I wrote a piece last week where I tried to wrap my head around different strategies for commercialising an open source code base. It led to a conversation with one of the smartest software engineers I know, and to some further thoughts on the topic.

This friend of mine said he’d considered dual licensing for his latest project—a tool suite that already before it’s properly released has thousands of daily users—but ultimately decided against it. I found he had some solid reasons, but before diving into them, let’s recap what dual licensing means.

It’s basically when you release the same product under either an open source or a proprietary license. The free part is meant to build traction and community support, while revenue is expected from paying customers. For the model to work, the free option needs to be some flavour of copyleft, or corporate users wouldn’t be incentivised to opt for the paid version.

Swedish founded MySQL (that’s the M in the LAMP-stack) is one example of what’s sometimes referred to as a second generation open source company, defined as such for basing its business model on dual licensing. Norwegian Qt is another example. Both did rather well. The market cap for Qt, after going through two IPO’s with un-listing and a number of consecutive acquisitions inbetween, is just north of 2 Billion dollars, and MySQL was acquired by Sun Microsystems for 1 Billion back in 2010.

So why does dual licensing seem to be falling out of fashion?

One reason would be cost of policing. Open source code now forms the backbone of the global software industry, and most analysts agree that breach of licensing terms are rampant.

Every once in a while we see companies getting to pay for that. A high profile example was when American company Artifex successfully sued South Korean Hancom, for wrapping the popular PDF-library Ghostscript into its closed source software while failing to pay for the license that would have allowed them to do so. (Ghostscript is released under Affero GPL, which is one of the most non-permissive members of the family of copyleft licenses).

A case like that might boost morale in the open source community, but probably does little to convince new entrants that dual license makes sense as a viable business model. Just imagine the challenges in even knowing who’s including your code in their closed source software, let alone the cost of going after them and the high risk of losing the fight.

So what’s beyond the dual licensing model? According to Heather Meeker, author of the excellent (if a bit dense) book Open Source for Business, a number of successful IPO’s turned 2018 into the watershed year for a model she refers to as “open core”.

What that means is you build your value proposition around a code base that is guaranteed to remain open, typically with a permissive license like BSD or MIT, and create revenue streams around consulting, hosted services and closed source add-ons.

Poster children of this wave of companies include MongoDB, which IPO’d at an evaluation of 1,2 billion dollars in 2017, and Elastic which followed suit the year after at more than twice that evaluation.

But back to that friend of mine. The reason he’s leaning towards an open core model as opposed to dual licensing, boils down to a gut based sentiment analysis of the developer community.

Contrary to what *I* used to believe, my friend thinks GPL-based projects are less and less popular amongst those contributing to open source projects. So much so in fact that it’s starting to look like self-sabotage to go with anything less permissive than MIT, BSD or Apache 2.0 licenses; all of which basically means that anyone can do anything they like with your code.

Of course this does make sense in light of the trend towards open core, where permissive licensing is an essential part of the model. (According to some estimates, the last decade has seen permissive licenses go from about 25 to 75 percent of all open source projects)

But is the rising popularity of permissive licenses driven by developers or users? I think that’s an interesting question, and not necessarily one that’s easy to answer.

On the one hand my friend might be right (he usually is) in that developers—perhaps especially in the academic realm—avoid copyleft because it severely limits their strategic IP options. (For one thing, it’s perfectly viable to patent a software module built on top of an MIT-based stack.)

On the other hand there’s probably also a strong driver on the demand side. Many are the SaaS companies that have created fortunes while keeping RnD costs to a minimum, by building their services on open source infrastructure.

But a realisation is also spreading in the industry that this is a double edged sword. The original copyleft licenses where only triggered in the case of binary distributions, which means a SaaS-based delivery model is safe. But while it’s true that GPL has a “SaaS loophole”, that is also precisely what caused many open source projects to adopt Affero GPL, which is tailored to counter the SaaS loophole (and ended up costing aforementioned Hancom an undisclosed but likely sizeable amount of money). So while there was once at least in theory a chance to build commercial SaaS solutions on a GPL stack and remain compliant, those days are long gone.

And that’s not even the end of it. Let’s say you manage to steer clear of AGPL-like licenses. You’d think you’d be fine then, but most successful SaaS companies will eventually get to the luxury problem of customers wanting to buy on-premise installations of their systems, which does trigger GPL… (in fact, on-premise private cloud installations, sometimes referred to as private SaaS is no longer an edge case at all, but is rather turning into the default mode in much of B2B)

If you’re building compliancy conflicts into the very core of your product, one would at least hope that you’re aware of the risks involved. In reality however, the wakeup call is often received late in the game, since it generally only surface during due diligence processes in connection to acquisitions.

So yes, the open core model does seem to be solving many of the problems caused by the traditional SaaS distribution model, and it clearly has advantages over dual licensing. Even if it does turn out to be “third generation” however, whatever model that eventually will replace it is probably already in the making. I wonder what that might turn out to be!