Metasploit As Case Study In Selling a FOSS Project

coondoggie sends in a Network World interview with HD Moore on the occasion of the commercial release of Metasploit by Rapid7, the company that bought it half a year ago. The pseudonomous author uses the occasion to explore the question of what happens to a vital open source project once it is sold commercially. "Metasploit might become one of the first examples of how a completely FOSS project grows up to be successful. It is the venture capital model without the startup money (though VCs are funding plenty of OS startups these days, too). Build it. They will come. Someone will buy it. And if you want them to stay, the FOSS project better remain as well supported as the eventual commercial version. This isn't the first open source project to have been bought by a big guy. And the jury is still out on on most of them. I could argue that Metasploit is a bit unique in that it didn't have a commercial arm when Rapid7 acquired it. That could not be said about SUSE or MySQL or even Gluecode (bought by IBM), etc."

Sustainable open source?

[alain94040]

The challenge for open source is that, while it's a fun hobby, how can we make it sustainable?"

sustainable is the key word for me here. If selling to a private corporation is the only sustainable way, that's too bad. That's why I like hybrid software licenses that combine open collaboration with some guarantee of revenue-sharing. Can we find a way to work together on a piece of code but still sell it for a reasonable price to end-users and sustain the developers? I sure hope so.

Because in the case of Metasploit, what do you think happens when all the developers now have a paying job? Even though the code is open, if it doesn't get maintained, it will die. So in practice, the project is basically at the mercy of the acquirer.

sounds like a decades-out-of-date argument

[Trepidity]

The challenge for open source is that, while it's a fun hobby, how can we make it sustainable?

That's pretty much what people said in the 80s, arguing that the GNU project maybe could build a text editor as hobbyists, but certainly couldn't build something like, say, a compiler. Then Linux was just a hobby project, fun, but surely nobody could use it for real work. Debian, a whole OS without any paid devs? Ridiculous! And yet despite being supposedly unsustainable, the flood of open source software doesn't seem to be showing any signs of stopping? Next you're going to tell me these hippie kids will write a free encyclopedia, too.

Sure, exploring ways of tying together funding and development is always interesting, but I don't think it's because of any crisis of sustainability...

Re:sounds like a decades-out-of-date argument

[micheas]

... And I disagree about a crisis of sustainability. FOSS has not been wildly profitable as a whole. It has not inspired a huge numbers of vibrant projects. For every FireFox there are tens of thousands of projects that never get past a page on source forge.
Even some really good FOSS software just sort of lingers on the fringe. One great project IMHO is DeVeDe which is a super simple and easy to use DVD creation tool.
"I am not the dev but I use it"
Without a clear source of revenue projects will fade.
BTW the problem is getting worse for closed source software. ...

But, neither has closed source software been wildly profitable, as a whole.

over 90% of the wysiwig web page creator tools in the '90s didn't survive until 2000, and most of them never turned a profit, despite VC funding (or maybe because of VC funding), Dreamweaver, and Frontpage are the exceptions, and Frontpage was profitable because it was bought by microsoft.