by CIO Staff

Can Vendors Control Open Source?

Feb 22, 20065 mins
Open Source

In the flurry of stories about Oracle’s purchase of Sleepycat last week, I was struck by a statement by MySQL’s CEO Marten Mickos in an interview with Forbes:

Forbes: Do open source firms that sell to large, proprietary software companies risk being dubbed sellouts by the community that’s helped them develop their software?

Mickos: Of course if someone sells out, everyone calls them a sellout. But what’s important is that you cannot buy a community. The community of developers will leave and start a new, independent community if they aren’t happy. Open source communities like software freedom and control. If young people hang out at a disco and someone turns the disco into a church, the kids won’t stay. They’ll find a new disco. You can’t buy your audience—in discos or open source.”

There’s evidence that Mikos’s statement—which is accepted on faith by many in the software development world and by many in the media—is increasingly out of touch with reality. First, as those with deep experience working across different open source projects have told me, there is no such thing as an open source “community”—in the sense that it is monolithic and united in a common purpose. MySQL and Linux, with their legions of volunteer developers, are exceptions rather than the rule. Many open source projects are tiny and staffed entirely by people who are paid to support the software.

Indeed, the software is seen as a route to riches by the developers, who figure if they give away the software using the viral distribution channel that is the Internet, they can make money by offering support for the code they write. Oracle can do that just as easily as Sleepycat did and control the destiny of the code. The real customers of the software won’t complain as long as they keep getting it for free.

Free in this case means free beer, not freedom. It’s the core of the emerging business model I call “mixed source,” whereby the entrepreneurs offer two versions of their software: one open and the other proprietary. The proprietary version attracts venture capital money that allows the company to grow. The open source version becomes a cheap way to market the proprietary stuff: Potential customers download it and test it themselves and then seek out support and more powerful functions offered in the proprietary version. Beats hiring a sales and marketing staff.

CIOs whom I interviewed for my recent story on open source business models were skeptical of the mixed source model. But that hasn’t stopped venture capitalists from funding this model at a dizzying pace. And it hasn’t stopped formerly open source companies from going proprietary. A software package called Nessus was initially released under an open-source license in 1998, but the latest version (3.0) has been released under a commercial license (earlier versions remain available as open source)—though it is still free to users. Nessus’s original developer, Renaud Deraison, who has started a company (Tenable Network Security) behind the software, says his commercial customers pressured him to close the source. “Many of them had prohibitions against [open-source] software or had to jump through legal hoops to get permission for it,” he says. “What they want is quality, free software. The license is less important.” Though Nessus’s shift has brought criticism from some open-source advocates on discussion websites like, Nessus usage seems not to be affected—at least not yet. And Deraison has also said that his staff hasn’t had a lick of help from the open source “community.” It doesn’t exist for Nessus, apparently. Thousands of users download it, but Deraison and his staff do all the coding. So why not reap the rewards for their trouble?

CIOs prefer the open-source business model that open source developers have the most trouble selling to potential investors: a services model in which the company sells support for a single, open-source code base. CIOs love the idea of their money going directly to the support and maintenance of the software. But venture capitalists don’t see as much value in it. Margins are lower for services than for software and leaving the code open lowers the barrier to entry for potential new competitors.

The wild card in the future of open source is the degree to which CIOs decide to step in where the venture capitalists won’t. Some CIOs I’ve spoken to are skeptical that open source communities will ever emerge for some of the software they really need: boring legacy support stuff that lacks the pizzazz of a database or an operating system. “There are things I need, but people in the community think it’s too boring to work on them—like Unix utilities or an open-source Cobol,” says Barry Strasnick, CIO of CitiStreet, a benefits management company.

CIOs could become the venture capitalists. It would work this way: CIOs hire consultants to write code for areas where they have holes to fill but the software isn’t part of their core competence and is broadly applicable enough that other companies could benefit from using it. They have the consultants release the software as open source. The consultants are happy because they get to sell services to other companies. CIOs potentially benefit because the other customers may pay the consultants to write useful additions to the software that the original CIO gets to use for free. Maintenance and support are handled by the consultants and—perhaps—a community of users that emerges around the new product. If the community and the consultants disappear, CIOs simply take the code base to another outfit for support.

What do you think?