Can open source make business sense?

Can open source make business sense? Scale • James Martin • 13/01/23 • 6 min read

Open source software - i.e .software based on code that is transparently open and available to all - has been an IT cornerstone since the foundations of the internet, in the 1950s and 60s. To this day, true to its “free to access” roots, open source software remains at its base a not-for-profit movement.

That hasn't stopped it from spawning major commercial success stories. Red Hat , market leader for the Linux operating system, was bought by IBM for €34bn in 2019; or Elastic , the company behind Elasticsearch, $6bn . So it’s little surprise that open source startups are sparking venture capital interest, with unicorns Grafana Labs and Redis hitting multi-billion valuations in recent years.

To maintain free-of-charge access to software, open source solutions have innovated a variety of different ways to monetize open source projects : openSaaS models, open core models, custom feature requests, support plans, multi-licensing, donations, sponsors, and training. Most commonly, a mix of revenue sources are leveraged , aimed principally at paying those who develop and support said solutions, but avenues for commercialization are certainly available.

Today, open source is increasingly seen as an alternative to software provided by GAFAM, especially when those latter offerings tend to lock users into a walled garden of solutions incompatible with those of other publishers. As BlueMind CEO Pierre Baudracco puts it, “ one of the problems we have with hegemonic solutions is the lock-in aspect. This doesn't exist with open source , which allows different stakeholders to join forces to create alternatives; a safeguard that allows you to maintain a balanced relationship with suppliers.”

For the people by the people

Open source isn't a business model, but rather a philosophy ; it's not so much free-to-use software, as it's a community-driven movement based on values such as freedom, accessibility, and love for the craft.

Scikit-learn is a free French open source Python platform that allows users to run machine learning applications. As François Goupil , Growth Developer at Scikit-learn Consortium , puts it: “We are just as much in contact with big companies like Airbus as with students. 400k projects on Github depend on Scikit-learn. So it's clearly civil society that benefits from it .”

Often, projects are propelled forward by little more than the passion of a handful of people. And therein lies risk . The OpenSSL Heartbleed security bug, one of the biggest security breaches of the time, shone a light on the fact that, as Buzzfeed put it , “the internet [was] being protected by two guys named Steve”. Or cURL (client URL), a command line tool for information transfer and one of the world's most popular open source projects – it's essentially run by one guy .

Other projects are financed by software creators offering product support as a paid optional extra; by foundations such as The Linux Foundation or the Apache Software Foundation; or simply by donations from their community of users.

Most open source projects are happy to give away their code for free, under a simple "do what you want” licensing model with a key addendum – “but don't sue us” as is the case for the PostgreSQL. This is another risk for businesses.

“ If something goes wrong with a commercial publisher, it’s their responsibility. So we delegate a risk. Not with open source. It's not because we pay that we have better service . Admittedly, not everyone at Poclain has the same opinion on that,” explains Stéphane Chaperot , Group IOT Architect, Poclain .

Speaking of risks for businesses, the open source community was shaken up , when database solution MongoDB changed the terms of their open source project's license in 2018, placing restrictions on how they can be used.

“ I bet everything on MongoDB, then I had to go and face up to my clients when they raised their prices . Consuming open source is a responsibility, especially in terms of risk. We must be aware of this, in the interest of our customers, and therefore be transparent. We must be able to review our choices more and more quickly. As with the multi-cloud, I must not put all my eggs in the same basket,” says Arnaud Muller , Cleyrop Co-Founder.

Big tech vs open source: a rocky relationship

The corporate world's extensive and one-sided reliance on open source solutions has been a contentious topic throughout the history of open source, particularly in the context of taking code for commercialization, without contributing back to the community . That said, it's increasingly common for companies to hire engineers in-house to work on the external open source projects that underpin their operations, most likely as a risk-aversion strategy.

“ Amazon (AWS) has already recruited 5-6 experts to work on PostgreSQL , so it does contribute to development,” says Laetitia Avrot, Field CTO at EDB and expert of open source relational database PostgreSQL.

That said, the relationship between big tech companies and open source projects remains combative. Recently, Elastic , the company behind Elasticsearch, found itself in similar controversy to MongoDB, after shifting from the Apache License 2.0 to SSPL (Server Side Public License), which put new restrictions on the commercial use of the software. A decision sparked by occasions when CSPs (cloud service providers) like AWS have made their own commercial versions of open source software solutions.

As David Pilato, Developer & Evangelist at Elastic, explains: “We tried to create a business model on top of our open source project, Elasticsearch. But the "support" option – paying for customer support, an option which finances many open source projects – didn’t work. So we created the product in two parts: one in Apache 2, which anyone can modify; and another part with our own paid license. AWS took the free version, but made its own version – 'elastic search as a service' – so there were two versions, and our users were lost . How to counter-attack? The only way we found was to switch to a non-open source license , like MongoDB. It was the only way to protect ourselves. It didn't change anything for most of our users, only those who want Elasticsearch as a service.”

As Guillaume Laforge , Developer Advocate at Google Cloud , points out, attitudes toward open…