Quick, name the most successful open source project of all time. You probably didn't hesitate a second did you? For better and sometimes for worse, Linux is the poster child for the open source movement. And why shouldn't it be. You can't argue with the enormous success and impact it has had on the world. It is truly one of the wonders of the tech world. But that success can sometimes cast a long shadow on other open source projects and how people perceive open source should work. To paraphrase an old saying about GM into a question: Is what's good for Linux, good for all open source? The answer may be no.
Linux is unique not only because of its success, but also because of the make up of its community. You have literally scores of companies, many of which are household names, that contribute substantial amounts of code to its base. You have a cast of thousands that contribute code, bug findings, ideas and even hot air (OK, some contribute lots of hot air). While there is literally an army of companies that are making money by selling Linux based software, appliances, phones, etc., there really is not one company that totally dominates and dictates to the Linux community. That is a great thing.
No one is going to push IBM or Red Hat around regarding Linux (thank goodness or Oracle would try). On the other hand IBM and even Red Hat can't and won't dictate to the Linux community either. This is not due to some groovy kind of love that my friend Matthew Aslett calls Open Source 4.0 (more about that in a later post). It is due to a unique set of checks and balances that have evolved over time in the Linux community and also to the huge influence and leadership that Linus Torvalds himself exerts over the project. But Torvalds influence is only possible due to the respect he is given by the entire community, not because he is financially underwriting Linux.
All of the about not withstanding, Linux at the same time creates a totally artificial standard by which to measure other open source projects and business models. What works for Linux, does not and will not work for the majority of open source projects. Linux is the exception, not the rule. There are something like 250,000 different open source projects out there. By far the overwhelming majority of them are run by either single companies or a small cadre of people. Very few have aspirations of becoming the next Linux.
Unfortunately, many in the open source community just don't realize this. They want or think that every open source project should be like Linux. While some like Apache and maybe Hadoop, have that potential, most don't.
On top of this there are just some who are ignorant about the licenses and usage of open source code. Just because your software runs on Linux doesn't mean you have ripped off Linux code or are bound by Linux licenses. In the same vein, if you built an application that ran on Windows, Microsoft is not entitled to royalties on your application. So for those who think that just because an open core application or any application runs on Linux, therefore charging for the code is some sort of mortal sin, that is just ludicrous dude.
In the open core model, there are many, many companies that have not ripped off existing projects to start their own. There are companies who have taken investment dollars and put lots of those dollars and resources into developing code. They have chosen to release some of that code and work product under an open source license. That is their prerogative and right. It is perfectly legal and moral. They may not be trying to build the next Linux community. More, they may not give a flying squirrel (squirrel, where did that come from, but you know what I mean) what and how the Linux community operates. They are building what they want to.
It is their community, if you don't like it you can take the open source code and go fork one of your own. You may find that without the resources that the open core company dedicates to it your forked project dies on the vine.
So please step away from the soap boxes and rants on the evils of the open core model. If you do feel compelled to vilify the model, don't do so by comparing it to how Linux is run. Don't even think for a mili-second that because the application runs on Linux that by close sourcing the application the open core company is ripping off "the community". The only community they deal with is their own. If you don't like it don't participate. If you think this makes them evil or worse than closed source vendors, that is your opinion. Others don't share that opinion.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.