Open source licence series - WhiteSource: permissive is winning, but is there a hurt factor?
Open source grew, it proliferated… and it became something that many previously proprietary-only software vendors embraced as a key means of development… but the issue of how open source software is licenced is still the stuff of some debate.
The Computer Weekly Open Source Insider team now features a series of guest posts examing in the ups & downs and ins & out of open source software licencing.
Rhys Arkins, director of product at open source license management and security solution company WhiteSource writes from this point forward.
We’ve come a long way, baby
We’ve come a long way since open source licenses were drafted to protect open source projects from the big bad corporations that insisted on keeping code private and [strictly] monetised.
Today, open source components are the basic building blocks of our software products, and open source projects mean big business, re-awakening the contentious debate over open source licensing.
Permissive win factor
When we look at the types of open source licenses that organisations choose, we see that most users choose permissive licenses: the open source licenses with the fewest strings attached.
Our research into open source licensing trends in 2019 shows permissive open source licenses are more popular than ever, while the use of copyleft licenses, especially the GPL-family, continues to decrease. Permissive MIT and Apache 2.0 licenses remain first and second on our list of top 10 popular open source licenses of the year, each continuing to trend. According to our data, 67% of open source components have permissive licenses, while only 33% of the 10 most popular open source licenses are copyleft, compared to 59% in 2012.
We believe that open source becoming mainstream explains this shift from copyleft to permissive. With companies like Microsoft and Google behind today’s most popular open source projects, the “Us” vs. “Them” mentality from open source’s early days is no longer relevant. Open source has become an integral part of business, so the question isn’t whether an organization will use open source, rather how to ensure an open source component is accessible and easy to share.
Permissive licenses are winning because they are user-friendly, especially to corporate users, but what about smaller companies?
Many startups today base their business on an open source project and a freemium plan. ElasticSearch, Docker and more have learned the hard way that this strategy is risky.
While this model helps build a large community, it also allows the software giants to build services based on their open source projects, arguably taking a chunk out of the smaller company’s business.
An open betrayal?
As a result, Redis Labs, MongoDB, and others adjusted their open source licenses, moving to licenses like SSPL and other more restrictive licenses in an attempt to protect their business, only to get called out by some in the community for betraying the open source ethos.
It seems that it’s time to re-examine the role of open source licensing today.
Who are open source licenses supposed to protect, and what from? Can open source licenses protect projects from being ‘strip-mined’ by the big corporations, while still maintaining the integrity of the open source philosophy?
A swing of the pendulum
The past five years have seen a rise in the popularity of permissive licensing, but the pendulum might begin to swing the other way, as organisations continue to search for the right balance between supporting the open source community and maintaining solid business models.
As the open source ecosystem continues to evolve we will probably see more open source projects with a new breed of open source licensing. License Zero, for example, is a welcome innovation enabling independent developers to allow free use of their software for open source or noncommercial work, and sell private licenses to other devs who want to use it for profit or in closed source.
Finding a solution won’t be easy, but thinking out of the regular permissive-vs-copyleft-debate box to create models that are permissive while protecting patent rights and limiting services offered might be what the industry needs.
The debate goes on, there is still much to discuss…