Open source software - i.e .software based on code that is transparently open and available to all - has been an IT cornerstone since the foundations of the internet, in the 1950s and 60s. To this day, true to its “free to access” roots, open source software remains at its base a not-for-profit movement.
That hasn't stopped it from spawning major commercial success stories. Red Hat, market leader for the Linux operating system, was bought by IBM for €34bn in 2019; or Elastic, the company behind Elasticsearch, $6bn. So it’s little surprise that open source startups are sparking venture capital interest, with unicorns Grafana Labs and Redis hitting multi-billion valuations in recent years.
To maintain free-of-charge access to software, open source solutions have innovated a variety of different ways to monetize open source projects: openSaaS models, open core models, custom feature requests, support plans, multi-licensing, donations, sponsors, and training. Most commonly, a mix of revenue sources are leveraged, aimed principally at paying those who develop and support said solutions, but avenues for commercialization are certainly available.
Today, open source is increasingly seen as an alternative to software provided by GAFAM, especially when those latter offerings tend to lock users into a walled garden of solutions incompatible with those of other publishers. As BlueMind CEO Pierre Baudracco puts it, “one of the problems we have with hegemonic solutions is the lock-in aspect. This doesn't exist with open source, which allows different stakeholders to join forces to create alternatives; a safeguard that allows you to maintain a balanced relationship with suppliers.”
Open source isn't a business model, but rather a philosophy; it's not so much free-to-use software, as it's a community-driven movement based on values such as freedom, accessibility, and love for the craft.
Scikit-learn is a free French open source Python platform that allows users to run machine learning applications. As François Goupil, Growth Developer at Scikit-learn Consortium, puts it: “We are just as much in contact with big companies like Airbus as with students. 400k projects on Github depend on Scikit-learn. So it's clearly civil society that benefits from it.”
Often, projects are propelled forward by little more than the passion of a handful of people. And therein lies risk. The OpenSSL Heartbleed security bug, one of the biggest security breaches of the time, shone a light on the fact that, as Buzzfeed put it, “the internet [was] being protected by two guys named Steve”. Or cURL (client URL), a command line tool for information transfer and one of the world's most popular open source projects – it's essentially run by one guy.
Other projects are financed by software creators offering product support as a paid optional extra; by foundations such as The Linux Foundation or the Apache Software Foundation; or simply by donations from their community of users.
Most open source projects are happy to give away their code for free, under a simple "do what you want” licensing model with a key addendum – “but don't sue us” as is the case for the PostgreSQL. This is another risk for businesses.
“If something goes wrong with a commercial publisher, it’s their responsibility. So we delegate a risk. Not with open source. It's not because we pay that we have better service. Admittedly, not everyone at Poclain has the same opinion on that,” explains Stéphane Chaperot, Group IOT Architect, Poclain.
Speaking of risks for businesses, the open source community was shaken up, when database solution MongoDB changed the terms of their open source project's license in 2018, placing restrictions on how they can be used.
“I bet everything on MongoDB, then I had to go and face up to my clients when they raised their prices. Consuming open source is a responsibility, especially in terms of risk. We must be aware of this, in the interest of our customers, and therefore be transparent. We must be able to review our choices more and more quickly. As with the multi-cloud, I must not put all my eggs in the same basket,” says Arnaud Muller, Cleyrop Co-Founder.
The corporate world's extensive and one-sided reliance on open source solutions has been a contentious topic throughout the history of open source, particularly in the context of taking code for commercialization, without contributing back to the community. That said, it's increasingly common for companies to hire engineers in-house to work on the external open source projects that underpin their operations, most likely as a risk-aversion strategy.
“Amazon (AWS) has already recruited 5-6 experts to work on PostgreSQL, so it does contribute to development,” says Laetitia Avrot, Field CTO at EDB and expert of open source relational database PostgreSQL.
That said, the relationship between big tech companies and open source projects remains combative. Recently, Elastic, the company behind Elasticsearch, found itself in similar controversy to MongoDB, after shifting from the Apache License 2.0 to SSPL (Server Side Public License), which put new restrictions on the commercial use of the software. A decision sparked by occasions when CSPs (cloud service providers) like AWS have made their own commercial versions of open source software solutions.
As David Pilato, Developer & Evangelist at Elastic, explains: “We tried to create a business model on top of our open source project, Elasticsearch. But the "support" option – paying for customer support, an option which finances many open source projects – didn’t work. So we created the product in two parts: one in Apache 2, which anyone can modify; and another part with our own paid license. AWS took the free version, but made its own version – 'elastic search as a service' – so there were two versions, and our users were lost. How to counter-attack? The only way we found was to switch to a non-open source license, like MongoDB. It was the only way to protect ourselves. It didn't change anything for most of our users, only those who want Elasticsearch as a service.”
As Guillaume Laforge, Developer Advocate at Google Cloud, points out, attitudes toward open source projects vary among cloud service providers (CSPs): “Not all CSPs have the same approach to open source. Google doesn't want to vampirise publishers, but rather partner with vendors like Elastic, instead of forking the product and giving nothing back.”
The risk of large tech companies effectively appropriating open source projects is cause for concern, particularly as it relates to innovation. Open source projects employing certain business models to ensure continued support find themselves in competition with others for resources.
As Scaleway President Arnaud de Bermingham puts it, “the real innovative part – but risky, because it can give weapons to its competitors – is examples like Borg from Google, which inspired Kubernetes after the publication of its white paper, which open source developers adapted afterward”.
Laforge adds that “open sourcing/donating code doesn't make much sense when you don't give everything that goes with it. For Kubernetes, we preferred to participate rather than watch from the sidelines. Then the white paper aspect also allows us to attract the best talent moving forward”.
Open source can make business sense, both for project creators and the businesses using it. That said, it's not uncommon for commercialization to come at odds with the underlying open source philosophy, and, once undertaken at scale, it may put volunteer communities in the ring with profit-driven tech behemoths – a ruthless fight the latter is much better equipped for.
Open source confers various advantages to businesses, from fostering tech accessibility to helping avoid vendor lock-in, but the risks, chief of which is faith in the continued reliability and stability of external parties, must be taken into account.
“The debate is not clear-cut, but the different models contribute to creating a logic of reversibility that we all need,” concludes Scaleway CEO Yann Lechelle.
What could the most useful models be for open source’s future evolution? Be it BDFL (benevolent dictator for life) — when an individual leader takes on a project, then grows a community around it; or Vendor-neutral governance, where a project cannot be owned by any single vendor, but comes with a reference format that allows re-creation — the options are as many and varied as the creative and functional possibilities offered by open source software today. Possibilities that can only flourish… with the right governance.
On November 8, 2022, Scaleway participated in the Open Source Experience event in Paris. All quotes above are from the event's two panels “Open source as a service: benefits & risks” and “Cloud innovation vs open source”.
Find out more about Scaleway’s Open Source Program here.
This article provides a curated list of great open-source projects to help you build your startup and deal with tooling, design, infrastructure, project management, cybersecurity, and more.
Jean-Baptiste Kempf spoke at the CTO Forum about how far open source has come since he joined VLC, today's challenges, and why open source as critical to the current and future health of the Internet.
Recent open-source incidents sparked a debate on how corporations and society rely heavily on open-source–while never funding or contributing to it.
