Everybody uses open source software (OSS) today. Millions of people contribute to the code itself. Indeed, a substantial percentage of the users and creators of OSS today are young enough to have never known a world that didn't rely on OSS. In other words, it's very easy to take this remarkable product of open collaboration for granted.

Everybody uses open source software (OSS) today. Millions of people contribute to the code itself. Indeed, a substantial percentage of the users and creators of OSS today are young enough to have never known a world that didn’t rely on OSS. In other words, it’s very easy to take this remarkable product of open collaboration for granted.

But that would be a mistake, especially given how unlikely it was that such a unique phenomenon could ever have taken hold. If you’ve never had reason to wonder how all this came about, this three part series is for you. In it, I’ll review how remote developers began to collaborate to create OSS, how the legal tools to make its distribution possible evolved, and how the world came to embrace it.

*  *  *

In the early days of information technology (IT), computers were delivered with operating systems and basic application software already installed, without additional cost, and in editable (source code) form. But as software emerged as a stand-alone product, the independent software vendors (ISVs) that were launched to take advantage of this commercial opportunity no longer delivered source code, in order to prevent competitors from gaining access to their trade secrets. The practice also had the (intended) result that computer users became dependent on their ISVs for support and upgrades.

Due to the increasingly substantial investments computer users made in application software, they also became “locked in” to their hardware, because of the high cost of abandoning, or reconfiguring, their existing application software to run on the proprietary operating system of a new vendor. In response, a movement in support of distributing human-readable source code as well as the legal right to modify, share and distribute that code, together with the usual, machine-readable object code, emerged in the mid-1980s. The early proponents of such “free software” regarded the right to share source code as an essential freedom and created licenses – notably, the GNU General Public Licenses – that required vendors to give back their own innovations to the project community. Those who espoused this view are usually referred to as being part of the “free software movement.” A later faction focused only on the practical advantages of freely sharable code, which they called “open source software” (OSS), leading to adherents of that group becoming known as the “open source movement.”^[i]

Concurrently, the Internet enabled a highly distributed model of software development to become possible, based upon voluntary code contributions and globally collaborative efforts. The combined force of these developments resulted in the rapid proliferation of millions of both free software and OSS development projects that have created many “best of breed” operating system and application software products. Today, virtually all proprietary software includes open source software, and an increasingly large percentage of crucial software platforms and programs are entirely open source.

While terms like “free software” and “open source software” may sound innocuous, when properly understood they imply elements of political philosophy, revolutionary zeal, technical development methodologies, traditional as well as radical legal theories, and cold, hard business pragmatism. Needless to say, such a rich stew of attributes is likely to present something of a challenge to anyone interested in gaining a quick understanding of exactly what this phenomenon is all about.

The reasons for investing the time to gain a better understanding of free and open source software (FOSS) are several. From a socio-political point of view, the FOSS movement is part of a broader, socio-political initiative, energized in part by the ability of the Internet to enable the sharing of information and the active collaboration of people on a global basis. In the case of the free software movement, that movement questions the utility and fairness of many traditional copyright and patent-based legal restrictions, and seeks to liberate software for the benefit of all.^[ii] Unlike proponents of OSS, who primarily wish to permit open source software to be freely available without traditional proprietary constraints, free software advocates support a set of ethical rules intended not only to foster free access, but also to inspire — and in some cases require — those that benefit from such access to contribute their own modifications and additions back to the community of developers as well.

From an economic point of view, the OSS development model has reordered the business realities of software development in multiple ways.  For a software vendor or user, the per-business costs of development of a given piece of software can be radically reduced by participating in a development project in which many others contribute their efforts as well.  For an end user, access to the source code of an OSS product grants independence from a proprietary vendor, since the end user can adapt the code, or put development work out for competitive bidding. For commercial intermediaries, efforts can be directed towards developing value added services on top of core code that is available for free and maintained by a community of developers. For policy makers, OSS offers opportunities to level the playing field for domestic vendors while lowering costs of procuring public IT systems. From a marketplace perspective, the OSS model presents a disruptive force that offers opportunities for both existing as well as new businesses to attack the dominance of entrenched market participants whose advantages rest on proprietary development and sales models.

Today, FOSS has become so pervasive that effective IT procurement and management requires a working knowledge of what FOSS is all about. Active participants in the development and use of FOSS products additionally need to know how FOSS can be expected to evolve in the future, and how the legalities of FOSS apply to anyone that participates in the development of FOSS, uses a FOSS product, or embeds a FOSS code in their own products for resale.

In this article, I will provide an overview of the history of FOSS and its champions, the major philosophical differences that differentiate free software from other open source software, the multiple licenses under which FOSS is made available, and the principal non-profit institutions that support and promote FOSS. I will conclude with a brief bibliography of primary FOSS sources for those that wish to learn more than this necessarily superficial review can hope to provide regarding such a rich and complex topic.

OSS: The Basics

What exactly does someone mean when they speak of free or open source software?

What it is (and what it isn’t): The answer is not only “it depends,” but that it depends a lot more than one might think. Depending on the context, it may imply a broad spectrum of information, covering topics as varied as legal rights and obligations, affiliation with social movements, and mode of development. In other words, the words “open source”, and in particular, “free software”, may mean many things at once.

At the most basic level, the term OSS is sometimes used to refer, albeit incorrectly, to a piece of software for which both machine readable (object) and human readable (source) code is supplied to the user.^[iii] And sometimes, this is all the person using the term intends, as when a single developer creates a piece of code and then posts it to the Internet at a public site with few, or no, restrictions on its reuse.

A popularly used OSS program, however, is likely to have additional attributes that differentiate it from proprietary software. Most likely, it will have been developed and be maintained at a public web site that allows any interested programmer to sign up and offer to help, whether by pointing out bugs and suggesting ways to fix them, by actively participating in development of additional code, or by helping document or promote the ongoing work of others as it happens.

The project in question may have been started by a single individual, or by a group of individuals, or it might have been launched when a proprietary vendor released the object and source code to a product that it had developed, concluding that it would gain greater benefit as a result of doing so (e.g., by having continuing access to the same code at a lower cost, due to the labor contributed by non-employees, or by selling support services to the users that download the program for free).

Frequently, multiple projects will collaborate to create software “stacks” that together provide an essential service. When they do, each project creates a single layer while coordinating in real time to ensure that each layer is technically interoperable and tightly integrated with the others.^[iv]

Until FOSS became ubiquitous, most computer users spent their entire lives in the locked-in “Win-Tel” platform world that sprang from the marriage of Microsoft operating systems with Intel processors. In the realm of application software, most of the same users still live (when it comes to office productivity tools) in the same convenient, but constrained world of Microsoft Office.^[v] Convenient, because almost everyone else continues to use Office, and text documents and spreadsheets can therefore be easily exchanged among other Office users. But constrained, because once a user enters the world of Office, it is difficult to leave.

Legally, the term OSS at minimum implies that anyone can download the code with the freedom to do whatever they want with it, so long as they do not try to sue the developer for any flaw in the code or infringement of the rights of any third party and acknowledge the copyright of the original code author in her code. The “copyleft” software licenses (described in greater detail below) generally associated with the free software movement have additional, more restrictive terms. Anyone that changes copyleft-licensed code and sells the modified version must make their modifications available to all under the same copyleft license terms as a matter of ethics and morality, as well as in response to a legal obligation.

What OSS is not is an infringement on any developer’s rights, a second best alternative to proprietary code, or a security risk to the enterprise.

And it certainly isn’t a passing fad. OSS is here to stay.

The value proposition: While the value of free software for the customer sounds obvious, there are benefits beyond the lack of a license fee. Briefly stated, they are as follows:

For the customer: Under the traditional consumer software licensing model, individuals typically incurs a one-time cost to acquire proprietary software and are then on their own, whereas commercial customers are likely to make a more substantial investment in additional services, such as purchasing training for their employees to learn how to use the new software, and also ongoing “support” services (i.e., ensuring that there is someone at the end of the phone if problems are encountered installing, integrating, or operating the software on complex enterprise systems), as well as “maintenance” rights to ensure that they will get updates (e.g., bug fixes and improvements) after the software has been installed. They may also need to pay for hardware upgrades in order to be able to run new software, and pay consultants and other service providers to plan and complete the upgrade.

The aggregate of all of these fees is the “total cost of ownership” of a given software package, and the sum of these additional costs can be substantial. Similarly, while some FOSS may be free (e.g., the OpenOffice and LibreOffice productivity suites), a customer may decide to buy a proprietary product instead.

While the total cost of ownership of a FOSS product will generally be cheaper, there are other advantages to using FOSS instead of proprietary products. They include:

• Access to code: When a customer installs proprietary software, it becomes entirely dependent on the vendor for the code’s improvement and performance, because the customer has neither the technical means (access to source code) nor the right (legal permission) to alter the code. If the customer needs new or different features, or needs an update to maintain compatibility when switching or upgrading other systems, the vendor may or may not be willing to customize the program (either at all or at a price the customer is willing to pay). If the vendor discontinues support for the product, or goes out of business, the customer is stranded. In contrast, a customer with a FOSS alternative has the ability as well as the legal right to change the code any time it wants to. It can also hire anyone it wishes to help it change or maintain the program. If the project that created the code goes dormant, a customer may be disappointed, but it won’t be stranded.
• Freedom from lock in: While open standards increasingly give customers protection from “lock in” (i.e., dependency on a single vendor, and the certainty of significant switching costs if they wish to change vendors), changing from one product to another can still be difficult and expensive. In the case of systems based on Linux, the OSS operating system that has become predominant in use cases as diverse as telecommunications, automobiles and nuclear power plants, there are multiple independent “distributions,” all based on the same core software (the Linux kernel).
• Release cycles and bug fixes: Well-run OSS projects are in constant motion, upgrading and fixing bugs in real time. Customers can access this work on a far more frequent basis than users of proprietary products, who must wait until the vendor decides to incur the costs of making a minor or major release. Because the source code to OSS is available to the customer, popular OSS software also generates a flood of bug reports and suggested fixes, which are evaluated on a constant basis and implemented as appropriate.Or, as stated in what is often referred to as “Linus’s Law” (as in Linus Torvalds, the originator and ongoing leader of Linux kernel development): “Given enough eyeballs, all bugs are shallow.” In contrast, proprietary vendors who receive complaints from customers must seek to replicate and diagnose the problem before they can fix it.^[vi]
• Security: While it may seem counterintuitive that code visible to anyone anywhere would be safer to use, popular OSS programs are in general acknowledged to be more secure, largely for the same reasons just stated: because anyone can see the code, anyone can track down the source of a vulnerability, let project managers know of the cause of concern, and/or propose a fix herself. As a result, security issues can typically be identified, fixed, and propagated to all users faster than flaws in proprietary code. As a result, OSS is increasingly being used by defense, financial and other users who place the highest priority on security.  That said, where the numbers of eyes are small, open source can be as vulnerable as proprietary code.^[vii] The Linux Foundation (LF) is currently working to identify similar situations and provide funding to correct them.

For the developer: It is important to note that much of the code contained in many FOSS products is created by individuals participating on a volunteer basis rather than at the instruction of their employers. Such individuals participate without compensation for many reasons, including enjoyment, challenge, gaining status within the project community, and gaining valuable job skills that enhance marketability and compensation potential. Individuals that rise through the ranks of prominent FOSS projects can dramatically enhance their professional credentials, as corporations are also major contributors to FOSS projects and skilled FOSS developers are in high demand.

Points of origin: Those learning about FOSS for the first time are often puzzled that there is usually no physical “there” there, in the sense of a central development facility. This is hardly surprising, because in most cases there is no person or legal entity that owns more than a small percentage of the code in an OSS product, or that is responsible for creating or maintaining the code (the Linux kernel, which is created by a global network of thousands of individual developers, is a prime example). Instead, the code may simply be hosted in the cloud, usually for free, by an organization formed for that purpose, which also provides a variety of supporting tools and services.

Other projects are supported by non-profit foundations formed to support them (e.g., the Mozilla Foundation, which supports the Firefox web browser), or by so-called “umbrella organizations,” such as the Apache, Eclipse, and Linux Foundations, which host from scores to hundreds of FOSS projects. A small number of FOSS projects is supported by for-profit corporations, such as Red Hat and Micro Focus International, which host the Fedora and SUSE Linux distributions, respectively. They profit by offering paid support services along with these unique Linux-kernel based distributions.

While selling services on top of FOSS (or increasing profits as a result of using FOSS) are popular ways to benefit from FOSS economically, they are not the only ones. Simply sharing the development costs of software with other companies needing the same software tools and platforms lowers the overhead per vendor. And, just as collaboratively developed open standards permit competitors to vie with each other in other ways (e.g., by developing and selling proprietary features and services offered above the level of standardization), FOSS can enable entirely new and competitive business opportunities. A current example can be found in the mobile device marketplace, where the majority of mobile phones today run on variations of the Google-developed Android operating system, which is itself based on the Linux kernel. Google profits from its ability to ensure that mobile platforms can attractively display Google ads and support other Google software and services; mobile device manufacturers can sell more phones at lower prices due to greatly reduced software development costs; and silicon vendors can sell far more chips due to the rapidly expanding number of people who own mobile devices.

---

[i] In this article, I use the word FOSS to mean (a) software delivered in both machine-readable object code and human-readable source code, together with (b) the rights to modify, copy and distribute that under any license that complies with the “free software” OR the “open source” definitions that are discussed further below. When necessary, I use “free software” to refer to software that complies with the free software definition created by Richard Stallman and “OSS” to refer to any other software made available under a license approved by the Open Source Initiative as an “open source license.”

[ii] Richard Stallman laid out the foundation for the concept of free software in 1981 in the GNU Manifesto, Stallman codified the definition of free software in 1986 in what he refers to as “the four essential freedoms.” They are:

A program is free software if the program’s users have the four essential freedoms: [1]

• The freedom to run the program as you wish, for any purpose (freedom 0).
• The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help others (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Importantly, Stallman’s use of the word “free” in the definition is not meant to have economic significance, although free software is usually available without cost. Rather, “free,” as Stallman explains, is meant to be “free as in speech, not as in beer.”

[iii] While the term open source software is sometimes used in connection with code that is licensed under terms that don’t meet the Open Source Initiative FOSS definition, this usage is incorrect. The correct way to refer to such code is “source available” rather than “open source.”

[iv] The prototypical example is the “LAMP” server stack, comprising Linux kernel, Apache HTTP server, MySQL relational database management system, and the PHP programming language.

[v] Today, most still do, notwithstanding the availability of free tools like Google Docs and the LibreOffice suite.

[vi] While the output of the global team of developers led by Linus Torvalds is often referred to simply as “Linux,” this is misleading. What they produce is correctly referred to as the Linux kernel. While a kernel program forms the core of a computer operating system – and in the case of the Linux kernel comprises many millions of lines of code – the operating system upon which a computer relies includes additional important code as well.

[vii] As was famously proven in the case of the massively consequential “Heartbleed” attacks that exploited a security flaw in the OpenSSL code incorporated in products everywhere. That code was famously maintained by two woefully overworked and underpaid programmers. See, The Internet Is Being Protected By Two Guys Named Steve, https://www.buzzfeed.com/chrisstokelwalker/the-internet-is-being-protected-by-two-guys-named-st. All footnote links in this article were last accessed on June 24, 2019.

Next time: Licenses and Licensing

Disclosure: The author and his law firm have acted as legal counsel to a number of entities mentioned in this article, including the Free Standards Group, The Linux Foundation and many projects hosted by The Linux Foundation.

The author would like to thank his partner, Joanna Lee, for her many helpful comments and suggestions during the preparation of this article.