There are so many misconceptions about open source software. For example one fallacy is that open source means free software. A bigger misconception is that all open source is, in fact, really open. These misconceptions can drive poor decisions and expose companies to risks.
Open source software should mean software that is created and evolved by a community. The source code should be available for inspection, forking (the creation of another path based on the code at a point in time), modification, and use. There’s nothing wrong with open source that’s managed through a license. Like fences, license help set social boundaries. And as it is with a fence though the goal of the license should be the betterment of a community and not a single entity.
That brings us to the big problem with much of what passes for open source. It has become fashionable for companies to “open source” their code without really making it open. The company maintains full copyright and the future of the code base is governed by the company exclusively. The advantage is completely with the company releasing the code because they maintain the right to change the license and direct the evolution of the code. Meanwhile, legions of programmers test the code and develop features for free. Features that may not stay open if the license says so.
While technically open source, these type of projects are not open governance. Open governance requires a non-partisan controlling body such as not-for-profit foundation or industry group. This is the Apache model. The board of such as group, not a single company, makes decisions about the software. The board should, in theory, represent a community. It is entirely possible that a not-for-profit foundation or industry group may be heavily influenced by a few larger donors. We all know that money talks. The influence though has to be indirect. Otherwise, an overly controlling donor would open themselves to the derision of the IT community. That’s the same community that they want to sell products to…
I don’t object to closed software. If a company chooses to protect its intellectual property by using a closed copyright and trade secrets model, that’s their choice. Much of the time that is a good choice. What I object to is calling something “open” when it actually is not.
Without open governance – that is without the control of the license in the hands of a group that represents the community – then releasing the software as open source is just aform of a defensive disclosure. With the source in the wild, someone else will have a harder time filing a patent that might cover some aspect of the software. Meanwhile lots of developers are finding bugs and creating features while the company maintains complete control over the license. Ultimately, the community is not in the driver’s seat and is at risk to unilateral changes in the license. That’s not open
Open source is not really open unless there is open governance. The risk is much lower with open governance than many other open source situations. For an IT manager looking at open source software, consider who actually controls the code before making decisions about using the software.