Profiting from Open Source Software

Secret Santa writes "Alex Salkever has written an inspiring and Linux-friendly piece about Martin Roesch -- how he went from writing open-source software to building a multimillion dollar company. Excerpt: 'Sourcefire is one of a growing number of small software players that have built new businesses around open-source code. Their business models contain various mixes of proprietary and open-source software components and span the software gamut, from other security companies such as Tripwire to database outfits such as MySQL and desktop-computing offerings like Xandros. Most are still small, with revenues well under $50 million.'"

Or

[Billly+Gates]

You can add spyware to your app and sell it to download.com in order to make money .... cough ...cough

At last!

[Neil+Blender]

This article defines "2. ????". Dare I read it?

Open Source Business

[StormReaver]

I run a small, and growing, side business in addition to my full time job. I target only Linux, and refuse all other jobs.

My first product worked so much better than the alternatives, and cost so much less to implement, that I have no problem making good money this way.

Re:Open Source Business

[ignipotentis]

I target only Linux, and refuse all other jobs. This will be your failure. I'm happy your business is growing and may soon support you without the need for a seperate full time job. However, please remember the number one rule of consulting... Always use the right tool for the job. Do NOT try to shoe horn the job into your chosen tool of choice. Doing so will eventually lead to failure.

Re:Open Source Business

[Daniel+Dvorkin]

I target only Linux, and refuse all other jobs. This will be your failure. I'm happy your business is growing and may soon support you without the need for a seperate full time job. However, please remember the number one rule of consulting... Always use the right tool for the job. Do NOT try to shoe horn the job into your chosen tool of choice. Doing so will eventually lead to failure.

Ehhh, there's also the matter of different levels of resource allocation. If doing a given thing for a single platform takes x effort, then for a one-programmer shop, doing it for n platforms takes damn near nx effort. If GP poster is happy working only on Linux, and the services he provides have a wide enough market, there's probably enough room for expansion without him having to target other platforms. Now, if he were running a larger consulting firm, I'd agree with you that he's foolishly limiting himself, but it doesn't sound like that's the situation here.

Sourcefire reseller reporting.

[mpathetiq]

I am currently employed by a Sourcefire reseller and must say that I really enjoy working with the company. The philosophies of most of those employed by SF fall squarely in line with my philosophies, so that helps. They don't seem... evil. Plus - they have a cool office, that helps, right?

Re:Sourcefire reseller reporting.

[happyemoticon]

I read an article a few days ago by Ted Turner of all people. He openly deplored the oligopoly that's strangling America's business while discouraging competition and innovation.

The companies which seem to have made it big in the past year or so (like google have done so probably in large part because they didn't turn into a big wad of shellac like Yahoo - that is, because they're not evil. It's funny that the business innovation which is turning out to be strong enough to trounce the big boys even in this environment is Good. You see it in other places too, like In & Out Burger, where the workers are fast, happy, efficient, and very well compensated (general managers make like $80k+, so I'm told). Sheesh, this almost makes a man optimistic.

That said, beating Yahoo isn't as big as beating IBM. Yahoo only had a couple of years to get established, IBM's been pushing out tills since before World War II. And because I know there are trolls out there, I don't think even the USPO would let somebody patent Good.

Money in OSS?

[quamaretto]

This must be wrong. Bill Gates told me there isn't any money in open source software. The guy probably stole the money from SCO.

But seriously, there's not much meat to the article. Basically, what it says is:

• This is the guy behind Snort and Sourceforge
• He started a company and now he's making money
• His clients appreciate the open-source nature of the product
• He has to please the open source community, who in turn support help him support and improve the software
• Profit!

As if none of us would have suspected that there is money in open source software. I don't see how the article is that relevant, seeing as most of us here have heard of Red Hat.

Re:Money in OSS?

[WaterBreath]

This is the guy behind Snort and Sourceforge

He's behind Sourcefire, not Sourceforge. Though his open source software is stored in the Sourceforge repository.

Though it is probably superfluous to point it out here at /. there's a big difference. Sourcefire is a company that sells proprietary interfaces to open source security software. Sourceforge is a repository for open source software and a focal point of the open source community.

Re:Money in OSS?

[ackthpt]

Profit is in support.

Besides, open source keeps you honest. If developers see shitty coding practices it will out and/or be cleaned up, rather than swept under the rug.

Also good for software enhancement as it's more democratic this way. Pretty much anything I've ever come up with, on my time, I've released with the code. Though I doubt much of it has made it's way to sourceforge. I'd only care if someone slapped their name on it and claimed it as their's, particularly if they were selling the product commercially.

Profiting from Open Source Software 101:

Make a good idea real by coding it Release it as open source and solicit volunteer coders and code managers Contract your services for installation, training, technical and general support Profit!

Isn't that the dream?

[YetAnotherName]

Make a package that everyone loves (starting as open source), then either get bought up by some company for your copious skills at making such a well-loved package, or making a proprietary add-on ... it's something I've failed doing time and time again. I'm glad to see that it does indeed work from time to time, else we might see fewer and fewer contributions to open source than we do.

Re:"Proprietary"

[eln]

It usually means you get open source software to do all the difficult stuff, then put closed-source stuff on top of it as a sort of value add, then sell the whole package. Pretty much every small software company operates this way these days, because it's far easier than trying to implement an entirely new system by yourself. I can't help but thinking it sort of violates the spirit of the open source community, while still adhering to the letter of the law as put out by the GPL. I guess this is where ESR's "leveraging open source to make money" philosophy clashes with Stallman's "free software for everybody" philosophy.

The effects of patents

This is timely; I was just thinking about a similar thing this morning. Back in the 1980's and 90's, one could start up a software company which filled a niche, and take it to profitablility and even an IPO, without the usual VC BS. Borland comes to mind, but there are many other examples. All of this was before Software Patents really came along.

I haven't seen anyone doing this lately; at least, not outside of Open Sourced efforts. It seems like if you go the closed source, proprietary route these days, you'd better have a good deal of cash to fight the Patent Wars against the freeloading lawyers who come along. I can think of several examples. Yet no one seems to target the Open Source Companies and try to shut them down. So it seems like this is the only way the little guy can hope to win, without having to bend over for the VCs.

So, my question to the community is this: Are they any modern examples out there where an individual can successfully go it alone these days (all the way to IPO)? And if not (or if these are the exceptions), to what degree is this due to Software Patents?

My suspicion is that there aren't any, or at least many, modern examples these days of people being successful without the money to create one's own patent portfolio and defend themselves, legally. And if this is indeed the case, it's a superb example of how software patents have hurt the industry, rather than helped it.

Re:As a grate man once said...

[M1FCJ]

I don't want to fiddle with config files buried /deep/in/your/ass. /etc and ~/.etc are good enough for me, thank you.

How...

[Foktip]

How can a company that makes a front-end for Snort be worth $100 million!

Anyways, there you have it folks. Free engineering from a large community. Thats what the buisnesspeople want out of open source. And the profit comes from making the interface.

But... is it possible for Interface design profit to sustain code design in the long run? Once open source interfaces catch up, will this niche remain?

R & D vs. Maintenance and Support

[Donny+Smith]

Software industry is moving to subscription model anyway - once it completes the migration, open source and closed source will cost the same.

Some here mention RH "making money off OSS" - they are because others are debugging and developing for them (they do have their own contributors, true) but for less popular OSS apps if you have to develop and debug by yourself and you collect maintenance and support money only, how do you do research and development within the same budget? You can't innovate significantly on a shitty budget - you can only GPL-code what has been done by someone else.

Those who charge for maintenance and support alone can't by definition be much more cost-efficient from closed source competitors who do the same (perhaps the OSS guys wouldn't spend on ads and lawyers, but apart from that, I just don't see why would OSS be more cost effective - at least not to the 99% of corporate customers that aren't interested in the code itself).

And RH-like companies' ability to make money off OSS is proportional to the lock-in effect they can create with their distribution or application. If transparency and portability between different versions of Linux becomes 100%, then price becomes the only remaining differentiation which pushes the distros in deadly price competition.
Just imagine how easy it would be to ask RH for a discount if you could migrate your Oracle on RH to Oracle on Debian in an hour, or move from one OSS firewall to another by simply loading the exported settings into another tool...

No UI folks in OSS? It's a cultural thing.

[Tackhead]

> How can a company that makes a front-end for Snort be worth $100 million!
>
>Anyways, there you have it folks. Free engineering from a large community. Thats what the buisnesspeople want out of open source. And the profit comes from making the interface.

Great developers seldom make great user interface designers. The skillsets are wildly different.

Great developers solve problems and scratch itches. They're not so great on making it usable, because they don't need usability to scratch that itch.

How many times have people whined about, say, how hard it is to set up video capture on Linux, only to be shot down with an arrogant or condescending "Hey, luser, I didn't write this for you, if you don't like it, code your own!"

"Well, fine, but I can't!", screams the UI dude. Because great UI designers aren't only "not great developers", many "aren't developers at all!". Some UI folks work on a project from genesis to release without ever seeing a line of code; they just talk to humans, mock up UI designs on storyboards in Photoshop (sorry GIMP fans :), take prototypes to humans, watch the humans use the prototypes, talk to the humans some more, and then come back with long lists of changes for the developers to make.

Does that sound like "fun" for anybody here? Let's face it - UI design, prototyping, and testing is a time-consuming job, and there are very few "fun" things about it (when compared to, say, coding on a problem you think is really interesting).

Corollary 1: Due to the nature of the work, most UI designers tend to want to get paid for it.
Corollary 2: ...and therefore, spend most of their time in commercial shops, where they don't have much contact with OSS developers, even if OSS developers wanted their contributions in the first place (which, as a browse of any Linux-PVR thread will reveal, they don't :)

> But... is it possible for Interface design profit to sustain code design in the long run? Once open source interfaces catch up, will this niche remain?

Bottom line: You cannot assume that open source interfaces will ever "catch up" with their commercial equivalents, because the gap between UI designer and "open source coder" is cultural, not merely technical.

OSS is a magnet for developers. The community holds no similar attraction for UI designers.

SourceFire = okay, not great

[Morrigu]

Having done some work with SourceFire's products (I worked on a contract that accounted for a majority of their total deployed IDS boxes in existence at one point), I have mixed feelings about the company. Yeah, meeting Marty is cool, and the pink pig T-shirts are cute, and it's worth some amount of geek points to say that I've used their stuff. But the products they sell and the company itself suffer from the exact same problems that plague all other IT companies.

Even though the under-the-hood technology is k3wl and using Snort sigs is l33t, the admin and management tools are frankly not up to par compared to other offerings out there. I mean, it's not as bad as ManHunt, but it still takes waaay too many mouse clicks and unnecessary repetition by a human to get simple admin tasks done. I've seen gigs of sensor data lost to DB corruption (thankfully nothing critical) and have gone through the whole oh-crap we'll-get-that-critical-bug-fixed-next-release trip with them more than once. Support is a mixed bag, sometimes excellent, sometimes okay, sometimes really slow and annoying.

Bottom line is, companies are companies, there's nothing magical about open-source ones that make their products inherently better or more desirable for any other reason than to boost one's ego and to say that You Were There Back When. If I were recommending an IDS product line to a customer (which I probably wouldn't do anyway), I would encourage them to do some careful research before settling on SF.