable manner.
This proposal is directly informed by lessons learned through the Paid Open Source Model (POSM). Programs such as Maintainer Retainer, Tooling Sustainability, and Developer Advocates demonstrated clear ecosystem demand for long term maintenance funding and operational stewardship. At the same time, the rollout of these programs exposed structural limitations in existing governance and administrative processes.
Committees and treasury systems proved capable of approving funding, but not well suited to continuously managing ecosystem operations, contributor coordination, lifecycle stewardship, reporting, and program execution. This created operational friction, delayed implementation, unclear responsibility boundaries, and increased bureaucratic overhead.
The d(OSPO) and OMF model represents the necessary evolution of those lessons learned. Governance maintains oversight and direction, while the d(OSPO) provides the dedicated operational capacity needed to execute ecosystem sustainability mandates effectively and consistently.
Most importantly, this proposal positions Cardano to pioneer a new model for decentralized open source sustainability by combining treasury governance, operational stewardship, lifecycle management, and ecosystem accountability into a unified framework designed for long term resilience.
Track Record
Christian Taylor is CoFounder and Chief Open Source Officer of Open Source Cowboy Consulting. He previously served as Senior Manager of Open Source Governance and Head of OSPO at Intersect MBO, where he built the open source governance function for the Cardano ecosystem from inception — designing the OSPO, establishing contribution governance frameworks, developing the initial maintainer support architecture, and coordinating the ecosystem-wide policy that informed the Paid Open Source Model.
This work gave him firsthand knowledge of where foundation-backed maintainer programs fail: selection driven by relationships rather than dependency data; continuity funding vulnerable to institutional priority shifts; accountability flowing to a foundation board rather than the community; and operator replaceability that is theoretical rather than structural. Taylor departed Intersect to address these structural problems without the institutional constraints that prevented them from being solved from within.
Open Source Cowboy Consulting operates independently of IOG, the Cardano Foundation, and EMURGO, with no current contractual relationships with any founding entity. However, this proposal will work in tandem with each org as required to steward proper development and needed expectations for program success.
The OMF and dOSPO whitepapers (March 2026) are the direct product of this institutional knowledge, co-authored with contributors from Bitergia, CHAOSS, Apache Software Foundation, Linux Foundation Decentralized Trust, Intersect, Andamio Platform, Modus Create, Leadingbit Solutions, and the Chinstrap Community. This proposal is a response to the specific structural failures of previous approaches, designed by the person with the most direct knowledge of what those failures were and why they occurred.
Verifiable history: github.com/thatguyllc | opensourcecowboy.com | OMF v1.0 | dOSPO v1.0
Duration
36 Months
Rationale
SECTION 2 — Rationale
Strategic Pillars
Pillar 1: Infrastructure & Research Excellence
Pillar 4: Community & Ecosystem Growth
Pillar 5: Ecosystem Sustainability & Resilience
Pillar Rationale
Pillar 1 — Infrastructure and Research Excellence
Cardano's security and reliability depend entirely on the open source infrastructure beneath it. Protocol clients, cryptographic libraries, wallet SDKs, developer tooling, and indexers are not peripheral — they are what makes Cardano function. Undermaintained components degrade network security regardless of protocol quality above them.
Harvard's D3 Institute (2024) found 96% of commercial codebases depend on OSS with fewer than 10 contributors. The Linux Foundation (2023) found vulnerabilities in a small number of high-centrality projects can cause massive global disruption. OpenSSL operated on ~$2,000/year before Heartbleed. The Kubernetes Ingress NGINX project ceased security patches in March 2026 due to maintainer burnout. Cardano is not insulated from these risks. dOSPO/OMF establishes the first systematic, data-driven program to identify, prioritise, and sustain the infrastructure Cardano's security depends on.
Pillar 4 — Community and Ecosystem Growth
Long-term ecosystem health depends on growing the contributor pool. Tidelift (2024) found 60% of maintainers work unpaid and 59% have considered quitting. Several critical areas of the Cardano stack face this acutely — the global pool of capable contributors in some language ecosystems is small and barely growing.
The Contributor Pathway program establishes structured mentorship pipelines modelled on CNCF's LFX Mentorship, which produced 25 new maintainers since 2020. Structured contributor pathways grow the next generation of Cardano infrastructure maintainers across the languages and tooling the dependency audit identifies as highest risk. On-chain attestation against Cardano Stake Keys connects completions to the Builder Profile architecture, creating verifiable portable credentials.
Pillar 5 — Ecosystem Sustainability and Resilience
Sustainability requires operational architecture, not just funding availability. Cardano has treasury capacity and community governance. What it lacks is the layer that translates governance decisions into sustained, accountable maintenance programs. dOSPO/OMF provides that layer.
The Resilience program's succession planning and security coordination address bus-factor failures and incident coordination gaps directly. Portfolio stewardship ensures funding follows actual systemic risk, not proposal visibility. The two-council oversight structure — with public reporting, evidence-based renewal, and operator replaceability — ensures the program itself cannot become a sustainability risk through institutional capture.
KPI Alignment
Directly Supported KPIs
Critical dependencies with active funding: 15+ high-centrality projects by end Year 1, 20+ by Year 3.
Ecosystem health metrics: CHAOSS-aligned quarterly reports tracking maintainer attrition, bus factor, contributor conversion rates, and vulnerability response times.
Reduction in single-maintainer infrastructure: bus factor 2+ for all top-20 centrality projects by end Year 2.
Proposed KPIs
Dependency Centrality Coverage Rate — top-50 dependencies with active funding. Target: 40% Year 1, 70% Year 3. Measures whether critical infrastructure is supported regardless of advocacy capacity.
Contributor Conversion Rate — pathway participants reaching Trusted Committer status within 18 months. Target: 5% minimum.
Maintainer Attrition Rate — funded maintainers leaving or disengaging annually. Target: below 15%. Leading indicator of instability.
Security Response Time — disclosure to severity assessment. Target: under 48 hours.
Transparency Rate — quarterly reports published on schedule. Target: 100% (12 of 12).
Treasury Deployment Efficiency — program KPI outcomes relative to total expenditure.
SECTION 3 — PROPOSER
Display Name
Christian Taylor / Open Source Cowboy Consulting
Social Media
Website: opensourcecowboy.com
GitHub: github.com/thatguyllc
LinkedIn: linkedin.com/in/christian-taylor-766b01b1
X: @deopensourceguy
Contact Email
SECTION 4 — PROPOSAL DETAILS
ADA / USD Rate
Not applicable. Funds will only be withdrawn at ADA values; conversions may happen at operator discretion.
Work Packages Overview
Five work packages are described below. Each includes objectives, milestones, and budget.
Work Package 1 — Operations and Governance Infrastructure
Description
WP1 covers the institutional infrastructure that makes all other work packages possible. Four components run in parallel from month 1: (1) standing up the d(OSPO) operational team and program management systems; (2) constituting two independent advisory councils before any program funding decisions are made; (3) forming a dedicated d(OSPO) legal entity by month 6, transferring operational accountability from Open Source Cowboy Consulting to an independent governance entity; and (4) establishing the quarterly public reporting cadence that keeps governance accountable to DReps for the full 36-month term.
Objectives
Constitute both advisory councils with advisory authority by the end of month 3, before any WP2–WP5 funding decisions. Complete d(OSPO) legal entity formation by month 6. Launch quarterly public reporting from month 3. Operate strictly within council-advised parameters with no unilateral funding decisions by the program operator.
Expected Value
Governance independence is the structural difference between this program and previous Cardano maintainer initiatives. Two councils with no founding entity employees, a replaceable operator, and hard sunset criteria are not features — they are preconditions for the program's legitimacy. Without this infrastructure in place first, all subsequent programs risk replicating the selection and accountability failures they are designed to fix.
New or Continuation?
New initiative.
Nature of Work
Non-technical — governance, legal, program management, and reporting.
Milestones
| Milestone | Deliverable | Acceptance Criteria | Weeks |
|---|---|---|---|
| M1.1 — Council Constitution | Both councils chartered; members named; conflict of interest policies signed; first meeting held. | Both charters published on-chain. Zero founding entity employees. First meeting minutes within 72 hours. | 6 |
| M1.2 — d(OSPO) Entity Formation | Legal entity constituted; governance documents published; operator agreement executed; accountability transferred from Open Source Cowboy Consulting. | Registration confirmed. Documents published on-chain. Agreement executed. | 24 |
| M1.3 — Quarterly Reports (ongoing) | Quarterly outcome reports for all active programs published on-chain throughout the term. | Reports published within 14 days of each quarter end. All active programs covered. | 13, 26, 39… |
Budget — WP1
| Category | Description | Total (ADA) |
|---|---|---|
| Staffing | Head of d(OSPO) / Director of Operations; Program Manager; Contract Support; Community Manager; Part-time Legal Support | 1,000,000 |
| Operational Costs | Infrastructure, tooling, compliance, and administrative overhead required to operate over the full 36-month term | 500,000 |
| Advisory Councils | External Open Source Advisory Council and Technical Community Advisory Council — 1,000 ADA per member per month; seat-based selection | 500,000 |
| TOTAL WP1 | 2,000,000 ADA |
Work Package 2 — Maintenance Fund
Description
WP2 is the core sustainment program, deploying 6,000,000 ADA over 36 months to provide long-term, continuity-oriented funding for Cardano's highest-risk open source infrastructure: protocol libraries, wallet SDKs, developer tooling, indexers, and shared CI infrastructure across all languages in use in the Cardano stack.
It opens with a full dependency audit in months 1–3: scanning the full Cardano OSS stack, generating SBOMs in SPDX/CycloneDX format, scoring dependency centrality and bus factors, and publishing a coverage gap analysis. All retainer selection follows a published priority formula approved by the External Open Source Advisory Council before any project is selected. No selections are made outside it.
Three retainer tiers:
Tier 1 (centrality 70+, bus factor 1–2): 5–6 projects at 80,000–120,000 ADA/yr.
Tier 2 (centrality 40–70, bus factor 2–3): 6–8 projects at 40,000–70,000 ADA/yr.
Tier 3 (centrality below 40): up to 8 projects at 20,000–40,000 ADA/yr.
A 1,125,000 ADA portfolio reserve funds mid-cycle additions as the dependency map evolves and is returned to the treasury if undeployed. A public CHAOSS-aligned ecosystem health dashboard tracks funded project health quarterly.
Objectives
Complete dependency audit and publish centrality scores within 12 weeks. Fund 15+ high-risk dependencies by end of Year 1 and 20+ by end of Year 3. Achieve bus factor 2+ for all top-20 centrality projects by end of Year 2. Publish all selection decisions with rationale traceable to the priority formula. Maintain a CHAOSS-aligned health dashboard updated quarterly throughout the term.
Expected Value
No systematic, auditable map of Cardano's OSS dependency risk currently exists. Funding decisions are made without knowing which components pose the greatest systemic risk. WP2 closes that gap and keeps it closed through annual refreshes. Tidelift (2024) confirms paid maintainers produce measurably more improvements than unpaid counterparts. A single critical dependency going unmaintained costs the ecosystem far more in lost developer trust than the entire retainer budget.
Metrics: 15+ projects funded by Year 1 end. Maintainer attrition below 15% annually. Zero selections outside the published rubric.
New or Continuation?
New initiative. Structurally different from previous Cardano maintainer programs: data-driven selection from dependency audit, direct treasury withdrawal, independently governed by two councils, and fully auditable.
Nature of Work
Mixed — technical (dependency audit, SBOM generation, dashboard infrastructure) and non-technical (retainer governance, portfolio management, quarterly reporting).
Milestones
| Milestone | Deliverable | Acceptance Criteria | Weeks |
|---|---|---|---|
| M2.1 — Dependency Audit | Full dependency map published; SBOMs; centrality scores; bus factor assessments; coverage gap analysis. Retainer selection rubric approved by the External Open Source Advisory Council. | Audit reproducible and community-verifiable. Top-20 risk projects identified. Rubric published before any selection. | 12 |
| M2.2 — First Retainer Cohort | Published selection results with rubric scores for each project; signed agreements; first disbursements on-chain. | Results published with centrality scores. Rubric application auditable. Agreements executed. | 18 |
| M2.3 — Health Dashboard Live | Public CHAOSS-aligned dashboard tracking all funded projects: maintainer attrition, bus factor, security response time, release frequency. | Accessible at permanent URL. Metrics live. Quarterly update cadence confirmed. | 16 |
| M2.4 — Annual Portfolio Reviews (×2) | Evidence-based renewal decisions each year; dependency map refreshed; portfolio rebalanced based on updated centrality data. | Renewal decisions published with rationale for each project. Portfolio updated. Published within 14 days of review. | 52, 104 |
Budget — WP2
| Category | Description | Total (ADA) |
|---|---|---|
| Retainer Funding | Tier 1 — avg 5.5 projects at 100,000 ADA/yr × 3 years (centrality 70+, bus factor 1–2) | 1,500,000 |
| Retainer Funding | Tier 2 — avg 7 projects at 55,000 ADA/yr × 3 years (centrality 40–70) | 1,155,000 |
| Retainer Funding | Tier 3 — 8 projects at 30,000 ADA/yr × 3 years (centrality below 40) | 720,000 |
| Portfolio Reserve | Mid-cycle additions identified by annual audit refreshes; returned to treasury if undeployed | 1,125,000 |
| Technical Services | Dependency audit (Year 1); annual refreshes Years 2–3; CHAOSS dashboard build and hosting | 900,000 |
| Program Management | WP2 administration, quarterly reporting, council facilitation (36 months) | 300,000 |
| TOTAL WP2 | 6,000,000 ADA |
Work Package 3 — Maintainer Development Program
Description
WP3 is the only program that grows capacity rather than sustaining it. It establishes structured mentor–mentee pipelines within the Cardano ecosystem, retaining experienced maintainers as compensated mentors while building the next generation of contributors. Track structure is determined by the WP2 dependency audit: cohorts are opened in the language ecosystems where the gap between contributor demand and available maintainer supply is greatest. Program durations range from 4 to 6 months and stipends from 8,000 to 20,000 ADA depending on scope, with 2–3 cohorts per track per year.
Both tracks use a four-stage contribution ladder (New Contributor → Committer → Trusted Committer → Core Maintainer) with explicit progression criteria. Financial incentives are tied to sustained progression rather than one-time deliverables, filtering for stewardship orientation over speculative participation. Anti-Sybil design requires prior OSS contribution history for entry. All completions are recorded as on-chain attestations against Cardano Stake Keys.
Objectives
Deliver 48–60 participants across both tracks over 36 months. Achieve 70%+ cohort completion rate and 5%+ conversion to Trusted Committer status within 18 months. Record 100% of completions as on-chain attestations. Build academic and community partnerships in the language ecosystems identified by the dependency audit. Produce mentorship infrastructure — ladder tooling, mentor network, cohort framework — that persists independently after the program term.
Expected Value
Cardano's long-term infrastructure risk is not primarily maintainer burnout — it is that the replacement pool is tiny and barely growing. CNCF's LFX Mentorship produced 25 new maintainers since 2020. Producing 5–10 new maintainers in the ecosystem's highest-risk language areas, each capable of sustaining critical infrastructure for a decade, represents extraordinary leverage at this budget level.
Metrics: minimum 5% Trusted Committer conversion within 18 months. 18-month follow-up data published on-chain.
New or Continuation?
New initiative. No structured mentorship flywheel with stipend support and on-chain attestation currently operates in the Cardano ecosystem.
Nature of Work
Mixed — technical (attestation infrastructure, contribution ladder tooling) and non-technical (cohort operations, mentorship coordination, academic partnerships).
Milestones
| Milestone | Deliverable | Acceptance Criteria | Weeks |
|---|---|---|---|
| M3.1 — Program Infrastructure | Contribution ladder published for all 4 stages; mentor network confirmed (10+ mentors); on-chain attestation system live and tested. | Ladder criteria published. 10+ mentors confirmed. Attestation system operational. | 12 |
| M3.2 — First Cohorts Active | First cohorts in each active track enrolled with participants confirmed and stipends flowing. | Enrolments confirmed. Stipend disbursements on-chain. Progress check-ins documented. | 20 |
| M3.3 — Year 1 Outcomes | Both first cohorts completed; outcome reports published; on-chain attestations issued to all completers. | 70%+ completion rate both tracks. Attestations issued. Conversion rate vs. 5% target reported. | 40 |
| M3.4 — Full Cadence + Follow-up | All active tracks at full cadence; 18-month follow-up data on Year 1 completers published on-chain. | Cadence sustained. 18-month follow-up published. | 104 |
Budget — WP3
| Category | Description | Total (ADA) |
|---|---|---|
| Participant Stipends | Core infrastructure track — 2 cohorts/yr, avg 9 participants, 6 months at avg 17,500 ADA (~48 participants over 3 years) | 840,000 |
| Participant Stipends | Tooling and DApp layer track — 3 cohorts/yr, avg 12 participants, 4 months at avg 10,000 ADA (~108 participants over 3 years) | 760,000 |
| Mentor Compensation | Both tracks, all cohorts at 5,000 ADA/mentor/cohort | 200,000 |
| Technology | Contribution ladder tooling, on-chain attestation system, cohort management platform | 200,000 |
| Program Reserve | Retains experienced maintainers as mentors; covers additional cohort capacity and succession pipeline expansion as identified by the dependency audit | 1,000,000 |
| TOTAL WP3 | 3,000,000 ADA |
Work Package 4 — CodeForUs Bounty Program
Description
WP4 provides delivery-oriented funding for discrete maintenance and development work: security remediations, dependency updates, documentation, test coverage, and critical feature requests identified by the ecosystem. Contributors are rewarded upon successful merge into the relevant repository, with a 30-day post-integration monitoring period required before final payment.
Two streams: a standing bounty pool (individual bounties capped at 30,000 ADA, governed by a Technical Council-approved scope rubric) and a tooling sustainability stream explicitly for shared infrastructure — CI runners, SDKs, security scanning tools — that every project depends on but that has no natural grant applicant. All allocation decisions are published with rationale traceable to the rubric.
Objectives
Publish the scope rubric and open the first bounty round before any awards are made. Deploy the tooling sustainability stream every quarter. Achieve 70%+ bounty completion rate within 90 days. Publish outcomes for 100% of approved bounties.
Expected Value
Security remediations and dependency updates need focused sprint work that retainers cannot always prioritise. The tooling stream directly funds shared infrastructure that per-project mechanisms systematically underfund. CodeForUs also serves as an accessible entry point for contributors not yet ready for retainer commitment, creating a feeder pipeline into WP3.
Metrics: 100% of approved bounties with published outcomes. Zero payments without 30-day monitoring clearance. Tooling stream deployed each quarter.
New or Continuation?
New initiative. The structured approval-to-payment workflow, 30-day monitoring requirement, and dedicated tooling sustainability stream are novel elements distinguishing this from previous ad hoc grants.
Nature of Work
Technical (code delivery, security remediation) with governance overlay (scope approval, evaluation, reporting).
Milestones
| Milestone | Deliverable | Acceptance Criteria | Weeks |
|---|---|---|---|
| M4.1 — Platform Launch | Scope rubric approved by Technical Council and published; evaluation framework documented; first bounty round open. | Rubric published on-chain. Process documented. First round open within 30 days of M1.1. | 10 |
| M4.2 — Year 1 Cycle | Four quarterly rounds completed; all outcomes published; tooling stream deployed each quarter. | 4 rounds complete. All awards published. 100% cleared 30-day monitoring. Tooling stream deployed every quarter. | 52 |
| M4.3 — Years 2–3 Continuation | Eight further quarterly rounds; annual scope rubric review by Technical Council; cumulative impact report published annually. | 8 further rounds. Annual rubric review documented. Impact report published. | 156 |
Budget — WP4
| Category | Description | Total (ADA) |
|---|---|---|
| Bounty Awards | Standing bounty pool — open competition, work merged and verified before payment | 375,000 |
| Bounty Awards | Tooling sustainability stream — shared infrastructure with no per-project grant applicant | 125,000 |
| TOTAL WP4 | 500,000 ADA |
Work Package 5 — Ecosystem Activation Reserve
Description
WP5 funds programs that recruit new contributors and direct them toward Cardano's infrastructure needs: a Cardano Summer of Code (modelled on Google Summer of Code), targeted hackathons focused on gaps identified in the WP2 dependency audit, and developer activation events. These programs are the top-of-funnel for WP3 — producing participants who may progress to the Maintainer Development program and eventually to retainer-level contribution in WP2.
Objectives
Run at least one Cardano Summer of Code cycle per year with 10+ participants working on projects aligned to the WP2 dependency gap analysis. Host or co-host two targeted hackathons per year. Track the percentage of activation participants who subsequently engage with WP3 or WP4 within 12 months.
Expected Value
Retainer and mentorship programs can only sustain what exists. Without a continuous inflow of new contributors, every other program eventually exhausts its pool. WP5 ensures d(OSPO) is not just sustaining today's maintainers but actively recruiting tomorrow's.
Metrics: 30+ activation participants per year. 10%+ proceed to further structured ecosystem engagement within 12 months.
New or Continuation?
New initiative.
Nature of Work
Mixed — community programming with technical infrastructure focus.
Milestones
| Milestone | Deliverable | Acceptance Criteria | Weeks |
|---|---|---|---|
| M5.1 — Summer of Code Launch | First Cardano Summer of Code: participant selection aligned to WP2 dependency gaps, mentor assignments, stipends flowing. 10+ participants. | 10+ participants confirmed. Projects aligned to WP2 gap analysis. Mentors assigned. Stipends on-chain. | 24 |
| M5.2 — Hackathons (×2/yr) | Two annual hackathons with infrastructure focus; post-event reports tracking participant conversion to WP3/WP4. | Events held. Outcome reports published. Funnel conversion tracked. | Annually |
| M5.3 — Annual Activation Reports | Annual reports on activation outcomes: participants, projects, conversion rates to WP3/WP4, lessons learned. | Reports published on-chain within 30 days of each year end. | 52, 104, 156 |
Budget — WP5
| Category | Description | Total (ADA) |
|---|---|---|
| Stipends | Cardano Summer of Code — 3 cycles × avg 10 participants × avg 5,000 ADA/participant | 150,000 |
| Events | Hackathons — 6 events over 3 years at avg 20,000 ADA (prizes and logistics) | 120,000 |
| Operations | Program coordination, marketing, participant management (36 months) | 100,000 |
| Reserve | Additional activation opportunities identified via the WP2 dependency audit; undeployed reserve returned to treasury | 130,000 |
| TOTAL WP5 | 500,000 ADA |
The 130,000 ADA reserve within WP5 covers activation opportunities identified via the WP2 dependency audit, such as targeted university or community outreach in high-risk language areas. All undeployed reserves are returned to the treasury.
Full Program Budget Summary
| Work Package | Year 1 (ADA) | Year 2 (ADA) | Year 3 (ADA) | Total (ADA) |
|---|---|---|---|---|
| WP1 — Operations and Governance | 667,000 | 667,000 | 666,000 | 2,000,000 |
| WP2 — Maintenance Fund | 1,200,000 | 2,400,000 | 2,400,000 | 6,000,000 |
| WP3 — Maintainer Development | 600,000 | 1,200,000 | 1,200,000 | 3,000,000 |
| WP4 — CodeForUs Bounty Program | 166,000 | 167,000 | 167,000 | 500,000 |
| WP5 — Ecosystem Activation Reserve | 100,000 | 200,000 | 200,000 | 500,000 |
| TOTAL | 2,733,000 | 4,634,000 | 4,633,000 | 12,000,000 ADA |
The portfolio reserve within WP2 (1,125,000 ADA) is returned to the Cardano Treasury if undeployed at program end. See Section 5 for repayment conditions.
Operations Budget — 2,000,000 ADA
Operations is governance independence infrastructure, not overhead, the structural difference between dOSPO/OMF and foundation-backed programs. Unneeded roles / salaries will be returned.
| Role / Function | Annual (ADA) | 3-Year Total (ADA) | Notes |
|---|---|---|---|
| Program Director — Christian Taylor / OS Cowboy Consulting (transitional, dOSPO entity from month 7) | 180,000 | 540,000 | No founding entity affiliation |
| Program Manager | 120,000 | 360,000 | Retainer admin, reporting, council support |
| Security Coordination (part-time contractor) | 80,000 | 240,000 | Pre-incident protocol, SPO liaison |
| Legal and Compliance | 50,000 | 150,000 | Entity formation Yr1, ongoing compliance Yrs 2–3 |
| Governance Facilitation | 40,000 | 120,000 | DRep engagement, proposal administration |
| Tooling and Infrastructure | 30,000 | 90,000 | Program management systems |
| Dependency Audit Analytics (Yr1: 60K, Yrs 2–3: 30K) | 40,000 avg | 120,000 | Tooling and refresh support |
| Contingency — 10% operational reserve | 90,000 | 270,000 | |
| TOTAL OPS | ~650,000/yr | 1,890,000 | Under 2,000,000 ADA budget |
Program Oversight and Governance
Two independent councils are constituted before any program funding decisions are made. Both publish meeting minutes within 72 hours.
| Body | Members | Composition | Authority | Cadence |
|---|---|---|---|---|
| External Open Source Advisory Council | Max 7 | External OS experts. Min 3 with non-Cardano OS experience. | Retainer rubrics, funding eligibility, program sunset | Monthly |
| Technical Community Advisory Council | Max 7 | Cardano technical contributors, community reps, min 1 SPO. | Dependency methodology, technical acceptance criteria, bounty scope | Monthly |
| Program Operator | Staff | Open Source Cowboy Consulting (months 1–6), dOSPO Entity (month 7+) | Execution within council-approved parameters only. No unilateral funding decisions. | Ongoing |
| On-Chain Governance | DReps | Cardano governance participants | Budget authorisation, operator replacement, major reallocations | As required |
Security Response Protocol: 3–5 named individuals hold pre-authorised 48-hour coordination authority (not budget authority) for disclosed vulnerabilities. Actions reported to both councils at next meeting. Emergency authority contracts immediately after each incident.
SECTION 5 — BUDGET SUMMARY
Will any portion of funds be returned to the Treasury?
Yes. The 1,125,000 ADA portfolio reserve within WP2 is returned at program end if undeployed. The 130,000 ADA activation reserve within WP5 is also returned if undeployed. Unspent operational contingency is returned. Treasury repayment is a hard commitment. Every unspent funds will be returned or upon sunset mechanism activation.
Repayment Conditions
Portfolio Reserve (1,125,000 ADA): returned at program end if annual audit refreshes do not identify new critical projects warranting mid-cycle additions.
Operational Contingency (270,000 ADA): returned at program end following final audit.
Early termination: all uncommitted funds returned within 30 days of governance vote.
M1.5 non-achievement: if dOSPO entity formation is not completed by month 6, the portfolio reserve is frozen until the milestone is achieved or governance votes on an alternative.
Prior Cardano Ecosystem Funding
OSC Paid Open Source Model- This is built from the lessons learned of that program and this budget is intended to replace it in a true decentralized fashion. Intersect committees will be consulted throughout this process.
SECTION 6 — BUDGET ADMINISTRATION
Administrator
Months 1–6: Christian Taylor through Open Source Cowboy Consulting as Founding Coordinator. All decisions subject to both oversight councils. No unilateral program funding decisions.
Month 7 onward: [dOSPO Entity Name] — independent legal entity constituted by end of Month 6 (Milestone M1.5). Jurisdiction: TBD Governance documents published on-chain upon registration. Entity formation by month 6 is a contractual obligation. Failure triggers automatic portfolio reserve freeze and governance review.
Company or Individual?
Company — Open Source Cowboy Consulting (transitional). dOSPO legal entity (from month 7).
Primary Contact
Christian Taylor — CoFounder and Chief Open Source Officer, Open Source Cowboy Consulting
Primary Contact Email
Independent Audit and Assurance
Four-layer assurance structure:
Financial Audit — independent qualified auditor Mill Law Firm conducts quarterly financial reviews and annual program audits. All reports published publicly within 30 days.
Program Effectiveness Audit — annual independent assessment against all published KPIs by a party independent of the operator and both councils. Reports published on-chain.
On-Chain Transparency — all treasury withdrawals, disbursements, and major decisions publicly verifiable by any ADA holder.
Council Oversight — both councils review quarterly reports at monthly meetings with published minutes. Either council can trigger a special audit by majority vote.
SUPPORTING REFERENCES
Framework architecture, evidence base, and operational specifications:
Open Maintenance Framework (OMF) v1.0 — March 2026 — opensourcecowboy.com
Decentralized Open Source Program Office (dOSPO) v1.0 — March 2026 — opensourcecowboy.com
CHAOSS Community Health Analytics Framework — chaoss.community/metrics
Harvard D3 Institute: The Value of Open Source Software — Hoffman, Nagle and Zhou, 2024
Linux Foundation: Open Source Maintainers Report 2023
Tidelift State of the Open Source Maintainer Report 2024
CNCF Mentorship Flywheel — 2025
Protocol Guild Documentation — 2023–2025 — protocol-guild.readthedocs.io
OpenSSF: Why Open Source is Infrastructure — 2023
References
OMF
Youtube Explainer
Votes
Your vote
DRepRationale
Proposal Information
-
TypeTreasury Withdrawal
-
StatusVoting
-
Submitted OnMay 11, 2026
-
Expires OnJun 13, 2026
-
Voting PartiesDRepCC