Judgement Day for Commercial Open Source ... How Did I Miss It?

In a recent Business Week online article, Peter Yared, founder and CEO of San Francisco startup Transpond, describes "The Failure of Commercial Open Source Software". While Yared makes a case that the commercial open source software business hasn't lived up to the hype that it will "change the world," he reaches too far in declaring its failure. A more appropriate conclusion would be to recognize that commercial open source only recently reached broad acceptance as a business strategy and is on a strong growth trajectory. We must measure its success in that context.

Yared's arguments are diverse, but they fail to account for important indicators of open source success:

1. Minimal number of liquidity events for open source businesses. As identified by one of the commenters, several prominent examples of open source liquidation events are missing from Yared's list, including Zimbra, Trolltech and Sleepycat. In addition, the article uses 2003 as a benchmark year, allowing only 6 years to measure exit success. According to a September 2008 MoneyTree Report by PricewaterhouseCoopers and the National Venture Capital Association, the average seed-financing to exit life cycle of a venture-backed company is 8.6 years. As a result, any conclusions about the success or failure of open source businesses, many of which were started within the last 6 years, are premature at best.

2. Continued success of proprietary vendors. Not only is this irrelevant to measurement of open source success, but it fails to acknowledge the growing role of open source in proprietary companies. Companies like IBM, Microsoft, Adobe and Oracle, are milking revenue from their established proprietary business models while they also distribute open source software to generate revenue, influence development communities and drive broader adoption. In addition, measuring open source displacement of proprietary software misses the point, particularly in the short 6 year time frame here. Open source targets adoption opportunities through grass roots growth, which takes longer (but is less expensive) than the hard-hitting direct sales approach of proprietary companies.

3. Success is limited to commodity businesses; Enterprises are not likely to add open source businesses to their lists of approved vendors. These assertions fail to take into account the growing reach of open source throughout the software industry. While it is true that many of the more successful open source companies to date have been in the infrastructure and commodity business, we are beginning to see significant adoption of enterprise and end user open source applications (such as Alfresco, SugarCRM and others). Matt Asay further amplifies the limitations of Yared's assertion by identifying SpringSource as an example of an open source company that innovates and targets enterprise-friendly software development, which is outside the category of traditional commodity software.

4. Cost savings of open source are overstated. This contradicts the conventional wisdom that cost savings is one of the primary reasons companies adopt open source. In an April 2009 Forrester report, 75% of survey respondents said "Reduced IT costs" are critical or very important in their decision to use open source software. In addition, a panel of venture capitalists at OSCON proposed that open source companies can typically save up to 30% in sales and marketing costs as compared to proprietary companies, which leads to quicker profitability, quicker exits and happier investors. Even so, the article is likely correct with respect to mature open source businesses. In two March 2009 Open Sources blog posts, Savio Rodrigues compares the income statement of Red Hat to those of Microsoft and Tibco. In both cases, he concludes it is unlikely that mature open source vendors will be more capital efficient than commercial vendors.

5. SaaS will overtake open source. The general trend away from installed software applications to SaaS and cloud systems is undeniable. As Matt Asay explained on his Open Road blog in May, cloud computing is the natural conclusion of open source, because cloud computing is the ultimate expression of the open source principle that services, rather than the software supported by such services, are the most valuable component of a product offering. But SaaS and cloud business models are having significant growing pains of their own. Customers are concerned about the portability of data, freedom from vendor lock-in, security and standardization and other matters that must be resolved before achieving broader commercial acceptance. (It's a bit ironic that open source software might actually be the best way to address these concerns.) SaaS and cloud businesses appear to be subject to at least the same level of skepticism as open source. As a result, it seems unlikely that SaaS and cloud business models will replace the open source software business in the near future.

6. Open source benefits do not lead to monetary gain. Yared observes that his company uses open source but typically does not pay for it other than contributing code back to projects. This is a common practice and it implies an impending failure of commercial open source. Yared concludes that these factors do "not mean every successful open source project can sustain a commercial company, especially when they are delivering complicated applications rather than simple plumbing." No doubt this is true, but it is also true of proprietary business models and does not lead to the conclusion that commercial open source has failed.

It is fair to question when open source will become as reliable an investment as other technology businesses. In this regard, Yared's article raises some important points for discussion. However, rumors of the failure of open source business models are greatly exaggerated, and any pronouncement on the success or failure of open source is premature.

Show Me the Money at OSCON - Venture Capital and Open Source

To my pleasant surprise, Mark Radcliffe (notable open source attorney) announced last week on his blog that his law firm, DLA Piper, would host an open source legal track to run in parallel to the OSCON trade show in San Jose this week. The schedule included a diverse mix of topics that pushed the boundaries of typical legal presentations on the issue of open source. I found the talk on venture capital and open source the most interesting. The panel consisted of 3 seasoned venture capitalists (Josh Stein of Draper Fisher & Jurvetson, Mark Gorenberg of Hummer Winblad, and Vivek Mehra of August Capital) and an experienced open source attorney (Vicky Lee of DLA Piper).

Venture capital is a hot topic of discussion. Several tech publications and blogs are reporting, based on a report issued earlier this week by PricewaterhouseCoopers and the National Venture Capital Association, that venture investment has shrunk to pre-tech-bubble levels, the slow economy is putting a damper on venture capital, and venture funding in the tech industry is down over 50% year-over-year from 2008 to 2009. At the same time, however, the tech sector seems to be attracting more investment in recent months. The panelists at the OSCON session on "Understanding Venture Capital Investments in Open source Projects" seemed to have an enthusiastic view of investment in open source companies.

The panel described several elements that go into their determination of what is a good open source investment. The most fundamental points, however, came during the second session by Larry Augustin on "Choosing a License: Ensuring that Your Intellectual Property Strategy Matches Your Goals". Augustin emphasized that: (1) open source is only a tool and an open source business model alone is not enough to guarantee success or to warrant funding by venture capital firms; and (2) quality is critical to ensuring customers want to purchase a product regardless of whether it is open source or not.

Beyond these fundamental points, the panel discussed the following elements:

1. Successful Business Model

• Copyright Ownership - This is an immense benefit because it provides maximum flexibility as a company grows.

• Clear Distribution Rights - Ownership of all the copyrights in a product eliminates uncertainty about distribution rights. When third-party components are involved, however, clarity on rights is important.

• Disruption, Platform and Infrastructure - Venture investments are most desirable in quality companies that focus on specific areas: (1) market disruptors in an existing industry; (2) technology that can become a platform; and (3) technology that focuses on infrastructure (because it is most likely to help companies reduce costs).
  

• Free is a Negative - Serious customers do not find as much value in free products as products that they must pay for (Larry Augustin emphasized this point in the second session).

• Support and Services - Companies that do not own their code and generate revenue only from services are susceptible to competitors.

• Open Core - This is the current popular favorite of open source business models and it has a proven record of generating revenue, which is attractive to venture capitalists for obvious reasons.

• Community - Open source products that spring from existing communities or that are developed in parallel with newly created communities can both be successful, but they present distinct tradeoffs. Existing communities provide an available user base that drives quick adoption, but the likelihood of multiple contributors complicates the intellectual property ownership issues.

2. Benefits to Venture Capital Investors

• Lower Cost - While the first wave of financing is typically the same for open source and proprietary companies, the second wave often results in significant savings, which the panel estimated to be 30% or more. Specifically, the availability of open source software and related ecosystem allow open source companies to spend less on sales and marketing, which greatly reduces operating expenses.

• Quicker Adoption - Because end users always have access to open source software, companies are able to avoid the lengthy proof-of-concept and testing cycles that occur when releasing a product for the first time. The panel felt this could save open source companies up to 2 years of development and testing time.

• Easy to Build a Channel - Open source communities are well suited to perform localization, vertical market and other customization for products, which allows open source companies to enjoy the benefits of channel distribution without devoting sales and other resources.

• Early Revenue and Exit - The lower cost and quicker adoption enjoyed by open source companies mean that these companies are likely to begin generating revenue and profits more quickly, which means that investors are likely to reach an exit opportunity more quickly too.

3. Net Results for Venture Capital Investors: When open source investment opportunities are carefully screened with the business model considerations above in mind, the benefits inherent in open source companies make these types of investments relatively safe for venture capitalists. At a minimum, investors should not view open source companies as being inherently more risky that other startup venture investments.

In closing, the panel indicated that approximately 15% of their holdings are in open source companies. While this is a significant amount of investment, the percentage is likely to grow over time as new software companies arise and existing ones revisit their business models. At the same time, the 85% of holdings that are not in open source companies is a good reminder that a good idea will attract investors because it's a good idea, not because it's open source.

Expanding Open Source Enforcement Strategies

What comes to mind when you hear "open source enforcement"? Probably the names "Busybox" and "Software Freedom Law Center". These organizations are good examples of the "cease and desist" style of enforcement in the open source context. But an enforcement strategy should go beyond "cease and desist" to also include other considerations such as alignment with business strategy, product development and business model considerations, and promotion of open source education.

A. Aligning Enforcement Strategy With Business Strategy

Enforcing intellectual property rights always sounds like a good idea. Unfortunately, the typical cease and desist and litigation strategy has significant pitfalls including requiring vast resources and risking the loss of goodwill with customers, partners and the community. Aligning enforcement strategy with business strategy clarifies which enforcement activities will have maximum impact while minimizing risks. The question is, how do you align these strategies?

Looking at the size and goals of a company is one place to start. Many open source vendors today are relatively small and privately held. These companies prioritize rapid growth, building adoption and proliferating products over converting customers to cash. These companies could reasonably choose to avoid tricky enforcement issues under the theory that any customer, paying or free, in or out of compliance with a license, is one more customer that can be converted to cash sometime in the future.

By contrast, other open source companies are either publicly held, or privately held and on the verge of generating a return on investment. Accumulating customers is not the focus of these companies, but the traditional cease and desist and litigation approaches to enforcement of unauthorized copies could be seen as a quick way to make money for investors.

B. Building Enforcement Success Into Your Product

Enforcement begins with the choices you make as to features to include, the license that applies and the business model. For example, DRM (digital rights management) is a dirty word in the open source community, but it can be a valuable tool in enforcement. Companies with a subscription model can use DRM tools, such as a digital fingerprint, to track subscription periods and to confirm whether particular installations are eligible for support and services.

Licenses make a difference in enforcement too. The popularity of GPLv2 is due in large part to its viral terms, which make the mere threat of enforcement enough to drive compliance, particularly with traditional proprietary software companies. GPLv3 offers an even more intriguing range of enforcement options because it allows licensors to easily apply their own conditions for enforcement opportunities.

A company's chosen open source business model makes a difference too. As mentioned above, companies with a subscription model often worry about enforcement because they want to ensure the services and tools they provide are only available to licensed servers. By contrast, companies with an open core model might not be as concerned with unauthorized availability of the software because they make their money by enabling additional features or functionality.

C. Safety in Numbers

One of the most successful enforcement strategies adopted by proprietary software companies could be a model for open source enforcement strategies too. Many of the leading software companies are members of the Business Software Alliance (BSA), an organization that not only organizes anti-piracy and license compliance programs, but also promotes public policy initiatives including intellectual property and development policies. Possibly the greatest advantage of the BSA is that it allows licensors to pursue enforcement strategies collectively, thus allowing enforcement resources to be pooled while avoiding the risk of individual members losing goodwill. The uniformity in approach also creates predictability in license rights and when enforcement is appropriate.

Open source companies could come together to form their own Open Source Software Alliance (OSSA) and realize the same benefits. Ideally, the proposed OSSA could also partner with the Free Software Foundation to add credibility to the positions it takes and bridge the gap between the open source and free software movements. Unfortunately, the gap between open source and free software is likely too big for the FSF to endorse an organization like the OSSA.

These are just a handful of ideas that I hope will help open source companies break out of the "cease and desist" box to realize that enforcement means so much more than adversarial confrontations and litigation.

Word Play

Judge Learned Hand, among the most celebrated American jurists, once wrote, "The language of law must not be foreign to the ears of those who are to obey it." Yet, law is very complex. Lawyers are in a never ending quest to express complex thoughts in as simple a way as possible. Words are a lawyer's tools of the trade. Some of the commonly used words are descriptive, some are fanciful, some are latin, and some are beyond explanation.

Here is a short selection of legal terms I have always found interesting -- not necessarily because of their legal import, but sometimes just because I like the way they sound. Also, please take the survey on the right and tell me which of the words on my list is your favorite, and leave a comment if you have others you would like to share.

Caveat Emptor
Meaning: Buyer beware.
Interest Factor: This deserves to be on the list if for no other reason than it played in prominent role in a Brady Bunch episode, no doubt inspiring an entire generation of children to choose a career in law. Aside from the pop culture reference, it is good advice.

Clawback
Meaning: A provision in a financial arrangement that enables the recovery of prior payments. (Clawback is more appropriately categorized as a financial term, but it is directly related to legal documents.)
Interest Factor: Much of the discussion on our current financial crisis revolves around clawbacks on executive compensation, particularly for executives from failed companies or companies receiving government subsidies.

Cramdown
Meaning: A bankruptcy term describing a situation in which a court imposes an involuntary reorganization plan at the expense of some classes of creditors.
Interest Factor: This term immediately caught my attention in bankruptcy class in law school. Not only is it perfectly descriptive of what happens in bankruptcy, I also always though it would make a great name for a rock band.

Disparate Impact
Meaning: A theory of liability in employment discrimination cases that relies on a showing that a protected class of people is wrongly treated differently even though employment policies are applied equally.
Interest Factor: News reports on Judge Sonia Sotomayor, President Obama's Supreme Court nominee, frequently include references to her role in a ruling by a panel of Second Circuit Judges in Ricci v. DeStefano, a case concerning whether a test for hiring firefighters in New Haven, Connecticut had a disparate impact on minorities.

Expressio unius est exclusio alterius
Meaning: The expression of one thing is the exclusion of another.
Interest Factor: This latin phrase is one of the foundational elements of logical thought and has applications well beyond the law. When interpreting contracts, it stands for the important principle that parties agreeing to include a list of items are presumed to have intended to include only those items, and other items must not be inferred. Applying this in a broader context, the more detail one provides, the more exclusive the description. Simple, powerful and true.

Jus Cogens
Meaning: A fundamental principle of international law accepted as a norm. Genocide and slavery are common examples.
Interest Factor: I will always remember the distinctive German accent in which I first heard this term spoken ("juice kookens") . A guest German law lecturer introduced this legal concept to our international law class in law school. While this term is valuable in its recognition that certain principles are almost universally recognized as boundaries of conduct, care should be taken to ensure the term is not mistakenly applied so broadly that it interfere with legitimate discussion and dissent.

Res Ipsa Loquitur
Meaning: A thing that speaks for itself, often abbreviated as "RIL".
Interest Factor: Along with "expressio unius...," this is one of the classic latin terms used in legal writing. The term is most often seen in the context of tort law when the cause of an injury is apparent on its face, but direct evidence is difficult to find.

How does this tie into open source? It doesn't ... at least not directly. However, it is interesting to note that many of the most popular open source licenses avoid the use of traditional legal terms and virtually all avoid latin terms. This is likely due to the fact that developers rather than lawyers wrote the first comprehensive free software licenses (like GPL).

This is just a small sampling of the wonderful world of legal terminology. Please share your favorites!

[Note, the "meanings" above are drawn primarily from the Nolo Press legal glossary, the Law.com dictionary, the FindLaw legal dictionary, the free legal dictionary, and Wikipedia.]

Back to Basics

Open source business models are a hot topic these days. Blogs are filled with in depth discussions on open source topics such as choosing the right license, building a strong community, and deciding which software should be open and which should be closed. This blog is no stranger to open source business models. While it's easy to jump right into the intricacies of open source (for an example of the level of minutia that arises in the open source business model conversation, see this link with a "simple" chart summarizing the different types), the truth is that open source means nothing unless is fits within a good business strategy. That's why I say it's time to get back to basics.

The most basic question for any business is, "how will we make money?" The answer is never as simple as "use open source." In the software industry, like any other business, a good business strategy starts with at least three fundamental elements: developing a product, attracting attention, and delivering value. Open source is simply a new spin on traditional approaches to implementing a good strategy and it can play a role in each of these ares.

Developing a Product: Regardless of whether a software product is open or closed source, it still goes through the same types of development milestones from concept phase to general availability. Throughout this process, the developer must decide how to allocate resources for quality testing, bug fixing and feature inclusion. One of the great virtues of open source as a development model is that it can speed development time and product quality by leveraging the community's input particularly in identifying and fixing bugs, but also in identifying high-priority features.

Attracting Attention: A great product isn't worth much unless people know about it. The mere mention of "open source" attracts attention, which makes it a fantastic marketing tool. The freedom that comes with open source software ... freedom to try it, modify it, play with it ... makes it easy for users to choose your software over the competitors' offerings. Even better, open source freedom includes the freedom to distribute, which means users can deliver your software to even more potential customers.

Delivering Value: Finally, it's not enough to develop a product and attract attention. Ultimately the product must provide users with something valuable... something worth paying for. Having a strong relationship with an open source community means that a software developer has a clear view into what users deem important. The open source development model allows developers to deliver products that address customer needs directly, which makes those products more valuable to users.

Adopting an open source business model is not a guarantee of success, but its disruptive power can complement a traditional business strategy and improve chances for success. For lawyers advising clients on open source strategies, it's very important to avoid the paralysis of legal analysis that comes with open source. Lawyers need to understand the fundamental business strategies of their clients and the industry as a whole. In short, never forget the basics.

April Roundup

A number of news items grabbed my attention this month ... for instance, I vaguely recall a story about one big tech company buying another, but the names escape me. In any case, a number of interesting open source blog postings appeared in April. Here is a sampling of posts falling in two basic categories:

Open Source as a Hobby and Business

• Connecting Hobby and Business in Open Source - How are some businesses able to harness the passion of developers for their open source hobby to create open source success? Dana Blankenhorn illustrates that it takes more than good software and a good business model to create a successful open source business.
  

• Open Source Business Strategy: About the Open Source Whole Product Concept - Roberto Galoppini explores the idea that successful commercialization of open source requires delivering a fully realized product. In my opinion, productization is the critical element differentiating an interesting project that is viewed as a fun toy from an enterprise class tool that customers are willing to pay for.

Open Source in Government

• Five Ideas to Get FOSS Into Governments - Sun's open source officer, Simon Phipps [Disclosure: I work for Sun], offer six (in spite of the blog title's reference to five) concrete ideas to speed government adoption and use of open source. Because of their size and influence (both as exemplary users of open source, and through their ability to impose procurement and usage rules), governments are important players in the open source movement. Broader government adoption of open source would be a great benefit to the industry as a whole.
  

• Participatory Legislation: the Italian Democratic Party Launches a Wiki - This blog post describes two cases of governments taking first steps towards applying open source principle to the legislative process. Specifically, the post mentions efforts in New Zealand and Italy to allow the public more direct input into writing laws. These small steps mark what I believe will result in a more participatory governing process that will ultimately lead to more accountable government.
  

• Election Industry Trade Group Issues Report Examining Open Source Voting - The Election Technology Council, a trade group US voting system vendors, recently published a report concluding that open source and proprietary software products must be treated differently for purposes of governments making decisions about voting technology citing complexity in management and lack of accountability in traditional open source projects among other things. My view is that the Election Technology Council is perpetuating the type of fear, uncertainty and doubt we typically see in industries not prepared for competition from open source vendors. While it is true that the integrity of the voting system requires certain minimum standards including security assurances, open source software can surely satisfy those needs.

Other hot topics included the importance of channel sales in growing the scope of the open source industry, and deeper discussion of the status of the emerging cloud industry , and what type of open source license is appropriate for cloud technology.

Cloud Nitty Gritty

The cloud industry is in the process of defining itself. Experts are organizing seminars and presentations to discuss best practices for the cloud business. This is true for the legal industry too, but the legal issues commonly discussed for clouds are similar to the issues seen in connection with service bureau, outsourcing and software as a service initiatives: Privacy, Security, Ownership, Intellectual Property, Jurisdiction, Applicable Law, Service Levels, Export Compliance. While these issues present unique concerns in a cloud context and are worthy of significant discussion, I would like to focus on a less discussed issue: how open source might be implemented within a cloud computing context.

Two important questions come to mind: (1) When does distribution to a cloud trigger the viral source code disclosure obligations under the GPL?; and (2) What is subject to the viral source code disclosure obligations under the Affero GPL?

1. Distribution to the Cloud

Consider what would happen if a developer creates a proprietary application, incorporates code licensed under GPLv2, and distributes the combined application to a cloud provider. We can narrow the answers down to 3 possibilities: yes, no and maybe. I'm not trying to make a joke ... this circumstance is not well settled from a legal standpoint and each of these answers might be valid.

a. Yes - viral obligations should apply because code distributed to a third-party is a "distribution" for purposes of the GPLv2.

b. No - Using a cloud to host an application is no different than using a leased server to provide end users with access over a network or hiring a service provider to act in the same capacity as the developer itself. In such cases, the cloud provider is nothing more than an extension of the developer itself. While this conclusion makes logical sense, it's not clear whether the Free Software Foundation would agree with the end result.

c. Maybe - Because both the yes and no answers can be legally supported or refuted, it would help to clarify the legal treatment in some way. Because the cloud provider would be the only party with standing to demand source code in this case, one option might be for the cloud provider to add a clause to its service agreement stating that it will not require disclosure of source code for applications submitted for operation on the cloud. The Free Software Foundation and a significant portion of the free software community would likely object to a cloud operator's affirmative refusal to enforce the freedoms provided by theGPL.

I believe "Maybe" is likely the right answer because it makes the most sense from a practical perspective. Operation of GPL-licensed software on a leased server does not interfere with any of the freedoms that the Free Software Foundation intended to promote with the GPL. This argument is strongest when the developer's cloud code is an application that could just as easily be operated on the developer's own requirement. By contrast, the argument is weaker the more the developer's cloud code relies on the infrastructure provided by the cloud operator such as in a "platform as a service" model.

2. Scope of Affero GPL Coverage

While end user interaction with applications licensed under GPL and hosted on a cloud do not trigger any source code disclosure obligations, use of the Affero GPL code instead of GPL leads to a different result. Such end user interaction occurs over a network, which constitutes distribution for purposes of theGPL. Clearly, the developer application containing AGPL code would need to be available for disclosure on request in that case.

One of the advantages of the cloud for developers is that cloud providers offer much of the software and hardware infrastructure needed to run developer applications. Consider whether any aspects of the cloud code itself should also be subject to the AGPL's code disclosure requirement. The "Maybe" answer above likely applies here as well, but for different reasons. Cloud components that are integrated with developer applications such that the cloud component and developer application are deemed a derivative or a work based on the developer application would also be subject to theAGPL's viral source code disclosure obligation. This is similar to the the type of GPL analysis we typically see in determining whether a derivative work is covered. Operating systems available on the cloud likely would not be at risk, but libraries and utilities essential to the operation of the developer application could be.

The emergence of cloud computing not only places the freedoms identified by the Free Software Foundation at risk, but it potentially undermines the ability of open source vendors to maintain a viable business strategy as their applications move to the cloud. In this context, it's clear whyFabrizio Capobianco, Funambol's CEO, is such an advocate for use of the AGPL instead of the GPL as new projects are rolled out ... not just for each open source vendor, but for the industry as a whole.