Why Self-Enlightened Contribution to Open Source Projects is Difficult

Self-enlightened contributions to open source projects are (code) contributions that come about because a company chooses to contribute. The opposite is forced open sourcing, which typically happens when a reciprocal license like the GPLv2 forces a company to lay open some source code.

Self-enlightened contribution is hard!

Continue reading “Why Self-Enlightened Contribution to Open Source Projects is Difficult”

Open Source License Compliance–Why and How? (Hendrik Schoettle, IEEE Computer Column)

I’m happy to report that the third article in the new Open Source Expanded column of IEEE Computer was published.

TitleOpen Source License Compliance–Why and How?
KeywordsOpen Source Software, Licenses, Software Packages
AuthorsHendrik Schoettle, Osborne Clarke, Munich, Germany
PublicationIEEE Computer, August 2019, pp. 63-67, vol. 52

Abstract: Compliance with open source software (OSS) license requirements is necessary but often overlooked. This article explains how OSS license compliance differs from compliance with commercial software licenses, why it is necessary even though OSS is generally free, and what requirements have to be met with OSS.

As always, the article is freely available (local copy).

Triple-Licensing Single-Vendor Open Source Components (Illustrated)

I thought I’d illustrate how I’d solve the current licensing conundrum of single-vendor open source firms like MongoDB and Elastic using some graphics. In short: While open source application vendors can still dual-license, open source component vendors (like the companies just mentioned) need to triple-license to get the benefits of open source yet keep their competitors at bay.

Continue reading “Triple-Licensing Single-Vendor Open Source Components (Illustrated)”

Open Source License Compliance in Software Supply Chains

Abstract: Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.

Keywords: Open source licenses, open source license compliance, software supply chain, product model

Reference: Riehle, D., & Harutyunyan, N. (2019). Open-Source License Compliance in Software Supply Chains. In Fitzgerald B., Mockus A., Zhou M. (eds) Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, Singapore, pp. 83-95.

A preprint of the paper is available as a PDF file and as a web page. Alternatively, you can pay Springer for the final version.

Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)

Abstract: Commercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and other risks. To mitigate these risks, companies must govern their use of open source through appropriate processes. This paper presents an initial theory of industry best practices on getting started with open source governance and compliance, focusing on private companies. Through a qualitative survey, we conducted and analyzed 15 expert interviews in companies with advanced capabilities in open source governance. We also studied practitioner reports on existing practices for introducing FLOSS governance processes. We cast our resulting initial theory in the actionable format of best practice patterns that, when combined, form a practical handbook of getting started with FLOSS governance in private companies.

Continue reading “Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)”

Solving the Commercial Open Source Licensing Dilemma With Triple-Licensing

As you may have noticed, the move away from approved open source licenses to commercial almost-like-open-source licenses by single-vendor-owned open source projects has created a lot of bad press for the vendors behind such software. I don’t really understand this, because for all that I can tell, a triple-licensing rather than just a dual-licensing approach could have solved their problems. Let me explain.

Continue reading “Solving the Commercial Open Source Licensing Dilemma With Triple-Licensing”

Free and Open Source Software Licenses Explained (Miriam Ballhausen, IEEE Computer Column)

I’m happy to report that the second article in the new Open Source Expanded column of IEEE Computer was published.

TitleFree and Open Source Software Licenses Explained
KeywordsOpen Source Software, Licenses, Computer Security
AuthorsMiriam Ballhausen, Bird & Bird, LLP, Hamburg, Germany
PublicationIEEE Computer, June 2019, pp. 82-86, vol. 52

Abstract: This installment of Computer’s series exploring free and open source software confronts a pressing issue, free and open source software licenses: what they are, the rights they convey, and the restrictions they impose.

As always, the article is freely available (local copy).

The Commercial Open Source Pledge

I’m pretty frustrated by some of the discussion around the recent relicensing decisions by commercial open source companies. A fair bit of it seems confused to me, and I think this is mostly due to commentators not understanding the purpose of community for the vendor. So I decided to write a hypothetical pledge for venture-capital backed companies that those can adopt to be clear about their intentions. Then, future behavior doesn’t come as a surprise. Non VC-backed companies may want to tone down the return-on-investment verbiage. With that:

Continue reading “The Commercial Open Source Pledge”

Market Segmentation in the Open Core Model

Life is exciting in commercial open source land. On Tuesday this week, another commercial open source vendor relicensed its product while at the same time disavowing the open core model, which they call a tiered approach to their business. This disavowel piqued my interest, not because the open core model is good or bad, but because the argument seemed confused to me and illustrates how important it is to understand your users and the resulting market segmentation.

Continue reading “Market Segmentation in the Open Core Model”

From the Bag of Commercial Open Source Tricks: Paying for the Upgrade

On a recent trip to Montreal, I reconnected with Marc Laporte, leader of the WikiSuite project and an old friend and fellow wiki enthusiast. Naturally, we talked about open source business strategies and he pointed me to one way of how commercial open source companies make money: They don’t provide you with a free upgrade path from one version to the next; you only get an upgrade if you pay.

Continue reading “From the Bag of Commercial Open Source Tricks: Paying for the Upgrade”