'Open Source' May Not Mean What You Think It Means
Although inconceivable to some, open source may be a weakness rather than a strength.
- By Dan Kusnetzky
Editor in Chief Keith Ward recently posted an article
about a company that open sourced its software. I felt it necessary to respond with a discussion of open source technology, and what it really means to place all of the code that makes up a software product into an open source repository. In short, it may not mean all that much to the industry, or to customers using that product.
What Does 'Open Source' Really Mean?
The phrase open source usually refers to a community developed and community supported hardware or software project. Typically, the phrase open source means that the technology is free to use, free to share and free to modify. Does this mean that the software is better than commercial products doing something similar? Well, no, not really.
What it does mean is that a developer or other technically inclined person can see what the product does, how it does it, and offer suggestions for either changes or improvements to the community. Some open source licenses make it possible for the developer to make the changes and then distribute the result. Other licenses require that the changes be submitted to the community; then a named individual reviews the changes and either commits them, rejects them or updates them to meet community guidelines.
What Do You Mean by 'Open Source License'?
There are quite a number (70 are shown in the following list) of accepted licenses used to protect open source software projects. The following is a list of the currently recognized open source licenses (for more information, please visit the Open Source Initiative Web site):
- Academic Free License 3.0 (AFL-3.0)
- Affero GNU Public License
- Adaptive Public License (APL-1.0)
- Apache License 2.0 (Apache-2.0)
- Apple Public Source License (APSL-2.0)
- Artistic license 2.0 (Artistic-2.0)
- Attribution Assurance Licenses (AAL)
- BSD 3-Clause "New" or "Revised" License (BSD-3-Clause)
- BSD 2-Clause "Simplified" or "FreeBSD" License (BSD-2-Clause)
- Boost Software License (BSL-1.0)
- CeCILL License 2.1 (CECILL-2.1)
- Computer Associates Trusted Open Source License 1.1 (CATOSL-1.1)
- Common Development and Distribution License 1.0 (CDDL-1.0)
- Common Public Attribution License 1.0 (CPAL-1.0)
- CUA Office Public License Version 1.0 (CUA-OPL-1.0)
- EU DataGrid Software License (EUDatagrid)
- Eclipse Public License 1.0 (EPL-1.0)
- Educational Community License, Version 2.0 (ECL-2.0)
- Eiffel Forum License V2.0 (EFL-2.0)
- Entessa Public License (Entessa)
- European Union Public License, Version 1.1 (EUPL-1.1) (links to every language's version on their site)
- Fair License (Fair)
- Frameworx License (Frameworx-1.0)
- GNU Affero General Public License v3 (AGPL-3.0)
- GNU General Public License version 2.0 (GPL-2.0)
- GNU General Public License version 3.0 (GPL-3.0)
- GNU Library or "Lesser" General Public License version 2.1 (LGPL-2.1)
- GNU Library or "Lesser" General Public License version 3.0 (LGPL-3.0)
- Historical Permission Notice and Disclaimer (HPND)
- IBM Public License 1.0 (IPL-1.0)
- IPA Font License (IPA)
- ISC License (ISC)
- LaTeX Project Public License 1.3c (LPPL-1.3c)
- Lucent Public License Version 1.02 (LPL-1.02)
- MirOS Licence (MirOS)
- Microsoft Public License (MS-PL)
- Microsoft Reciprocal License (MS-RL)
- MIT license (MIT)
- Motosoto License (Motosoto)
- Mozilla Public License 2.0 (MPL-2.0)
- Multics License (Multics)
- NASA Open Source Agreement 1.3 (NASA-1.3)
- NTP License (NTP)
- Naumen Public License (Naumen)
- Nethack General Public License (NGPL)
- Nokia Open Source License (Nokia)
- Non-Profit Open Software License 3.0 (NPOSL-3.0)
- OCLC Research Public License 2.0 (OCLC-2.0)
- Open Font License 1.1 (OFL-1.1)
- Open Group Test Suite License (OGTSL)
- Open Software License 3.0 (OSL-3.0)
- PHP License 3.0 (PHP-3.0)
- The PostgreSQL License (PostgreSQL)
- Python License (Python-2.0) (overall Python license)
- CNRI Python license (CNRI-Python) (CNRI portion of Python License)
- Q Public License (QPL-1.0)
- RealNetworks Public Source License V1.0 (RPSL-1.0)
- Reciprocal Public License 1.5 (RPL-1.5)
- Ricoh Source Code Public License (RSCPL)
- Simple Public License 2.0 (SimPL-2.0)
- Sleepycat License (Sleepycat)
- Sun Public License 1.0 (SPL-1.0)
- Sybase Open Watcom Public License 1.0 (Watcom-1.0)
- University of Illinois/NCSA Open Source License (NCSA)
- Vovida Software License v. 1.0 (VSL-1.0)
- W3C License (W3C)
- wxWindows Library License (WXwindows)
- X.Net License (Xnet)
- Zope Public License 2.0 (ZPL-2.0)
- zlib/libpng license (Zlib)
Each of these licenses offers a different combination of the three characteristics of free to use, free to share and free to modify. You'll notice that many major software and hardware suppliers, academic institutions and standards groups have their own licenses. Usually this means that they want to have some level of control over what happens to the software they're offering to an open source community.
Just because a license is listed here, it doesn't mean that developers may freely use code protected by one of these licenses in a project that will result in a commercially available software product. Some licenses require that all changes and suggestions be submitted back to the company or institution. These changes may or may not become available generally.
In some cases, vendor- or academic institution-sponsored open source licenses allow the license creator to maintain total control over the code, how it can be used and who can modify it. In this case, open source may really mean only that the source code is available for viewing.
Dan's Take: The Real Impact of 'Open Sourcing'
As with many other areas of the software industry, the devil is in the details. In some cases, releasing the code of a commercial product to an open source repository under a vendor-created open source license may mean little or nothing. It might just be a marketing tactic designed to get the industry to view that software as being open, when in fact it may still be just as closed as when it was closed source. Developers may be told, "Look, don't touch."
In the past, there have been many examples of companies losing the competitive battle with other products that would then release the source code in a last-ditch effort to get industry attention. While those who rely on that product will be pleased they can at least look at how the product works, they may find that in the end they have little ability to make needed changes, add needed features or integrate that software into something they’re trying to do.
Another interesting challenge of open source technology is what developers can do with a mixture of technology that's protected by different open source licenses. Companies such as Black Duck Software have technology that can scan the source code of a company or vendor-driven project to discover what open source technologies were used. These companies also offer consulting services designed to help customers either protect themselves from litigation, or do what they want and need to do safely.
So in the end, releasing something into open source may simply be a marketing ploy. Often this means that articles such as the one cited at the beginning of this article will be published. To an end-user organization, though, it might mean little to nothing.
Daniel Kusnetzky, a reformed software engineer and product manager, founded Kusnetzky Group LLC in 2006. He's literally written the book on virtualization and often comments on cloud computing, mobility and systems software. He has been a business unit manager at a hardware company and head of corporate marketing and strategy at a software company.