FOSS business and sustainability models
In January 2009, OSS Watch held a one-day workshop entitled Business and sustainability models around free and Open Source Software (FOSS). Following an introductory presentation on the history and fundamentals of FOSS by Ross Gardler, a presentation by Rowan Wilson, Research Officer at OSS Watch, focused on some legal aspects of FOSS. His presentation centred around such issues as enforcement, risks and patents and cited a number of significant legal cases of recent years. He also looked at ways in which FOSS projects can successfully be exploited and sustained. This document summarises Rowan’s presentation; the slides that accompanied the presentation are also available for download.
Enforcements, exclusions and risks
Rowan began by looking at the vexed question of whether a FOSS licence constitutes a contract between the developer and the user. There are many people within the FOSS community who reject the idea that a FOSS licence is a legally binding contract. This is mainly for practical reasons, as contract law varies greatly between countries and is relatively expensive to litigate. The more uniform intellectual property (IP) and copyright laws, on the other hand, have a number of international treaties and legislation behind them, making them easier to police. The explicit licence acceptance associated with FOSS is not applicable in the IP/copyright aspect; the licensor is required to abide by the conditions set out in the licence, or simply has no licence.
Rowan then gave examples of legal challenges to FOSS licences. He cited Wallace vs FSF, where it was argued unsuccessfully that the General Public License (GPL) created a kind of price-fixing contrary to US anti-trust law, and Jacobsen vs Katzer, which showed that a FOSS licensor in the US is not reliant on contract law to enforce the conditions in their FOSS licence.
Software patents and FOSS
Turning to the subject of the successful exploitation of FOSS projects, Rowan explained that traditionally, staff charged with exploiting software IP generated in UK research institutions have considered obtaining software patents. But he warned that care should be taken when thinking about FOSS licensing alongside software patenting. This is because all FOSS licences, either explicitly or implicitly, grant rights to patents that the software embodies to anyone in the world, at essentially no cost.
Rowan also pointed out that silently engulfing FOSS within your own software can be a temptation - particularly where the FOSS licence in question has troublesome conditions on reuse - but that this very frequently ends in expense and publicity problems. Within the community, there in an active body of enthusiasts who decompile software, looking for signs of unlicensed FOSS software reuse, and they have shown in the past that they can force the compliance of even major IT firms through legal action and bad publicity.
Business models of FOSS
Rowan introduced this part of his presentation by explaining that the business and sustainability models are not mutually exclusive. Most often, they are used in combination, as appropriate, although this is a business practice that is still an emerging area. Continuing, he attributed some of the current successes of FOSS exploitation to dissatisfaction with proprietary (that is, non-open source and/or commercial) software, rather than any innate superiority. He then touched on the impact of the current economic downturn on the future success of FOSS business models, which may be either helped or hindered by the current economic downturn; analysts are currently predicting both.
The first model Rowan presented was the building of an academic community around a particular software solution. While it may not seem much like a business model at first glance, in fact 'owning' a tool that is prominent in a particular problem domain can bring positive benefits to the reputation of the institution and academics in question. This is in addition to funding and industrial partnerships.
The establishment of a separate legal entity or foundation can help greatly with successful exploitation of a FOSS project. As well as being a workable business model, this allows donations and a simpler approach to tax. It also enhances sustainability by reducing risks associated with the parent company; knock-on effects of IP infringement and damages from failure, for example, can be mitigated. Perhaps even more useful are the several FOSS umbrella organisations containing a number of projects. The Apache Software Foundation is home to many projects, including the Apache HTTP Server and Cocoon. Software in the Public Interest are responsible for Debian Linux and PostgreSQL, and the Software Freedom Conservancy is home to – among other projects – Samba and Wine. In short, the financial benefits of running a foundation are clear: the foundation will provide the necessary book-keeping and risk management, further reducing the potential for risk and/or damage to the parent.
'Community source' provides another route to added value from software, although it is only tangentially related to FOSS. In this model, a group of institutions pool resources to create a software solution of use to them all. Initially, the community around the software (and its licensing) is limited to the contributing institutions, although a common next step is to release a FOSS version once the major architecture of the code is complete. Mellon-funded projects like Sakai and Kuali have followed this model.
Educational institutions can also exploit their resources financially by offering consultancy services. The inherent low cost of acquiring FOSS, along with its often sparse documentation, can drive demand for these services and associated bespoke software development. For example, an institution may be willing to fund internal development of a code project because it streamlines its processes and thus cuts its costs. Projects like this can grow into externally developed solutions as they mature, and thereby gain a cross-institutional community and provide opportunities for consultancy and bespoke development.
The increasing acceptance of software as a service, or cloud computing, can also be a form of revenue stream. Provision of these services using software licensed on copyleft principles does not break any licence conditions, as the software is not distributed in the traditional sense, and the reciprocal licensing responsibilities are therefore not required. This can provide an alternative model where licence compatibilities might otherwise block exploitation based on distribution.
Income can also be derived from advertising and/or referral services. In 2007, the major proportion of the Mozilla Foundation’s $75m income came from a deal with Google, which saw search terms typed into Mozilla Firefox's search box directed to Google servers. Even for smaller projects, referred links into vendors like Amazon from a project website can provide an income stream. Obtaining a trademark associated with a project name and/or logo can also provide opportunities for both merchandising and outward licensing for third-party training or product creation.
Next was a group of perhaps the more 'traditional' FOSS exploitation techniques - provision of paid support, selling propietary add-ons, and dual-licensing. While the first two are well-understood models from the more general software world, dual-licensing is often misunderstood. This involves releasing your software under a strong copyleft licence such as the GNU GPL, and also making available a version under an alternative licence, allowing users who do not wish to be bound by the GNU GPL to pay for the non-copyleft version. Generally, they would do this because they wish to produce a product based on the code but not confined by a copyleft licence.
By way of illustration, Rowan provided some notable examples of FOSS projects that fulfil some of the criteria and features he had described. First up was Red Hat, providers of the enterprise-grade Red Hat Enterprise Linux operating system and the Open Source Fedora operating system. The Red Hat Enterprise Linux product comes as part of a subscription fee and has an enterprise-friendly roster of consultancy and paid support, an accredited training program, IP indemnification and managed upgrades. The Fedora operating system, an open development project, includes many of the technical features of Red Hat, but does not have the accompanying safeguards and services that Red Hat Linux boasts.
MySQL provides an SQL database system under a dual licence; the software is available in a copyleft licence package as well as a commercial licence aimed at system integrators. Similar to Red Hat, MySQL offers a suite of training and consultancy services and IP indemnification. The key differentiator is their dual-licensing; the copyleft licence is not suitable for developers wishing to incorporate MySQL software into proprietary and/or commercial software, so a commercially licensed version is also available.
An example of an academic software project being nurtured following visible cost savings is Exim, the widely used message transfer agent. Exim began as an internal project in the University of Cambridge computing services department in 1996 and since then has demonstrably reduced costs at the University. Subsequent support has taken the form of staff resources and an externally delivered training programme. Finally, XenSource provided an example of a project that grew from academic research and provided a revenue stream to its creators via managed bundles of paid support to third-party vendors.
In conclusion, Rowan emphasised that FOSS and commercial software are not antagonistic or mutually exclusive concepts. He also reiterated that FOSS components and code are being increasingly accepted as part of commercial software, and rounded off his presentation with Gartner's prediction that FOSS will form part of 80 per cent of commercial software offerings by 2012.