Why open core, GPL and dual licensing is a model that works

oss license

Why Open Core, GPL and Dual Licensing is a Model That Works

This article sets out why I think that the classic open core development model, with a GPL license  and dual licensing for OEM vendors, are the right knobs and dials for a lot of open-source projects, both ‘for profit’ and ‘not-for-profit’. I use GPL in the generic sense to cover AGPL, LGPL and similar copyleft licenses as appropriate. Every time you write about open source, everyone's opinions are shared as ‘feedback’, and when you talk about open source licensing, it's like bear baiting. You are usually told you are plain wrong or an idiot. The most vocal, negative voices are usually people that haven’t built sustainable businesses with open source at their core, just passionate users, so feel free to continue chucking stuff from the peanut gallery. 

Over the years I have watched the same pattern in open source repeat itself, over, and over, and over again. A project gets started by one or two people, who pour their heart and soul into it. Their great ideas and hard work gets user traction. They try to keep up with their day jobs, prioritizing code over their families, and their personal wellbeing. Of course loads of people offer to help, but few ever do, apart of course those lobbying for requirements, or making offers to carry on ‘testing’. The ‘I haven't got much time but I can do some testing’ line, is almost always patronizing. 

If the project is good enough, and the license suitable, a tool vendor or services provider takes interest, and bakes it into their products and services. They sometimes sometimes flip a token back to the project, but that is like the human condition when people give money to beggars. It's rarely to help them, it's to relieve the guilt people feel about their own lives. 

Eventually the project developers hit a breaking point, having had enough of spending their lives working to make others rich or successful and they either build a commercial company or abandon ship. If they build a commercial company, there are two paths. They fork the code and let the public code rot, or they build a true open core business, by adding value around the open source code which they continue to push forward. 

This is a classic open source monetization strategy. Give away a fully functioning open source core, that solves a valuable problem, and charge for operationalizing it at scale. It is tried and tested and proven to work. An issue with most open source projects that started as individuals, is that they have often already given away the operationalization part and so fail to monetize. Just hosting or offering support is not enough these days for a for-profit company.

The GNU General Public License (GNU, GPL, or GPL) is a free software license which guarantees that users are free to use, share, and modify the software without paying anyone for it. The GPL says that your modified versions must carry all the freedoms stated in the GPL, effectively that if you embed GPL into your product then your product also becomes open source. In effect GPL stops predatory companies from taking others' hard work, and embedding it into their proprietary products. 

For profit companies don’t want to do this for obvious reasons. I worked at MSFT and GPL sent fear down the corridors. Imagine GPL in the Windows Kernel ?

If you own the copyright, you can dual license the code, meaning you can assign one license to some people and the GPL to everyone else. This is also a common tried and tested practice. 

As I have got older, I think I have moved from being less idealistic and more pragmatic, and I now think the open core with GPL model is great for ‘for-profit’ commercial companies. It's what we use at CrashOverride and what SemGrep uses. Competitors are less likely to try to take advantage of you but the code is free for users to get value from, and contribute back to if they see fit. There will always be unscrupulous people,  but the generic greedy company is almost never going to embed it into their own platforms.

So if that model works for a ‘for profit’ company, what if the developers of a highly successful project don’t want to create a ‘for profit’ company? Even when people do things for altruistic reasons, no one wants to feel that they are being or maybe taken advantage of in the future and it’s in these cases I think using GPL is a viable option. 

My theory isn't tested, but if they fully open source the code base, the core and all of the features they have built in its entirety, using GPL, and embrace dual licensing for companies embedding their code into their commercial products, they can optimize for all the free users, and make the commercial companies profiting, fund their work. This makes this a great option for projects who started purely with the goal of building software for users.

The tl;dr of these suggestions summarizes to:

  • ‘For profit’ - open core and GPL. A free to use open core for all users, paid operationalisation.

  • ‘Not for profit’- open everything and GPL. Dual license for OEM. Free to use everything for all users, no exploitation from commercial companies who if they want to use it are forced to fund the free users.

And it’s that latter model has a lot of potential merits, for a lot of open source projects, looking to go from best efforts, to best in class.

As a side note, we have been chatting in the ‘virtual office’ about licenses, and a new idea emerged.  Imagine if people licensed things GPL, but have the code automatically re-license as say Apache after 3-5 years. Sure, you can fork one of those old releases if you want to build a commercial business too, but it buys the original creators enough time to hopefully get some of the economic benefit from OSSing in the first place, including sustaining it. It would also keep the creators honest, to ensure that they really do keep driving more value over time. If they can't do that any more, and someone can do it better, should they not be willing to let them?