News Stay informed about the latest enterprise technology news and product updates.

Vendors duke it out over open source 'forking'

To protect their interests, some vendors are making it difficult for other vendors to reuse their technology -- but they're still calling themselves open source. Experts are divided over whether this apparent diluting of open source is a problem.

A growing number of vendors are looking for ways to protect their intellectual property while still keeping their technology "open." But this effort to protect themselves is causing some confusion (and resentment) within the open source community. Experts are divided over whether this is a problem, or just a natural evolution of software development.

This exploitation of open source shouldn't surprise anyone. This week, Framingham, Mass.-based IDC projected that the market will grow from $1.8 billion in 2006 to $5.8 billion in 2011. There's a lot at stake.

Many vendors have adopted methods that inhibit other companies from "forking" their technology. In open source, forking is the act of modifying and rebranding one vendor's technology and building a new business model around it.

A notable example of forking occurred in October, when Oracle Corp. announced it would offer its own free version of Red Hat Linux and sell support on the operating system. Essentially, Oracle would compete with the open source vendor by monetizing Red Hat Inc.'s own code.

In an understandable effort to protect their businesses, many vendors have adopted methods, such as attribution licensing, to make it difficult for competitors to fork their software. Attribution licensing requires that developers who modify a particular piece of open source technology credit the vendor who created the original software. In effect, this requires that the original vendor's corporate logo and a link to its Web site appear on the user interface of the software.

"There is a contingent that says, listen, this goes too far," said Mark Driver, an analyst at Stamford, Conn.-based Gartner Inc. "It goes beyond attribution and becomes advertising. And it creates a disincentive for [other vendors] to take the code and fork it and create their own competing version. If I want to take SugarCRM or Zimbra code and create my own product and compete with them, I don't want to put their corporate logo on the screen. It's difficult to build a business model with a competitor's logo on my screen."

Driver said a vendor such as SugarCRM Inc., which requires attribution licensing, "probably violates the definition" of open source software as set by the Open Source Initiative, a nonprofit organization that acts as a standards body. That definition states that open source licenses "shall not restrict any party from selling or giving away the software…"

For the record, Cupertino, Calif.-based SugarCRM asserts that its technology is definitely open source.

"SugarCRM has always believed that Sugar Open Source is compliant with the OSD [Open Source Definition]. Specifically, Sugar Open Source includes the full source code, is modifiable, is redistributable and is patent-free," SugarCRM CEO and co-founder John Roberts said in a statement.

Driver said this attribution licensing can cause vendor lock-in by discouraging other vendors from working with the technology. Lock-in is something that most open source users assume they're immune to. Driver said open source users often assume they have a certain level of investment protection. They believe the product they invest in is supported by more than one vendor. If they are unhappy with the vendor they're working with, they can find another vendor that can support the same technology. If attribution licensing inhibits other vendors from working with a certain product, CIOs may have no one else with whom they can work.

"You may acquire an open source product from a company you're dissatisfied with, and you might find you're just as locked in as you were with Microsoft," Driver said. "It creates a lot of confusion. End-user adopters are assuming if it's called open source, they are assuming they have a set of freedoms. It may be the case in the future that they don't have those freedoms. It will be buyer beware.

"The safest route is to look for products under licenses which meet the open source definition as defined by OSI, with very strong preferences to those licenses which have been approved by OSI. If you're dealing with a vendor whose license hasn't been submitted and hasn't been approved by OSI, ask them why and then go through the fine print with them. We're not saying avoid them, but be very careful."

Raven Zachary, research director for open source at The 451 Group in New York, isn't convinced that the blurring of the definition of open source is necessarily a bad thing.

It goes beyond attribution and becomes advertising. And it creates a disincentive for [other vendors] to take the code and fork it and create their own competing version.

Mark Driver, analyst, Gartner Inc.

Zachary said that not all vendors will meet the complete definition of open source, but the strength of open source has always been the size of the community. If vendors can have some degree of involvement in open source, it only makes that community more vibrant. He said there is strength in numbers.

"I think we should be more inclusive than exclusive," Zachary said. "Vendors who are powered by open source are powered by this ecosystem. There are degrees of openness, and each vendor will clearly pursue the level that best matches their own goals and aspirations. At the end of the day, if you ask the average individual what open source means, they'll probably tell you that the source code is available to them. That's what open source means to many."

Zachary acknowledged that attribution licensing might not meet the strict definition of open source, but he said attribution isn't aimed at harming end users or traditional members of the open source community.

"Why are vendors putting attribution clauses in place? They're concerned about protecting IP [intellectual property] against forking," Zachary said. "Attribution, I believe, is about defending one's IP from abuse from another commercial entity. Their concern is not that an academic or nonprofit organization is going to take that code and rebrand it as their own."

Zachary said attribution licenses are not a "pain point" for end users. He said the real pain point is not having a diverse selection of open source projects that provide alternatives to existing proprietary technology. He said the key to having sufficient alternatives is a large, inclusive community that includes vendors that don't meet the strict open source definitions.

Driver said open source is about more than access to source code. He said the real value of open source is the right to modify and redistribute the technology. This encourages a community where innovation goes "well beyond what any single company could do."

Let us know what you think about the story; email

Dig Deeper on Enterprise business applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.