The New Stack | December 7, 2015

When Open Source Is Not All That Open

shutterstock_258927476 (2)

This post is the opinion of Sinclair Schuller, the CEO and co-founder of Apprenda, a proprietary platform-as-a-service. It in no way reflects the views of The New Stack. Apprenda competes directly with several companies that support open source projects that are mentioned in this story. The data from Apprenda was double checked by Lawrence Hecht, our data research lead at The New Stack.

Back in 2001, when the U.S. Department of Justice was prosecuting Microsoft on antitrust claims, newspapers and state officials started to receive an influx of letters urging leniency. While the letters attempted to be authentic pleas from average people concerned about the government involving itself in a business matter, many turned out to be written by an umbrella organization called Americans for Technology Leadership which counted Microsoft as one of its members.

Even worse for optics, a handful of the letters appeared to be “written” by deceased people. Faced with overwhelming evidence, the Americans for Technology Leadership Executive Director admitted organizing the astroturfing campaign. Rather than a true grassroots movement inspiring people to spontaneously speak out in defense, Microsoft and its allies attempted to control public sentiment and the direction of the case through less than pure means.

Fast forward a decade to our current world of vendor-driven open source projects. While not as insidious as the Microsoft gambit, open-source projects, and foundations controlled by a single company fall into the same category of using a less than genuine “openness” to advance the goals of a single organization. They use many similar mechanisms – quietly hiring influential people, seeding blog posts in visible areas, etc.

Before reading any further, it’s extremely important to understand that I have no intention of vilifying open source. I’m a big believer in open source software when it’s delivered in an authentic way. What I do want to do, however, is to dig into the authenticity of many modern open source “projects” (read companies) as measured by contributions.

In the ideal case, open source is about collaboration, the free exchange of ideas, and accepting innovation, no matter the source. In the real world, people and companies need to make money, so these ideals become diluted. Instead of someone building and sharing an operating system as a hobby, companies figure out their core product, open source it, and use that as a foothold to gain market share, appreciative press, and, ultimately, funding. While opening the code base allows anyone to view and modify the software, how open can software be when a single organization drives the majority of the contributions?

And lest you think this is picking on competitors of Apprenda, let’s look at some other open source projects.

The table below, published by The New Stack last week, shows how several of leading open source projects that are associated with one specific company, along with a few, Linux and OpenStack, that remain largely community driven:

Project Top Contributor Secondary Contributor
Docker Docker 58% Red Hat 7%
Cloud Foundry Pivotal/VMware 77% IBM 11%
Mesos Mesosphere 49% Twitter 14%
Kubernetes Google 72% Red Hat 15%
OpenStack HPE 18% Red Hat 17%
Linux Intel 11% Red Hat 8%

In four of the projects above, a single company is leading the majority (or near-majority in Meso’s case) of development.

The other two can increasingly be seen as anomalies. Linux has less than one-third of new commits from the top two companies, according to an estimate provided by the Linux Foundation. OpenStack is another project that has a rather diverse set of contributors, but even there, the top five companies account for 56 percent of contributions.

Having a small number of major contributors may allow a project to better focus its efforts on strategically meaningful enhancements (Oracle offers no apologies in using this model for developing MySQL largely in-house). Lack of clear focus is often cited as a concern for projects with many contributors.

But a small number of major contributors also allows for those companies to drive the project to their exclusive benefit. Consider a scenario where the leading company is open core and bases its business on proprietary extensions to the open-source product. Let’s say a developer reverse engineers one of the more popular proprietary features and submits a pull request to the original product. Will the driving company potentially compromise its revenue stream by accepting the pull request? Or will it try to find a reason to reject the recommended change, even though it improves the project?

The obvious response to these concerns is to compare to proprietary software and argue that closed-source companies have the same concerns around tight control and protecting their revenue paths. From a technical perspective, this is undeniably true, but these companies are not promoting themselves as open, nor are they promising the benefits of an open ecosystem. There are no illusions of altruism, which allows all parties to better calibrate expectations around a company’s motivations.

There’s nothing inherently wrong with controlled open source, but the system should call into question the marketing message of a pure, shared kinship of innovation creating technology for the betterment of the world. Most company driven open-source projects are open for the same reason proprietary ones are closed: someone decided this was the best way to make money.