So How Open is your Open Source Company Anyway?

February 28, 2009 By Jason van Zyl

4 minute read time

Luke Kanies, the creator of Puppet, commented in his last entry about Open Source business models, specifically the idea of an Open Core and what that means. As an Open Source company do you have an open version of your product that's crippled? Or do you an open version of your product that is truly useful? This was the crux of the questions I asked all the Sonatype CEO candidates, and this turned out to be the reason it took me almost 8 months interviewing 17 candidates to ferret out the right person. It was a grueling process finding Mark de Visser but I was adamant and our VCs, Hummer Winblad & Morgenthaler, were very patient and let me take my time to find the exact right match. I got pretty ornery at one point &emdash; I thought I would never find the right person in Silly Valley.

  • The Open Source product you provide to users must be great: the Open Core should stand on its own as something truly useful without any additional commercial add-ons. The software must perform well in a production environment.
  • The Open Source product you provide should go through an ungodly amount of testing and QA. Testing and QA on the Open Core are the cornerstone of quality and should not be reserved for commercial versions of your product.
  • The Open Source product you provide should be architected such that all commercial features are plug-ins to the Open Core.
  • The Open Source product you sell should have completely open pricing. If someone cannot clearly see what your pricing is and what the difference is between your open and commercial versions, you likely have a predatory and opportunistic pricing model.

At Sonatype with our first product, Nexus, I can say that I feel internally consistent about our process and our products. I'm satisfied that we have achieved the right balance between our Open Core and the commercial plugins. I feel internally consistent about the way we have participated as individuals in the community. While I've spent a decade contributing to open source software, I'm also aware that I occasionally need to eat.

Nexus' Open Core

The Open Source version of Nexus is good and stands on its own. People can use it in production environments. We have an enormous amount of integration tests with coverage reporting. We have dedicated QA staff, and we'll be taking the next step with help from Patrick Lightbody to setup completely automated, x-browser, Selenium testing in mid-March. We have a book on Nexus that is free. Being open and not hiding the online documentation behind registration has been a good thing for the community

We have a modular platform where the commercial features are a clear superset of the Nexus core. We have no special branches for the Nexus core for the commercial version. All of our QA and testing for the core happen in the open. Our commercial SCM contains nothing but plug-ins and our build simply drops those plug-ins into the core structure where they detected on startup and activated.

In a Nexus plugin core functionality can be added, UI features, REST services, and security capabilities. When a plugin is detected all of these capabilities contribute to well defined extension points in the Nexus core and are automatically wired in. We have no additional code for the core in the commercial version of Nexus. We don't need to. We are still working through our APIs but users in the community have already contributed plug-ins (the first was a plugin to integrate Nexus with Atlassian's Crowd product) and everyone will be able to extend Nexus in the same way Sonatype does. That does mean we have to make sure that we provide a lot of value in the commercial version and that's fine with us.

Open Pricing Model

Our pricing model is also completely open. I think without question that Atlassian has this right. Atlassian is more like an Open Source company then most Open Source companies. If you show everyone the same thing you don't have to remember the variations that are just going to get you in trouble. If you don't have a clear pricing model driven by channels and inside sales you're just dead as a company. The days of enterprise elephant hunting is over. Potential customers who start out as your Open Core users need to see exactly what they get and how much it costs. If they can make all the decisions by easily trying your commercial product and comparing features then you have a viable company. It's all predicated on being truly open.

Tags: nexus pro, Nexus Repo Reel, atlassian, crowd, Open Source, puppet, business, open source business, AppSec Spotlight, ceo

Written by Jason van Zyl

Jason is a co-founder and the former CTO of Sonatype.