Join our daily and weekly newsletter for the latest updates and exclusive content on industry-leading AI coverage. learn more
Software companies have many decisions to make as they go through the stages of building a thriving business. Among the many issues to be discussed is whether to open up technology. It’s a big decision, and licenses around open source have attracted a lot of attention in the tech world.
Part of the problem is that there are many strong opinions about open source. Whenever a large company decides to limit its license, it can receive a lot of backlash, even for good reasons (as Hashikoop and elasticity have learned in recent years). Meanwhile, great technologies released as open source can quickly gather much support from the open source software (OSS) community.
It is not easy for a company to decide which path to take. My company has chosen to release Kubescape, a cloud-native security scanner, as open source through the Linux Foundation’s Cloud Native Computing Foundation (CNCF). I am very pleased with this decision. In fact, Kubescape has recently been promoted to project status incubation, and is used by thousands of companies around the world. Overall, we consider it to be net profit, but we carefully weighed our pros and cons before we rushed ahead. It’s definitely not something to be rushed, so we share some advice based on our experience.
Removes barriers to open source adoption
The DevOps team has many good reasons to reluctantly introduce new code into clusters and environments. It can be full of bugs, weakening your security setup or ruining your existing configuration. Unless you’re fully SAAS and offer a solution that doesn’t require agent-based/cluster/on-plame installation, you need to overcome these hesitations from DevOps.
When it comes to open source, this is useful. It can show transparency and accountability, and provide teams with the ability to donate new code, make it part of a project, or influence the roadmap. They are more likely to trust solutions that invite them to check their core code than they would ask them to trust closed boxes.
This trust is amplified when you donate your code to a foundation that has a vibrant community base with reliability and a strong “cool” factor. A reputable foundation validates the quality of the product and proves that it has implemented a proper review process, rhythm and governance. Even better if the OSS offering already has significant traction, a large install base, and some popularity in the community.
Speed up continuous improvement
Continuous improvement is more than just a slogan. I want to find and fix bugs and improve the offering as quickly as possible. The best way to do this is to increase the amount of use. Being open source means your technology will be load-tested in the real world by far more users than you can reach through personal sales.
We found our platform to be present in over 200,000 clusters when we still have only dozens of enterprise customers. This allowed us to elicit large user-based feedback, feature requests and validation, allowing us to learn and deploy improvements more quickly.
At the same time, recruitment has increased. This is partly due to the large reach and partly because the product has improved at such a fast speed. Once you use the open source community as your test environment, then incorporate feedback, you can release changes to the enterprise version if the version is stable or vice versa. Running dual options at the same time is a good thing.
Open source means less control
These are the main advantages, but open source also has drawbacks, and it is essential to keep them in mind. The main drawback is that when the product is open source, you have no control over how people use it. This is especially true if you decide to open it through a community forum, as you essentially hand over the trademark to the vendor’s neutral foundation.
Despite being widely trusted across the open source community, some people use open source code to avoid pay versions and features. (Of course, you can consider these free users as part of your sales pipeline and work to upgrade to the enterprise version for additional features and perks.
Some take your hard work, use it to build commercial products, and make money from the community work you build and curate. You cannot stop it from happening, so you need to make your peace with this.
Open source only works if it matches your user base
One of the main factors in deciding on an open source project is the user base. They need to know and understand their concerns and motivations, so they can correctly predict how they will respond to the provision of OSS. If your audience is very technical, whether it’s a security engineer, DevOps team, or developer, you’re more likely to fall into a pro-open source camp.
There’s a reason we call it the “open source community.” Open source is more than just a licensing decision. This is a set of shared beliefs with participants who participate beyond their clients. It’s closer to religion or cult than to purchase. If your user base shares a love for open source ideas, this path is much more likely to succeed.
Open sourcing software requires a clear monetization model
Establishing a solid path to monetization is important for any company, but it is doubly important for open source companies. Open source can leave you without strong cash flow, so you need to be clear about how you make your money.
For example, you can choose to make all your technologies fully open source for a year, to promote penetration and feedback, and to implement monetization methods. You can go to Open Core, the route my company has chosen. Here we provide core code as open source and sell additional services and features.
Many companies have decided to offer both the OSS and Enterprise versions. This works, but you need to find a proper balance between the features and support included in the OSS version and the features that you provide only for customer payments. Another option is to set up things so that open source code can only be used in conjunction with the enterprise version. The OSS version has no value other than showing transparency. However, what should be noted is that this can contradict cooperation with the foundation.
Open source never returns…
Going to open source is a very serious decision. It doesn’t help that it is almost one-way. You can move from closed source to open source. Alternatively, you can move from a more restrictive license to a more open license whenever you want.
However, moving in other directions is extremely difficult. All the code and information you already share will be made public and can be used whenever you like. As mentioned above, open source fans are less likely to respect the code, as they can be very critical to those who return OSS offerings. Hashicope learned this the hard way when fans forked Terraform after they changed from NPL to BSL licenses.
That being said, open source is great if the situation is correct. If you weigh all the factors, your user base and technology delivery will be coordinated and you identify a reputable foundation that believes in your mission, you can benefit from many benefits, as we have.
Shauli Rozen is CEO and co-founder armor Creator of Kubescape.
