Free weekly industry insights from the world of open source, in three paragraphs or less. Most Tuesdays, always 4pm CET, by Prof. Riehle.

Join 5,062 other subscribers
  • How to make money with open source

    It’s simple. You sell a closed complement. You can’t make money with something that is free, so you can’t sustainably make money by selling open-source software. You can make money by selling something that you do not give away for free but that derives a significant part of its value from the underlying open-source software. […]

  • It is the CEO’s responsibility (and liability)

    A CEO (Geschäftsführer) is generally responsible for ensuring that the company entrusted to them is operating at the state of the art. If they are negligent of this and something goes wrong, shareholders may well be on their back, suing them for failure of due care and diligence or just generally for mismanagement. Open source […]

  • Now careful with that trademark policy

    Community open source projects that become successful are often commercially relevant. Hence, to prevent abuse, the project founder or a supporting foundation acquires a trademark to the name of the project. If you want to build a business based on the project, you’ll want to use the trademark in advertising your product, and if you […]

  • Three types of community open source

    Any project or product that uses open-source software becomes dependent on it. Introducing such a dependency should be thought through in detail, in particular if the software is to be used as a component in a commercial product. Most notably, you need to understand the intentions of the open source programmers then and how they […]

  • A new answer to open source vs. the cloud

    Some time ago, people wondered (and worried) whether the cloud will kill open source. Today we have an answer, which is: The cloud is open source, most of it anyway. So we observe a peaceful coexistence, with both community and commercial open source software working well with cloud services. However, I would like to go […]

  • Should I care about license compliance of container base images?

    I just received the following question: “We ship our software application as a container image built on a base image. Surely we don’t have to worry about open source license compliance of the base image, do we?” My answer is: “Of course you have to worry.” Let me explain this step by step. If you […]

  • Dependency graph vs. software supply chain

    The human brain is just amazing when it comes to making sense of words. Still, it helps to be precise about terms, because it reduces confusion and improves understanding. One such terminology confusion in open source is between the concepts of dependency graph and software supply chain. A dependency graph is a set of components […]

  • Commercial open source: Short-term gain, long-term liability?

    Commercial open-source software is open-source software that is being developed for commercial exploitation. Often, there is a single vendor behind the software (Elastic, Mongo, etc.) which tightly controls the intellectual property and the software’s roadmap (in contrast to community open source that typically has a wide range of stakeholders and broadly distributed copyright). Sadly, the […]

  • Google layoffs show the perils of working in an OSPO

    Companies establish open source program offices (OSPOs) to manage the company’s transition to proficiently using, contributing, and leading open source projects. Among the leaders in open source is Google, yet in its recent round of layoffs, it decimated its OSPO, including its founder and many other high caliber open source enthusiasts. While nobody knows Google’s […]

  • The three levels of source code analysis and their adversaries

    In our software composition analysis (SCA) projects, we have run into three ways of identifying open source code that has been added to a code base. We provide both code scanning and snippet matching services and partner with specialized experts on semantic analysis, if requested by a client.