Commercial Open Source Software

Open Source Licensing: is StillSecure trying to redefine Open Source?

I already mentioned StillSecure releasing Cobia, a security platform that they call “Open Source”, redefining the meaning as reported by the license FAQ:

Is Cobia open source?

The definition of “open source” is evolving as companies create new licenses or add “riders” to OSI licenses such as the GPL. Some believe that open source means it must be one of the OSI compliant licenses (GPL, Mozilla, Apache, etc.). We’ve found what is most important to a majority of open source software users is that open source software is free of charge and include easy access to source code. Cobia software meets these requirements through our community license structure.

Shift Freedom by aliceinreality

Being compliant with OSI or FSF definitions is mandatory if you want to call open source or free software your products, wehther or not you like OSI and FSF licenses’ approval processes.

Thomas Ptace at matasanochargen blog wrote a post entitled “Questions for StillSecure About Cobia” raising some issues about Cobia’s restrictions about redistribution and asking them to stop calling Cobia an open source product or fully complying with the OSI definition.

Reading the license I found things like this, not really open source style indeed:

2. GRANTS OF RIGHTS

(a)From original developer. Subject restrictions in Section 2 of this License, the Original Developer grants you a non-exclusive, worlwide, royalty-free license:[..]
(iii) to Distribute Unmodified Code, but only if:[..]

B. You do not embed, integrate, bundle or incorporate the Unmodified
Code with any other product or good (whether tangible or intangible)

Alan Shimel, Chief Strategy Officer of StillSecure, replied:

1. Is Cobia open source? The not so short answer Thomas, is that if you are a strict constructionist and believe all open source must have an OSI approved license, than I guess you can say it is not open source. Me personally, I don’t like strict constructionists in my Supreme Court judges and I don’t deem software open source or not by a strict construction of whether or not an OSI approved license is in place. Thomas, I don’t say this flippantly either. We thought long and hard about licensing and this issue around Cobia. Here is the story. We believe and our research proves it, most people consider software open source if the product is free to use and it includes the source code. I think only purists will get hung up about the OSI stuff.

I wouldn’t describe myself as a purist, but I as Thomace I firmly believe that outsiders need incentives, and such license can be an obstacle to firms’ participation.

Alan added also this:

Thomas, todays commercial open source business model isn’t the open source model you grew up with. I am glad you brought up both Snort and Nessus. Go ask Ron and Marty if they were starting today if they would do it under GPL from the beginning again. If they are being truthful, they would tell you no way. The idea we are trying to get across here is that if you are using Cobia for your own use in your network and not reselling it or packaging it for profit, it is free and open. If you are going to use it for profit, why should we not share in this? Someone has to pay the bills here.

Success story like Snort are a typical case of open source community-based product that turns in a proprietary product and I can’t believe they might get there without going that way. As a matter of fact, many open source firms are giving away software “for free” getting advantage of positive externalities and contributions.

StillSecure can choose its way, I can’t say anything about that, but they can’t pretend it to be the only way.

Technorati Tags: Commercial Open Source, StillSecure, Cobia