I think at this point it's undisputed that modern society relies on a lot of permissively licensed software, and the people who maintain that software aren't getting paid enough (or at all) to do it. xz is only the most recent example, NTP and OpenSSL come to mind.

I used to do OSS development full time, but it wasn't financially sustainable for me.

IMO, that's more of a sad story about the state of respect for supply chain risk management in the software engineering discipline. It may be convenient at first to add a bunch of dependencies for free that solve a particular task, and ignore the part that says "AS IS WITHOUT WARRANTY OF ANY KIND". The only thing a FOSS license gives anyone is code. It never gave anyone maintenance or support.

Any organization that uses software that is "as is" should have a plan to maintain that software themselves, or mitigate the risk in other ways. And many of the large players in this industry do exactly that, and their full-time employees are top contributors to many large FOSS projects.

A great many open source maintainers are employed by a corporation that pays them well, if not fantastically well, for maintaining it. Over time, the trend has been increasingly in that direction.

Exactly. If I put something out in the world for the benefit of others, and someone packages it up for profit, I'm still achieving my goal. In fact, that helps my goal to advance even further! That's not depressing to me, that's exciting.