Business models and open source

One of the more lively sessions that was held at the 2019 Legal and Licensing Workshop (LLW) was Heather Meeker's talk on open-source business models and alternative licensing. As a lawyer in private practice, Meeker worked on a number of the alternative licenses that were drafted and presented over the last year or so. But she is also part of a venture capital (VC) firm that is exclusively investing in companies focused on open source, so she has experience in thinking about what kinds of models actually work for those types of businesses.

The LLW is organized annually by the Free Software Foundation Europe (FSFE). It is meant as a gathering for lawyers, engineers, and others interested in licensing topics. By default, sessions are run under the Chatham House Rule, which means that participants cannot be identified, either by name or affiliation. Meeker waived that rule for her talk, though those from the audience who made comments may or may not have waived the rule.

Meeker acknowledged that her topic was controversial, but that she would be "your Beatrice [from the Divine Comedy] to the miasma of venture-backed open-source companies". Her slides were entitled "What color are your razor blades? FOSS business models". The title is referencing the famous What Color is Your Parachute? book for job seekers. The idea is to imagine an idea with specificity, so open-source companies need to imagine what they are selling (their "razor blades") with specificity in order to be successful.

Otherwise, she said, they end up with the business model of the Underpants Gnomes ("1. Collect underpants, 2. ?, 3. Profit"). For a long time, there was a tendency for open-source entrepreneurs to equate "lots of downloads" with profit, which is more or less the same thing. That is not really going to happen unless a lot of thought is put into how the business will actually function.

Business and open source

Meeker was glad to hear other presentations at LLW make the distinction between open source as a licensing model and as a development model. It is something that she and others have been trying to get across to people who are trying to understand what open source is. She took that one step further to say that open source is not a business model. There are, however, business models that employ open source as an important strategy. Though some will disagree with her, she thinks it is beside the point to ask if a business is an "open-source business" because for-profit businesses may use open source as part of their strategy, but that doesn't make them an open-source business.

She noted that she had not invented any of the business models she was presenting, she has simply collected her thoughts on what she has observed. For "open source", she is referring to the "Cathedral and Bazaar" style of community development, where the code is generally available under an open-source license. Open source has become "big business" these days; people have begun to recognize its incredible power for building businesses, she said.

She likes to joke that since she is a lawyer in Silicon Valley, none of her clients (generally startups) make any money. After years of people asking her how money can be made with open source, business models that strategically use open source have proven that they can create lots of products and, ultimately, generate lots of profit. The traditional VCs are saying that they need to understand open source better, which is a big change in the landscape.

In the last year, she has joined OSS Capital, which is a VC fund for early-stage companies that use open source as an important strategy. She showed the Commercial Open Source Software Company Index (described here) that was created by her OSS Capital partner, Joseph Jacks, to track businesses using open source with more than $100-million in annual revenue.

From that, she extracted six companies that had been acquired or done an IPO in mid-late 2018, which was a watershed year for the emergence of open source into the minds of VCs and others. The numbers were "an astonishing result", she said, with the Red Hat acquisition at $34 billion dominating, though Mulesoft and GitHub were also subject to multi-billion-dollar acquisitions. These and others were eye-opening exit events that made the VC community take notice.

Business models

First off, Meeker wanted to make it clear that she is talking about companies that develop open-source software and not companies that are "hoovering up" open-source software to use in their products and services. The razor blades idea comes from the "give away the razor and sell the blades" business model. Any business that is using open source as a strategy needs to figure out what its blades are, she said, since the software itself is the free razor.

There is the "pure open-source" model, where the blades are maintenance and support. It is common, especially among smaller companies, but also for Red Hat, which is the largest. The idea is to sell services and not software rights; it is the most straightforward model, but also the one that causes people to ask her how money can be made with open source.

In reality, what those companies are selling is quality. Customers could get maintenance and support from anyone, but they choose to get it from a particular vendor because they believe they will will get a certain level of quality. The IT procurement people who choose these vendors are not buying the availability of the source code; they are buying services from a company they trust.

"Online services" is another model. Her examples for that model are GitHub and WordPress. The software may be open source, but some people don't want to run it themselves. She has a WordPress site, but she pays to have it run on the WordPress servers because she doesn't want to set it up and maintain it for herself. These companies are selling convenience. The big online cloud-services companies are also using this model, but it is much more complex.

The "professional services" model was one used by MontaVista Software, which was a former client of hers. The company would customize open-source software and provide professional services to its clients in the embedded market. If a company wanted Linux to run on a particular device, MontaVista would build and maintain it under a contract for services.

So those three are all services of one kind or another: support, online, or professional. In her "lawyer mind" they all fall under service contracts, rather than software licenses. Those were the fairly straightforward and non-controversial models; next up were more complex and controversial ways of doing business using open-source software.

Controversial models

The first of these was the "dual-licensing" model, which was pioneered by MySQL. The intent was to provide customers a way to buy their way out of having the GPL apply to their code. It started out as the "identical twin" model, where the software was exactly the same under both licenses. That started to evolve into the "fraternal twin" model, where the open-source version was somewhat different than the commercial edition. In the early 2000s, there were lots of investments in those types of companies, she said.

The fraternal twin model evolved into the "open core" model as the "twins" got further and further apart. Open core is probably the most popular model in the VC community, she said. Normally, the core of the software is released under an open-source license, with extra bells and whistles sold under commercial software licenses. Typically, the extras are needed to deploy the software at scale; the "whole kit and kaboodle" was sold in a package, often as an "enterprise edition".

An alternative turns that on its head. In that case, the core is proprietary, while the add-ons are open source. She does not know of any "non-stealth examples", though one could look at the iPhone model as being somewhat similar—the core is proprietary and the apps can be open source. In both cases, maintenance and support are normally bundled with the proprietary piece(s). One question is whether customers continue to get the open-source piece under an open-source license, thus without any warranties, or whether the entire code base is conveyed under the proprietary license; that varies between companies that offer these models.

"Widget frosting" is a model where a company is selling a hardware device and releases an open-source toolkit or SDK that allows others to add functionality for the device. Here, the razor is the software and the blades are the devices themselves.

The final model she presented was the "embargo" model. It is moderately common in certain industries. The idea is that beta releases of the software are made available to paying customers ahead of a full open-source release to everyone. In fast-moving markets, some will pay for the ability to get a first look that will put them ahead of the curve.

"Which of these models work from a business point of view?" Her partner at OSS Capital would say that open core works the best. Of the roughly 40 companies in the index that he maintains, 25 are open core and eight are software as a service (SaaS) and open core hybrids.

Changes

There was a trend in the latter half of 2018 where companies were resetting their business models. She worked with several companies, such as Redis, Confluent, Elastic, and Chef, as well as on the Commons Clause exception for permissive licenses. These companies (and clause) have changed the line between what is open core and what is not. For the most part, they limited what was in their core and expanded the proprietary pieces.

First off, "the demand to do this was incredible", she said. The VCs were clamoring for ways to make this change while still keeping things as open as possible under the company's business model. They typically just readjusted the line. The reason these moves got so much coverage in the open-source world is that pieces that were formerly released as open source got moved into the proprietary bucket; those were the changes that brought the attention.

The companies that made these changes were typically in the "middleware" market space, she said. That is they were not "pure infrastructure", such as a kernel, and they were not applications. What they made is "extremely valuable" to the cloud-service providers that were all using (and selling) these tools. Some of the companies developing the code began to take issue with the cloud providers' use, so they created alternative licenses that were meant to try to capture more of that value for themselves.

Meeker said that she did not go into more detail here because she expected the Q&A section to cover a lot of that.

Finishing up

She ended the talk part of her presentation with something of a grab bag of her thoughts on investing in open source. She has a blog post at OSS Capital that describes why companies using open source as part of their strategy make good counter-cyclical bets for investing. The market is cyclical, and those who will do well know how to make money in both up and down markets.

The blog post shows an analysis of companies that developed open source with regard to when they were started. She said that it overwhelmingly shows that companies started developing open source during a downturn "represent probably one of the best leveraged capital investments you can possibly make". They make "very efficient use of resources" and by the time they are ready to release, the economy has generally gone into an upswing. That blog post (and the underlying analysis) may be of interest to some, she thought.

Another observation is on why there are not more companies following the pure open-source model. In order for that model to work, it needs to be based on a big project, such as basic infrastructure. The idea is that there are lots of potential customers, so the volume of sales can make up for thinner margins. That is easier to do when there is a large user base, but it is still not easy to pull off.

She concluded by pointing to her book, Open (Source) for Business: A Practical Guide to Open Source Software Licensing, which is now in its second edition and available from her web site. She noted that she hands out paper copies "like candy" and that a free e-book version is available for those who sign up for her newsletter.

Q&A

As predicted, many of the questions were about the changes being made by companies that develop (some) open source. One attendee said that hearing the term "commercial open-source software" made them cringe as "commercial" is incongruent and potentially confusing when coupled with "open source". They had tried to come up with another term, but could only really do that with a full sentence. They wondered what Meeker's thoughts were on that.

When she talks to business people and developers, "they don't care what we mean by 'open source'", Meeker said. She is sorry that is the case, but there is an "enormous divide" between the definitions used by many attendees and those held by lots of developers, especially those who are running businesses. There is not enough communication between the groups, which is problematic.

Meeker said that perhaps the "commercial open source" term is not a good one, but that there is a lack of terminology to use. It is generally not meant to refer to anything but the business model and is not about the licensing model. To many successful entrepreneurs, there is no inconsistency in using that term; they are not trying to challenge the open source definition, she said.

Another attendee said that part of the concern is that there is a level of deception by using "open source" to mean something different than its definition. The term "openwashing" is sometimes used in this context to describe companies that are trying to ride the coat tails of the open-source movement without really being open.

If the licenses, FAQs, and such that have come out about these changes are misleading, Meeker said, then that is a problem. But she thinks the companies have been quite clear and, for her part, she did her best to help her clients ensure that that they were not trying to confuse anyone. Clients do not always follow the advice they are given, though.

She suggested not shooting her as the messenger, however. The business people have their own notions of what these terms mean. There are only a certain number of words that can be used; all of the possibilities for "open", "free", "community", "commons", and so on cannot be completely controlled by existing definitions. She spent a lot of time consulting thesauruses to try to find other terms for "open" and "free"; there is no word for what these companies are trying to do and every time they try to use one, they get shot down. From what she has heard, though, people are complaining about things that are not in the licenses or FAQs, so she would like to see people actually read the source material before they make (and voice) a judgment.

There cannot be clarity of thought without clarity of language, however, another attendee said; "open source means open source", they said to applause. There are decades of "blood, sweat, toil, and tears" invested in open source as it is meant in the room; "it is thievery" to coopt the definition. They suggested calling it something else: "call it macaroni for all I care".

She has tried to be careful in her presentation and elsewhere to talk about businesses using open source as part of their strategy, Meeker said. She does not counsel clients to use the term incorrectly. If asked, she would tell them to say that their product is fantastic and that some of it is available under an open-source license.

"I suggest that it is only an open-source business model if the customer ends up with software freedom", another attendee said, again to applause. People came to the open-source movement because they were after personal freedom of various sorts. The term "open core" was actually coined as a positive term for the kinds of businesses she is describing, but it is not used because people say it does not have marketing value for their businesses. Meeker did not agree about "open core" as she believes it is a pretty commonly used term.

The open-source ecosystem has moved on; it has evolved, another attendee said. There are a lot of licenses out there that are not approved by the Open Source Initiative (OSI); most people believe that Debian is made up of open-source software, but it has software under lots of different licenses that are not OSI approved. In addition, their view is that the interpretation of the OSI definition of open source has evolved over time, which reduces their confidence in it as the guide for what open source is. LLW attendees can debate what open source is all they want, but the reality is that it is a superset of the licenses that have been approved.

As a personal note, Meeker said, she thinks it is a big tent and not a small tent. We should make room for people trying different things; she does not believe it is wrong to have private companies developing open-source software or that it is inconsistent with what is meant by "open source". Lawyers do their work in service to their clients, however; the clients will sometimes do things whether the lawyers approve of it or not.

Another attendee wondered if OSS Capital had considered doing a survey to try to determine what "open source" means in the wider world. They think that it might show that the definition is not as clear cut as the "open source means open source" applause line might indicate. Meeker agreed that it might be something worth trying. What she hears from her clients, who are largely developers and business people, not lawyers, is that they have a different idea about what the term means. "You can't shout them down by us all agreeing; that's not going to change their behavior."

Shifting gears a bit, another attendee asked about the statement that open-source business models do better in a downturn because they use capital more efficiently. Meeker said that during a downturn, entrepreneurs are more likely to start working on an open-source project, perhaps as a way to show potential employers their credentials—it has value on a resume, for example. That situation is more likely to occur in downturns, when people are out of work.

When those projects are being developed, the people behind it are not renting offices or buying lunch for their employees, so a small investment can go a long way. You could invest $500K in such a project, which might fund a whole lot of development, while a proprietary company would burn through that investment in short order. There is also a lot of value coming from the community because it can look at the code and will provide more feedback than is possible for a proprietary company.

It is clear that there are different, strongly held opinions—in the room and outside it. There were a few other questions and comments along the way, but it is not a subject that is amenable to resolution anytime soon or, perhaps, ever. Though there was talk of "unfair competition" in using "open source" in a deliberately, or simply mistakenly, confusing way, it is hard to imagine this being resolved by any court other than the court of public opinion. And, at this point, the ship may well have sailed on a restrictive interpretation of the term.

[I would like to thank the FSFE and the LLW Diamond sponsors, Intel, the Linux Foundation, and Red Hat, for their travel assistance to Barcelona for the conference.]