Shane Coughlan is the founder and manager of the Openchain Project, which “builds trust in open source by making open source license compliance simpler and more consistent.” As any software asset management person can tell you, they get cross-eyed when it comes to open source license compliance. My opinion has always been that this was due to lack of information outside of the immediate sphere of open source developers. The Openchain Project aims to remedy that, and in this podcast we talked about the challenges of doing that. It’s a great listen!
Blog
-
TechRepublic: Open Source and Corporate Funding
I have more to say about this. See the original article on TechRepublic.
Basic argument goes like this, “individual developers working in their mom’s basement no longer drive open source development! Now it’s all about the corporate $$$$.” My initial thought is “duh”. I’ve always felt that the narrative about a decentralized army creating amazing software that undermined large vendors was entirely wrong. So it’s not that open source is “increasingly” about corporate funding – it was *always* about corporate funding. And as I’ve mentioned elsewhere, open source is not free software. Free software, also known as software freedom, has been about the rights of individual developers and users against the IP cabal of the TIC (techno industrial complex). Open source was about, “yeah, that’s great – but how can I profit from that?”
So congrats to TechRepublic for being about 15 years behind. I guess?
-

EnterpriseIT Writeup on LA Symposium
If you’ve been watching this space, you know we’ve been gearing up for our LA symposium on September 14, co-located with the Linux Foundation’s Open Source Summit. Swapnil Bhartiya walks through the different talks and why you should go – as well as a good bit from me about OSEN and the event:
“The secret of 21st century innovation is that much of it doesn’t happen inside software vendors anymore, rather the most innovative companies have learned how to make use of all the innovation that happens outside their office walls and often beyond their control.
So how does one take advantage of the open source innovation happening outside of your purview? And learn how to build products and business in this new collaborative model? That’s why you should attend – RSVP now ($149.99).
-

Is Open Source More Risky?
There’s been a long-running debate over open source and security, and it goes something like this:
Pro: Open source is awesome! Given enough eyes, all bugs are shallow. This is why open source software is inherently more secure.
Con: Hackers can see the code! They’ll look at the source code and find ways to exploit it. This is why open source software is inherently more insecure.
And on and on… ad nauseum. There are a variety of studies that each side can finger to help state their case. The problem as I see it, is that we’re not even talking about the same thing. If someone says open source software is more or less secure, what are they actually talking about? Do they mean software you download from the web and push into production? Or do they mean vendor-supported solutions? Unless we can agree on that, then any further discussion is pointless.
Open Source Products
So let’s shift the conversation to an apples vs. apples comparison so that we’re discussing the same things. According to a survey by Black Duck, upwards of 96% of commercial software solutions use open source software to some extent. This means virtually *all* new software solutions use open source software. So, when someone argues whether open source is more or less secure, the question to ask is, “more or less secure than *what*?” Because as we can see, the number of software solutions that *don’t* use open source software is rapidly dwindling.
To save everyone’s breath, let’s change the dynamics of this conversation. Let’s compare “raw” upstream open source code vs. supported software solutions backed by a vendor. As I’ve mentioned before, you can do the former, but it helps if you’re Amazon, Google or Facebook and have an army of engineers and product managers to manage risk. Since most of us aren’t Amazon, Google or Facebook, we usually use a vendor. There are, of course, many grey areas in-between. If you choose to download “raw” code and deploy in production, there are naturally many best practices you should adopt to ensure reliability, including developing contingency plans for when it all goes pear-shaped. Most people choose some hybrid approach, where core, business-critical technologies come with vendor backing, and everything else is on a case-by-case basis.
So, can we please stop talking about “open source vs. proprietary”? We should agree that this phrasing is inherently anachronistic. Instead, let’s talk about “managed” vs. “unmanaged” solutions and have a sane, productive discussion that can actually lead us forward.
-

Transform Your Business with Open Source Entrepreneurship
This is a webinar I did for the Linux Foundation earlier this month. If you missed it, you can catch it on demand!
- Linux Foundation webinar link: Open Source Entrepreneurship – How to Build a Business on Open Source
-
DevOps is not enough
Or: My source code is your platform, and vice-versa.
https://twitter.com/i/moments/897859467529912321
https://twitter.com/johnmark/status/897837253946466304
-

Linux.com: 4 Quadrants of Open Source Entrepreneurship
In light of my Linux Foundation webinar, Building a Business on Open Source, (today, August 1, at 10am PDT/1pm EDT) as well as upcoming meetups and the OSEN Symposium co-located with Open Source Summit, I wrote a piece all about the 4 areas that define open source entrepreneurship: Automation, Collaboration, Community and Governance.
Lots of companies, even large proprietary ones, had started to use open source software in their products and services, but there was very little in the way of sharing that came from them. Even so, many of them did a poor job of participating in the upstream communities that created the software they used. Shouldn’t these companies get the full benefit of open source participation? I also came across a few startups who wanted to participate in open source communities but were struggling with how to find the best approach for open source participation while creating great products that would fund their business. Most of them felt that these were separate processes with different aims, but I thought they were really part of the same thing. As I continued down this fact-finding path, I felt strongly that there needed to be more resources to help businesses get the most out of their open source forays.
Read the full article at Linux.com.
- Register for the OSEN Symposium
- RSVP for the Linux Foundation Webinar, Building a Business on Open Source
- See all upcoming meetups and events
-

OSEN Symposium Program Revealed
We’re happy to announce that we have set the preliminary agenda for the OSEN Symposium, co-located with the Linux Foundation’s Open Source Summit in Los Angeles on September 14.
-
Register now for the OSEN symposium in LA – Open Source Summit attendees can register through the Linux Foundation.
We have an incredible lineup!
9am: The Principles of Open Source Entrepreneurship
John Mark Walker, Creator of OSEN
10am: How to successfully enter the FOSS emerging market
VM Brasseur, Technical Business and Open Source Strategy Consultant
11am Innovating in the open: Lessons from a 3 time founder of successful open source based businesses
Evan Powell, CEO, Cloudbyte
1pm There is no Open Source Business Model
Stephen Walli, Open Source and Tech Strategy Consultant
2pm Effective Business Leadership with Open Source Supply Chain Management
Shane Coughlan, OpenChain Project Leader
3pm The World Bank GeoNode Study: 200% ROI on Open Source Community Participation
James Vasile, Partner at Open Tech Strategies
Register today!
-
-
Kite Demonstrates Continuing Toxicity of Silicon Valley
One of the most frustrating parts of being in open source circles is battling the conventional wisdom in the Valley that open source is just another way to do marketing. It’s complicated by the fact that being a strong open source participant can greatly aid marketing efforts, so it’s not as if marketing activities are completely unrelated to open source processes. But then something happens that so aptly demonstrates what we mean when we say that Silicon Valley has largely been a poisonous partner for open source efforts. Which brings me to this week’s brouhaha around a silly valley startup looking to “Make money fast!” by glomming onto the success of open source projects.
To quote from the article:
After being hired by Kite, @abe33 made an update to Minimap. The update was titled “Implement Kite promotion,” and it appeared to look at a user’s code and insert links to related pages on Kite’s website. Kite called this a useful feature. Programmers said it was not useful and was therefore just an ad for an unrelated service, something many programmers would consider a violation of the open-source spirit.
It’s the “stealing underpants” business model all over again.
- Get users and “move the needle”
- ?
- Profit!
Step 1 above is why we actually have valley poseurs who unironically refer to themselves as “growth hackers.” Only in the valley.
The really sad part of this is that the methodology outlined above is terrible, not just because it’s unethical, but because it’s counterproductive to what Kite wants to accomplish. As I’ve mentioned countless times before, a project is not a product, and trying to turn it into one kills the project. The best way to make money on open source is to, big surprise, make a great product that incorporates it in a way that adds value to the customer. In this example, this means taking projects like minimap and autocomplete-python, producing commercial versions of them, and make them part of an existing product or offer them up as separate downloads – from the company site or part of a commercial distribution.
The worst part of all this is there are still investors and business folks who think that doing is Kite did is the only way to make money from an open source project. It’s not. It’s a terrible maneuver from both an ethics as well as product development standpoint. It’s once again conflating open source with marketing, which is one of the reasons I started this site – it’s an unforced error and should be part of any “open source product 101” curriculum.
-

Linux Foundation Webinar: Open Source Entrepreneurship Howto
I’m happy to announce that on August 1, 10am PDT/1pm EDT, I will be leading a webinar from the Linux Foundation on open source entrepreneurship. “What is that?” you may ask. Open source entrepreneurship is the compendium of ideas around building your business process on open source principles. This means optimizing for open source collaboration, code and communities. Here are some qualities often exhibited by open source entrepreneurs:
- Build on existing open source platforms
- Abhor NIH and push teams away from it
- Structure teams for massive collaboration
- Allergic to corporate work silos
- Have spent extensive time learning how to operate in open source communities
- Tell anyone who will listen that product development is inefficient
- Often heard saying, “There’s an upstream community/ecosystem already working on that. You should join that effort.”
As we learn more about the pervasiveness and ubiquity of open source code, we’re finding that “open source” means so much more than what license you use or the source code you utilize. Open source is now a term of art that includes the process of collaboration, process automation, and building on the work of external ecosystems. Every product manager, engineering manager, investor, CIO/CTO and, yes, entrepreneur needs to understand these concepts intuitively.
From this webinar, attendees will gain an understanding of what it means to practice the art of open source entrepreneurship and optimize their business for the continuing open source revolution.

