If Only There Was a Manual for Monetizing Open Source

If you follow open source licensing developments and news, you’re most definitely aware of the highly dynamic environment we’ve been witnessing for the past 18-24 months. At the heart of the matter, there is a handful of technology startups that are either creators/founders of open source projects or major contributors to open source projects. These startups and their backing venture capitalist firms (VCs) are trying to monetize these open source projects and facing some challenges in doing so. Monetizing open source projects has always been and continues to be a challenge to be figured out on a case by case basis depending on the open source project at hand, the startup team, the dynamics with the funding VC, and their overall understanding of the open source model and ecosystem.

The primary challenge is the fact that a lot of this open source software can be made available as a service and major cloud providers are simply doing that. They are leveraging all what open source has to offer and integrating these projects as functionalities with their cloud offering without any financial contributions back into the startups that created and driving the development of these open source projects. Not be generalistic in grouping all cloud providers in the same bucket, it is critical to mention that some cloud providers are behaving in a much friendlier way towards these open source startups and their open source projects than others.

First off, some basics on open source licensing. Today, there are close to a 100 licenses that are approved by the Open Source Institute as complying with its definition of open source. Being OSI-approved, communicates to the adoptees of the code provided under that licenses a set of principles that the license afford despite the fact that each of these 100 or so licenses outline different policies for using, modifying and redistributing source code, and range from the more restrictive to the very liberal.

Making money from open source, or most popularly referred to as monetizing open source, has been a challenge that very few companies were able to crack. Red Hat is the poster child of a hugely successful company that has built its products/services offering around open source software and is greatly integrated with the various open source project communities.

Red Hat stock performance in the past 10 years with the S&P 500 performance as a reference.

A Licensing Problem Versus a Business Model Problem

In today’s business environment, starting a company can’t be any easier. Identifying a problem and working to provide a solution as an open source project collaborating with everyone else who’s touched by that problem is fewer degrees harder. Raising money on these assumptions, looking at today’s startups, is seemingly very possible. The true difficulties and hardships start to arise when the company is unable to define or articulate how they will create a revenue-generating business that relies at its heart on commodity open source software. Putting that model on a chart is a lot easier than actually than actualizing it. VCs have poured 100’s of millions into startups promising to crack that “open source business model” to realized months or years later that this is not going much anywhere, and therefore, maybe the problem will be resolved and the VC’s can monetize on their investments by reshaping the licensing regimen.

As a startup founder, or a VC backing such a startup, you are left wondering why you should license your core project under an open source license that allows cloud providers to leverage your efforts without paying for it. An extension to that thought is the exploration of various licensing paths that can close that (presumably) loophole. This situation has lead the way to a new school of thought called Open Core that is definitely not open source and it advocates for an approach that is somewhat not as clear cut as proprietary versus open source. Open Core is meant to offer a blend of open-source and proprietary software where the core platform remains free and open-source (with very limited features/functionality), and paid users/enterprises can then choose to pay for add-on services or unlock proprietary, feature-rich platform capabilities. Examples of such “open core companies” include Docker, Elastics, GitLab, MongoDB, Redis and others.

One of the immediate results of the license switch from an OSI-approved open source license to a self-declared open source license was being kicked off from open source distribution channels. As Chris Chris Aniszczyk (CTO of Cloud Native Computing Foundation) stated over his twitter account: “side effect of fauxopen licensing: widely used package managers removing you and a distribution channel”. This tweet came in response to MacHomebrew removing MongoDb from its distribution channel. Red Hat also stopped using MongoDB in Red Hat Enterprise Linux and Fedora due to its new Server Side Public License (news coverage via ZDNet).

Attempting to Define “Open Core”

This Open Core path or model is enabled by new licenses that has been forged to support the monetization aspect of the startups built around open source projects and targeted specifically against cloud providers. These licenses include the Server Side Public License (SSPL, view license text) and the Commons Clause (view clause language and FAQ). In an interesting development, the SSPL was proposed as an open source license candidate to OSI following OSI’s license review process. The OSI’s ruling was that SSPL is not an open source license.

ZDNet has published a few pieces (here, here and here) on this topic. If you’re interested in the VC point of view, then this piece by Salil Deshpande (Bain Capital Ventures) does that.

It is worth flagging here, given how this writing is going, a parallel effort that has been ongoing for a few months now called the Polyform Project whose goal is to “draft and make freely available plain-language source code licenses with limited rights” (the emphasis is ours).

 

Licensing Heatwave in San Francisco at the Open Core Summit

Coincidentally, the other week was the inauguration of the Open Core Summit in San Francisco on September 19-20, billed as “The world’s first and largest ecosystem gathering across the burgeoning COSS (commercial open-source software) category”. It was extremely interesting to watch the Twitter feed coming out of the event to get a sense of the direction in which these various talks are going. For the record, none of us here at FOSSID was at the event but we felt close enough given the fire hose of tweets coming in from the participants in the summit. 

We thought to drop here a few of such tweets for the purpose of simply illustrating the sentiments towards the various talks. Our mentions here are not in any way an endorsement of the tweeters nor their tweets but a simple way to relay some of the reactions to what was happening at the event.

The first is from Mike Milinkovich, Executive Director of the Eclipse Foundation Inc. It is important to note here that Bain Capital Ventures holds investment in several startups with a promise to build a profitable business monetizing open source projects and hence they have a highly vested interest in reshaping the open source licensing landscape to benefit their investments.

Another thread that we followed closely was by Jim Jagielski, best known as cofounder, member, and director of the Apache Software Foundation.

A third perspective is that of Van Lindberg, Legal Counsel at Dykema. It is worth to read these threads (they’re short and limited to 280 characters!).

At the event, Deborah Bryant (Senior Director of Red Hat’s Open Source Office), argued that there is no open source business model and that open source is a development model, and discussed the concerns with the open core model as contrasintning participation to the project, devaluing the community, exercising a new set of vendor lock-in constraints, and imposing a new set of deployment contstains.

Jono Bacon, a leading community strategist, speaker, author, and podcaster,  has written a piece in Forbes on the topic entitled “Weaving Open Core that Works” in which he argues that the open core model is not without controversy and to be successful in applying in, it requires very precise balance between generating a clear source of revenue and having a collaborative, open community.

 

A Changing Landscape Impacts Open Source Compliance

Why are we writing about this? It’s simple. This highly dynamic and changing open source licensing landscape has definitely an impact on licensing compliance. There are new licenses that are being introduced and ambiguously billed as open source licenses, existing licenses are being modified to incorporate new clause(s), and dozens of projects updating their licensing terms. All of these factors have huge implications on how you would ensure compliance. Developers in your organization may not be following these various developments but, if you’re reading this blog post, then you should and we’re doing our part in communicating and flagging these developments for open source compliance officers to be aware of.

Based on a firm belief in the strength of open source software as the enabler for innovation and rapid growth, we support companies with their open source compliance efforts and most recently in identifying security vulnerabilities in source code bases. We have the most comprehensive knowledge base containing almost 80 Million projects, and a purpose-built, AI-powered, software scanning engine providing extremely fast and accurate scan results.

If you are interested in learning more, please drop us a note and we are happy to extend your organization a time limited free license of our tool for you to test drive and compare it apple-to-apple with whatever you are using today. We are confident that you will be pleased by our coverage, speed and enhanced functionalities.

Until then, long live open source!

Let us help you with your open source software compliance.