open source’s $59b opportunity october, 2013...• tracking 1m oss projects in the black duck...

© Black Duck 2013

Open Source’s $59B OpportunityOctober, 2013

Phil OdenceVP, Corporate & Business Development

2 © Black Duck 2013

$59B

Enterprise perspective Developer perspective


Agenda

• The Math (some fuzzy, mostly sound)• What’s Going On from the Developer Perspective• The Problem• GitHub Does the Right Thing• Conclusions


The Math


Sources

• Gartner – Software Market

• IDC – Open Source Usage

• Tracking 1m OSS projects in the Black Duck KnowledgeBase• Focus is on license, version and security

• Analyzing 650k+ projects on Ohloh.net• Focus is on commit analytics, activity levels

• 1000+ OSS audits – companies of all sizes


Assessing the Potential Business Opportunity

• 2012 IT Spending on software was $342B (£219B,€259B)

• Applications, infrastructure, vertical software

• Companies saved 30% on SW spend using OSS• Spending on SW was reduced by $146B• 342+146=488

• With 40% of OSS with no declared license, $59B (£36B, €43B) is at risk

• $59B = 40% of the $146B• 40% of OSS has unclear licensing


1 Million Projects Analyzed

60%

40% DeclaredNo-declared

No-Declared vs. Declared40% of industry-wide projects have no declared license

Enterprises are questioning whether they can use these projects


1 Million Projects Analyzed

60%

40% DeclaredNo-declared

No-Declared vs. Declared40% of industry-wide projects have no declared license

Enterprises are questioning whether they should use these projects0%

10%20%30%40%50%60%70%80%90%

100%

Non GitHub GitHub

No DeclaredDeclared

93%

7%

77%

23%

The Git Hub Factor


Embedded Licenses in Projects with No-declared License

40% of industry-wide projects have no declared license

42% of projects with no declared license include embedded licenses

Many projects without a declared license include embedded licenses

These embedded licenses contain specific obligations that govern the use of the overall project…how careful have developers been?


Licensing: An example project

Apache License Version 2.0Apple DisclaimerBSD 2.0Creative Commons Attribution 2.5Creative Commons Attribution Share-Alike 3.0 LicenseGPL 3.0Indiana University Extreme! Lab Software LicenseJSon LicenseLGPL 2.1MIT License V2Mozilla Public License 1.1


What’s Going On


Post Open Source Software

James Governor, Redmonk Analyst

f#$@


“POSS” might be more than just bad hygiene

Luis VillaDeputy General Counsel Wikimedia FoundationJan. 2013

Pushing back against licensing and the permission culture

“I reject the permission culture”

“…where the permission culture means that you must always ask permission before doing anything with anyone’s work, because nothing is ever simply shared or legally usable.”

http://tieguy.org/blog/2013/01/27/taking-post-open-source-seriously-as-a-statement-about-copyright-law/


Simon Phipps – chides GitHub


Steve Walli gets analagous

Github without licenses is like free sex without condoms.


Five Star Summary from Richard Fontana


Hypothesis

What if the POSS generation is NOT a generation of NOT CARING?

But instead a SOCIAL, SHARE-EARLY generation.

Dave Gruber,Black Duck


The Global State of Open Source

“Software is Eating the World”Marc Andreessen

“And Open Source is Driving the Software World”

• 1M Projects

• 100B LoC

• 10M person-years


Analysis of GitHub

0

2000

4000

6000

8000

10000

12000

14000

100

300

500

700

900

1100

1300

1500

1700

1900

2100

2300

2500

2700

2900

3100

3300

projects

Analysis as of April 2013

3+“Stars” = 10% (~320k Projects)3+“Forks” = 4% (~122k Projects)2+ “Stars” = 16% (~530k Projects)

1 Star only = 84%

# of projects with xx Stars

# of projects with xx Forks

Analysis as of September 2013

1M Users: late 20113M Users: Jan. 20134M Users: Sep. 20135M Users: mid-2014


The OSS Project Funnel Circa 2008

Assign a License

Ideate Iterate Organize

Licensed

BroadUse

OSS


Today: Share Early, Collaborate, Assign License when Mature

2013New ParticipantsNew IdeasNew Knowledge

LicensedLicensed

MORE Licensed

Ideate Iterate Organize

Social Sharing & Early Collaboration

BroadUse

MO

RE

MO

RE

Open Source


License “Marketshare”

97%


So What’s Going On?

• Lots more freely available software…for sure• Some developers flouting copyright law and

permission-based society…probably• GitHub has contributed…certainly, but in mostly in a

good way

• Bottom line: Lots of freely available software with no license…So?


The Real Problem


Why Developers Making Code Available

• You want your code to be widely used (and to show your stuff)

• You want to demonstrate your abilities (gain cred) but perhaps not to permit copying

• You want others to contribute• You want to promote open source and software

freedom

You must provide a license to achieve any of the above goals


What is a License?

• Permission by the owner of property to take some act that the owner has the ability to control due to their ownership of intellectual property rights

• What intellectual property rights do you license for software:

• Copyright• Patent• Trademarks

• not licensed in OSS licenses

• Trade secret• not relevant to OSS licenses


Lack of a license may give more or less permission

• Implied License• Not public domain

• Copyright arises automatically• Unclear legal process to effectively renounce

• Possible Scope of an implied license• Use internally• Reproduce and distribute (make, use & sell)• Modify• All of the above • None of the above


People/companies may not use or contribute to your code

• Reluctance of licensees to adopt software when their rights are uncertain

•Problem for operations of licensee (what can I do?)•Problem for licensee financing (investors don’t like uncertainty of no license)

•Problem for licensee merger/sale of assets (acquiring companies don’t like uncertainty of no license)


Your software isn’t “open source”

• A license is what distinguishes open source for any other software

• No license does not comply with the open source definition and the software is not “open source”

• Isn’t public domain• Nor does it preserve freedom


Oh, and, you could be exposed

• Article II of the Uniform Commercial Code applies to all software licenses

•Article II terms apply unless modified or disclaimed in an agreement (“gap fillers”)

•Default liability• Consequential damages: Lost profits• No cap on damages• Damages for warranty breach

•Default warranty• Merchantability: “average quality” in the trade for

merchants• Fitness for a particular purpose: software meets

particular needs of licensee • Non infringement


In Sum, No License

• Leaves software in an unknown state• Limits use and visibility• Doesn’t promote open source or freedom• May expose the copyright holder

• Doesn’t really serve anyone well


GitHub Does the Right Thing


GitHub Takes Action

“Not having a license is not a feature, it’s a bug.”Matthew McCullough, GitHub

OSCON Day 1 Keynote, July 2013


GitHub Responds

July 15, 2013ChooseALicense.com


Featured Licenses on choosalicense

GitHub creates choosealicense.com to helps developers make license decisions.


The “No License” Option


And for the POSSers


So how is it working?

The “No Declared License” trend was fueled by GitHub’s lack of capturing a license.

With GitHub now publically supporting licensing, how is behavior changing?


At least a blip of improvement, but…

0

2000

4000

6000

8000

10000

12000

14000

Added License


Summary and Conclusions


Summary

• Lots of freely available code without a license• Many reasons; mostly more and earlier sharing• Lack of license leads to uncertainty

• Not good for adopters• Not good for developers

• GitHub has made it easy• But the community needs to follow through


When is the right time to declare?

Idea Some Code Getting Organized

First Use First Fork When Requested

“…as projects grow, they tend to sort out any licensing issues, likely because they get corporate users, professional developers, etc.”

Donnie Berkholz, Redmonk

http://redmonk.com/dberkholz/2013/04/22/the-size-of-open-source-communities-and-its-impact-upon-activity-

licensing-and-hosting/#ixzz2f1i6fjis

http://redmonk.com/dberkholz/2013/04/22/the-size-of-open-source-communities-and-its-impact-upon-activity-licensing-and-hosting/


Recommendations

• Contributors: use an OSI approved license• Will promote not inhibit adoption• Consider displaying the SPDX short form license indication in

each file• Consumers of open source: if there is no license

information, contact the project and request one • Lack of a license may prevent adoption or use of the

software• Community: educate and encourage


Thanks

Thank ye, Merci, Danke, Grazie, Gracias, Tack, …

open source’s $59b opportunity october, 2013...• tracking 1m oss projects in the black duck...

Documents