Product packaging ethics
Deciding what goes into your free open source version and what is only in the paid, commercial version is, on the surface, a straight business decision around packaging. Of course, there are some serious positioning implications, not least of which is understanding in detail who the ideal user is for the open source version and who the ideal customer is for the commercial product.
But there are also some serious ethical questions, too, particularly when we talk about security or privacy. Relatedly, you have to consider how your packaging decisions either reinforce or dilute your point of view and your mission.
I’ve been thinking about this issue both after last week’s podcast episode with Cillian Kieran of Ethyca, but it also came up in conversations recently with clients and potential clients, particularly those in the security space. If you are fundamentally a security company and your core belief is that software needs to be more secure, than making your open source project any less secure than your commercial product is unethical — and risks making you and your company look like a bunch of hypocrytes.
Think outside the standard packaging options
This matters, because the ‘standard’ open source versus commercial offering is for the open source option to be less secure than the commercial offering. Quite frankly, as an industry I think it’s worth asking whether or not that is an ethical approach. For individual companies, though, the stakes are high and they are personal. If part of your pitch is that you are a security-focused, ethical company, then you shouldn’t follow this standard approach. Your open source project and commercial product should be equally secure. Sandeep Lahane from Deepfence shared some ways to approach open source packaging on The Business of Open Source, and I like his approach.
Your project has to reinforce your positioning and your opinions
Open source startups have a challenge, from the get-go, that they are developing what amounts to a suite of products while their closed-source counterparts focus on just one product. Open source startups have to ensure that both their project and their product(s) reinforce their positioning and the worldview that they are trying to advance and be known for. This requires a delicate balance about what to include in the open source project. Holding back too much can make you seem like a fraud, while holding back too little could make it feel like the commercial product is so similar to the open source version that it’s not worth it. But when it comes to fulling your core mission and expressing your core point of view, you need to make sure your open source project is just as much in line with your company’s ethics and opinions as your commercial product is.
Examples
If your core mission is to make software more secure, your open source project should have security features that are just as robust as your commercial product.
If your core mission is to make software scaleable, your open source project should be able to handle just as much scale as your commercial product.
If your core mission is to make Kubernetes easier to use, your open source project should be just as easy to use as your commercial product.
The bottom line? Your open source project has to be good enough to represent you well, and that means your values as a company should be apparent to the users. It’s better to give away a little too much than to look like an unethical fraud to the open source community.