Business and sustainability models around free and open source software

by Pete Cooper on 27 May 2009 , last updated


A report from the OSS Watch Business and Sustainability Models workshop at the University of Oxford, 12 January 2009, by Pete Cooper.

I was fortunate enough to attend a sold-out OSS Watch event recently. The workshop, Business and Sustainability Models Around Free and Open Source Software, was held at OSS Watch’s central Oxford headquarters, deep in the maze-like Oxford University Computing Services building. My first thoughts, even before the event, were mostly questions:

  • How would OSS Watch, primarily involved in HE and FE, approach the subject of commercial business models and still be authoritative?
  • Would the non-advocacy stance taken by OSS Watch be adhered to, especially on the business and commercial aspects of the workshop?
  • How can something that’s essentially freely available at no cost be sustainable? After all, commercial business models, at least in the traditional sense, largely rely on selling and/or trading a product and/or service for money and/or services in return.

The workshop took the form of four presentations and a panel discussion, described in the following report and covered in a live blog. All presenters have also released their slides for free download, under a Creative Commons Attribution-ShareAlike 2.0 licence, unless otherwise indicated. The slides are available from the workshop’s web page, linked to above.

The fundamentals of FOSS

Ross Gardler opened the workshop with an overview of FOSS. He began by covering some of the history behind the two key FOSS organisations, the Free Software Foundation (FSF) and the Open Source Initiative, and went on to describe the main types of FOSS licence: a permissive licence allows inclusion of FOSS in non-FOSS projects and is most suited to scenarios where the widest uptake is required. Examples of permissive licences include the Apache Software License and Modified BSD. A copyleft licence differs from a permissive licence in that derivative works, should they be distributed, must inherit the same licence as their parent project, and copyleft-licensed works cannot be incorporated into non-FOSS products. A copyleft licence is suitable for situations where FOSS status is to be recognised and/or legally enforced. The GNU General Public License is the best-known copyleft licence.

Partial copyleft licensing is a ‘hybrid’ of copyleft and permissive licenses. The similarities between copyleft and partial copyleft licensing include the inheritance of licence for distributed derivative works; however, partial copyleft-licensed work can be incorporated into non-FOSS products, in a similar way to work governed by a permissive licence. The Mozilla Public License and GNU Lesser General Public License (LGPL) are examples of partial copyleft licences.

Ross then turned to the subject of copyright ownership, one of the most important issues to address when setting up a FOSS project, and described the two primary models in use: centralised and aggregated ownership. In the case of centralised ownership, copyright is owned by the project owner, and contributors assign copyright of their work to the project owner. Aggregated ownership has the project owner(s) retaining copyright of their work, with contributors only licensing their code to the project owner, rather than assigning their copyright. A third model, distributed ownership, is common in the academic world. This model is similar to aggregated ownership, except that contributors do not license their contributions to the project owner; rather, they place them under the same licence as used by the project, allowing them to be incorporated. This means, however, that the project owner cannot then re-licence the project without securing the agreement of every contributor; the aggregated ownership model does allow this, and is therefore preferred.

Finally, Ross talked about the importance of recording and retrieving ownership information accurately. In conclusion, he stressed that FOSS is not simply a set of software licensing terms but also a methodology for software development, and that the collaborative development communities enabled by the licensing are as important as the licensing itself.

FOSS business and sustainability models

Next up was Rowan Wilson who, as a Research Officer at OSS Watch, focuses on the legal aspects of FOSS. His talk began with the vexed question of whether a FOSS licence constitutes a contract between the developer and the user. While many argue that it must, in order to have any effect, traditionally FOSS communities have tended to downplay the potential contractual aspects of the licences, instead arguing that they represent unilateral grants under specific circumstances (for example, a grant of the right to copy, provided that the copier preserves attribution information). He then gave examples of unsuccessful legal challenges to FOSS licences, notably Wallace vs FSF and Jacobsen vs Katzer, which showed that a FOSS licensor in the US is not reliant on contract law to enforce the conditions in their FOSS licence.

Moving on to the exploitation of FOSS, Rowan explained that traditionally UK research institutions have relied upon software patents for exploiting their software IP, but warned against this, as all FOSS licences, either explicitly or implicitly, grant rights to patents that the software embodies to anyone in the world at essentially no cost. He also pointed out that silently engulfing FOSS within your own software can be a temptation but that it frequently ends in expense and bad publicity.

The first model Rowan presented was the building of an academic community around a particular software solution, explaining that ‘owning’ a tool that is prominent in a particular problem domain can benefit the reputation of the institution and academics in question, and foster funding and industrial partnerships. Establishing a separate legal entity or foundation can also help greatly with successful exploitation of a FOSS project. As well as being a workable business model, this allows donations and a simpler approach to tax. Creating a separate body that assumes legal responsibility for a project also helps manage legal risks to the project and those associated with it: this insulates the project from legal actions against its participants, and also insulates participants from legal actions against the project. Perhaps even more useful are the several FOSS umbrella organisations in existence that contain a number of projects, allowing administrative resources to be pooled. Finally, community source foundations, although only tangentially related to FOSS, provide another route to added value from software, wherein admission to the development community is predicated on making a defined commitment of resources.

Next up was consultancy. The inherent low cost of acquisition of FOSS, along with its often sparse documentation, can drive demand for consultancy and associated bespoke software development. The increasing acceptance of software as a service, or cloud computing, can also be a form of revenue stream. Provision of these services using some copyleft-licensed software does not break any licence conditions, as the software is not distributed in the traditional sense. Advertising and/or referral services are yet another possible source of income.

Rowan then covered the more traditional FOSS exploitation techniques - provision of paid support, selling proprietary add-ons and dual licensing. While the first two are well-understood models, dual licensing is often misunderstood. This involves releasing your software under a strong copyleft licence such as the GNU GPL, and also making available a version under an alternative licence, allowing users who do not wish to be bound by the GNU GPL to pay for the non-copyleft version. Generally, they would do this because they wish to produce a product based on the code but not confined by a copyleft licence.

Summing up, Rowan emphasised that FOSS and commercial software are not antagonistic or mutually exclusive concepts. This view is borne out by the fact that FOSS components and code are being increasingly accepted as part of commercial software and echoed by Gartner’s prediction that FOSS will form part of 80 per cent of commercial software offerings by 2012.

Commercialising FOSS - an oxymoron?

The afternoon session kicked off with Oxford University-based guest speaker, Dr Rhys Newman, who tied together a number of aspects of the morning sessions, and showed how FOSS generated in academia can gain wide industry interest and attract venture capital funding.

Rhys is the brains behind two award-winning projects, Nereus and JPC, Java applications that work together to broker CPU time between donors and users. His presentation focussed on the journey undergone by each of the projects, from concept to delivery. As part of the research process, Rhys had calculated the value of idle CPU time at $100 billion per year, which, considering the increasing global requirement for computing time, represented a massive business opportunity. However, without a large install base of JPC/Nereus, users and potential users would not be convinced of project value - and without users vying for CPU time on JPC/Nereus-enabled computers, donors would not be convinced about joining the project. It seems, therefore, that the answer was to distribute the client software for nothing, in order to build up a user base; it was not stated whether a more limited, paid-for distribution model was ever considered. As Rhys acknowledged, doing so did not necessitate open sourcing, but simply that people be able to download the client for free. In his view, open sourcing adds a marketing element: he believes that the sort of ‘technically aware’ people likely to be interested in running the software would show more goodwill and interest were it open source. His other main reason is that, were the software open source, potential investors could commission independent analyses of the software if they chose to do so.

He was notably dismissive, though, of any role external code contributions would be likely to play in the project. The main goal was simply to ensure the software’s widest distribution, as revenue to fund the project further would ultimately depend on the existence of the user base. Once users had been persuaded and were loyal to the cause, investment would be sought. Following successful investment, the product would be more corporate friendly and organisations would be more willing to trial it.

One of Rhys’s biggest challenges was persuading the University that essentially ‘giving away’ the software would bring back something in return. His argument was not that ‘giving it away’ might bring something back, but that not releasing as open source would ensure that no money would ever come in. The technology transfer unit of Oxford University, ISIS Innovation, was open to this concept and approved the release. JPC and Nereus were launched in 2007 and 2008 respectively, both under GPL v2 licences, and the technology behind the software was licensed commercially in December 2008.

Concluding, Rhys expressed the view that the future of software is all about downstream charging: having customers coming to developers, wanting to pay for value they can already see, avoids the inherent piracy incentives with chargeable digital copies. He advised delegates to ‘ask not whether to open source, ask whether NOT to open source’ and to watch the development of cloud computing, stating that it ‘will become the standard’.

Running a foundation to contain your code

David Wood, of Symbian Ltd, delivered the final presentation, which described the formation of the Symbian Foundation, a major player in the smartphone market. Concentrating at first on the business side of the operation, he described as ‘huge’ the mobile opportunities available to Symbian. However, there are challenges to overcome, including the physical limitations of screen size and battery life, along with such user-interaction issues as complexity of applications and functionality not made easily accessible. Meeting these challenges requires the input of many developers, along with a willingness to embrace an appropriate open source community and ecosystem.

Looking back, David described Symbian’s journey towards embracing open source. A key step was the adoption of the Eclipse integrated development environment (IDE), which ultimately led to the creation of the Carbide family of IDEs in 2005. Symbian is now a member of the Eclipse Foundation and has contributed developer time and software to a number of projects.

Symbian Ltd released the Symbian operating system as open source software under the ownership of the Symbian Foundation. It selected the Eclipse Public License (EPL) to cover the eventual open source distribution of its code, in order to reduce software fragmentation - fragmentation here referring to the large number of differing operating systems within the mobile device market. David spelled out the problems associated with this chaotic situation and explained how Symbian’s move into open source might help.

Firstly, he pointed out that fragmentation can have extremely unpleasant consequences, even though it may also sometimes seem beneficial. ‘Forkability’ (the practice of producing differing parallel versions of software) is, in the public perception, most commonly associated with FOSS, yet even within an up-to-now closed project like Symbian, different device manufacturers would often produce internal ‘forks’ of the platform code to deal with their own problems and not contribute these back to the central project. While this helped them solve short-term issues quickly, in the long run it made producing new versions of the operating system that addressed the needs of all device manufacturers more difficult. In general, FOSS licensing makes this kind of fragmentation easier. To an extent, the use of ‘copyleft’ licences can help to mitigate against this risk.

The Symbian Foundation platform is currently going through a proving time, ultimately aiming for a fully EPL-compliant release in June 2010. In the interim, the Foundation is operating as a ‘community source’ project, with a licence that extends only to project members who pay a fee to join the Foundation.

In conclusion, David reiterated the principles outlined in the previous sessions, stressing the importance of meritocracy in a FOSS project, over and above financial contributions, and emphasising that transparency should extend to project processes as well as code.

Panel discussion

David Wood was joined by Rhys Newman, Rowan Wilson and Steve Lee, an expert in accessibility within FOSS, for a panel discussion. One delegate asked an old favourite: ‘Is open source code a security risk?’ Rhys’s reply characterised open source release as a statement of confidence by the authors in the security of their code, while Steve pointed out that many FOSS projects are active and agile in their response to issues, so can be fixed quickly. David replied with an anecdote about a recent Symbian security issue, and wondered aloud if going the FOSS route would mean more or fewer such incidents. A delegate responded to the question by citing the example of the US National Security Agency’s use of an adapted Linux as their secure computing platform.

Lively discussion continued, as the workshop drew to a close. Among the remaining questions was whether venture capitalists needed to be educated on their assessment of software exploitability, concentrating particularly on the assumption that only a software patent could guarantee that software was profitably exploitable.


The verdict: overall, a solid workshop with plenty of food for thought. While the education sector is often thought to be isolated from the rigours of the world of business, OSS Watch’s presentations and those of their guests seemed to indicate otherwise. Ross and Rowan’s tour through the relevant FOSS business and sustainability models showed that there is a spectrum of opportunities available to academic software authors, ranging from creation of new academic communities to full spin-out and commercialisation. OSS Watch can help to identify where FOSS-related exploitation models are appropriate, and where they may not be. Rhys Newman exemplified a reasoned path for a piece of software from academic tool to focus of commercial interest. David Wood showed us that, from the other side of the fence, large and successful software businesses are increasingly looking to the kind of community-focused ‘open innovation’ models that mirror traditional practices of academic freedom and collaboration.

Further reading


Related information from OSS Watch: