I think this was highlighted quite well by the recent awareness of OpenSSL and GPG funding problems. They can at least get some publicity because of the security context. There are heaps of smaller projects which are absolutely critical, arcane and sometimes invisible. The syslinux and pxeboot tools for example.
https://www.buzzfeed.com/chrisstokelwalker/the-internet-is-b... https://www.propublica.org/article/the-worlds-email-encrypti...