Open source could become a vital piece of enterprise infrastructures. Open source development is becoming a moneymaking proposition. And now understanding the companies that sell and the communities that create open source code is becoming a critical part of the CIO's job.
The future of open source is not Linus Torvalds.
It's Marty Roesch.
In 1998, Roesch, then 28 and an engineer at telecom company GTE-I, created an open source program called Snort for detecting intrusions into computer networks. Today, he sheepishly acknowledges that he's a multimillionaire, having sold Sourcefire, the company he created to sell add-ons to Snort, for $US225 million to security software leader Check Point. (At the time of writing the deal was expected to be finalized before the end of the first quarter 2006.)
Roesch's road to riches - using the Internet to distribute open source software for free and selling proprietary (closed source) pieces that enhance the free stuff - is emerging as the most popular new business model in the software industry, according to venture capitalists. Call it the mixed source model. On the surface, it would seem to offer the best of both worlds: CIOs get free software, and the companies developing the code get e-mail addresses from downloaders, so they can try to sell them proprietary add-ons. Venture capitalists love this model because they can invest their money in software that can be sold rather than in big sales staffs or expensive marketing and branding campaigns.
But in the rush to monetize the open source model, these start-ups could be on a collision course with the communities that spawned them. When a venture-backed company builds both open source and proprietary software under the same roof, it invites a showdown between the people contributing the free stuff (the open source community) and the company looking for competitive advantage from the proprietary stuff. "It's an inherent conflict of interest," says Jo Tango, general partner at Highland Capital Partners, a venture capital company. "Whose additions to the software get approved? And how are those additions prioritized? Is it for the open source product or the for-profit stuff?"
And that could lead to situations in which CIOs are seduced into using what seems to be free technology only to find they must pay to make it work down the road, says Michael Goulde, senior analyst for Forrester Research. Adds Tango: "This model has been around for years. It's called a trial version."
Proprietary software companies have been giving away trial versions of their software for years. But the code is closed, and the free versions are lesser versions of what you'd get if you paid full price. "That's no different from what these so-called open source firms are doing with their community [open source] and enterprise [proprietary] editions of their software," says Barry Strasnick, CIO of CitiStreet, a benefits management company.
In other words, the free stuff becomes nothing more than a come-on. Adds Lee Hughes, CIO of Owens Forest Products, "My fear is that if a company has a free open source version and a commercial version with enhanced features, the free version [may suffer] down the line."
Why the Model Matters
Strasnick and Hughes wouldn't be so concerned if open source software were still a casual plaything for their developers trying to save money on a few Web servers. But open source may well become a vital part of the CIO's software acquisition strategy - especially when it comes to infrastructure software. Research company Gartner predicts that by 2010, Global 2000 IT organizations will see open source as a viable option for 80 percent of their infrastructure software investments. CIOs can't afford to treat open source as a throwaway, and they can't afford to do without support for the open source that becomes a vital component of their infrastructures.
But shopping for open source software is a very different animal from the traditional software acquisition process. The company you're buying from is a community, the references you're checking when you're doing your due diligence are postings on a bulletin board, and the developers posting them may not even be employed.
Conventional wisdom says you don't want to see how your breakfast sausage is made, but CIOs are going to have to peek into the kitchen before committing themselves to an open source diet. There are many different business models emerging besides mixed source (see "Your Guide to Open Source Business Models", page 53), so CIOs will have to cast a careful eye on these companies and communities to predict whether they will still be around in a year or two. This is now critical business research for CIOs. It's every bit as important as tracking Microsoft's or Oracle's stock price, acquisition strategies and upgrade announcements.