open source’s $59b opportunity october, 2013...• tracking 1m oss projects in the black duck...
TRANSCRIPT
© Black Duck 2013
Open Source’s $59B OpportunityOctober, 2013
Phil OdenceVP, Corporate & Business Development
2 © Black Duck 2013
$59B
Enterprise perspective Developer perspective
3 © Black Duck 2013
Agenda
• The Math (some fuzzy, mostly sound)• What’s Going On from the Developer Perspective• The Problem• GitHub Does the Right Thing• Conclusions
4 © Black Duck 2013
The Math
5 © Black Duck 2013
Sources
• Gartner – Software Market
• IDC – Open Source Usage
• Tracking 1m OSS projects in the Black Duck KnowledgeBase• Focus is on license, version and security
• Analyzing 650k+ projects on Ohloh.net• Focus is on commit analytics, activity levels
• 1000+ OSS audits – companies of all sizes
6 © Black Duck 2013
Assessing the Potential Business Opportunity
• 2012 IT Spending on software was $342B (£219B,€259B)
• Applications, infrastructure, vertical software
• Companies saved 30% on SW spend using OSS• Spending on SW was reduced by $146B• 342+146=488
• With 40% of OSS with no declared license, $59B (£36B, €43B) is at risk
• $59B = 40% of the $146B• 40% of OSS has unclear licensing
7 © Black Duck 2013
1 Million Projects Analyzed
60%
40% DeclaredNo-declared
No-Declared vs. Declared40% of industry-wide projects have no declared license
Enterprises are questioning whether they can use these projects
8 © Black Duck 2013
1 Million Projects Analyzed
60%
40% DeclaredNo-declared
No-Declared vs. Declared40% of industry-wide projects have no declared license
Enterprises are questioning whether they should use these projects0%
10%20%30%40%50%60%70%80%90%
100%
Non GitHub GitHub
No DeclaredDeclared
93%
7%
77%
23%
The Git Hub Factor
9 © Black Duck 2013
Embedded Licenses in Projects with No-declared License
40% of industry-wide projects have no declared license
42% of projects with no declared license include embedded licenses
Many projects without a declared license include embedded licenses
These embedded licenses contain specific obligations that govern the use of the overall project…how careful have developers been?
10 © Black Duck 2013
Licensing: An example project
Apache License Version 2.0Apple DisclaimerBSD 2.0Creative Commons Attribution 2.5Creative Commons Attribution Share-Alike 3.0 LicenseGPL 3.0Indiana University Extreme! Lab Software LicenseJSon LicenseLGPL 2.1MIT License V2Mozilla Public License 1.1
11 © Black Duck 2013
What’s Going On
12 © Black Duck 2013
Post Open Source Software
James Governor, Redmonk Analyst
f#$@
13 © Black Duck 2013
“POSS” might be more than just bad hygiene
Luis VillaDeputy General Counsel Wikimedia FoundationJan. 2013
Pushing back against licensing and the permission culture
“I reject the permission culture”
“…where the permission culture means that you must always ask permission before doing anything with anyone’s work, because nothing is ever simply shared or legally usable.”
http://tieguy.org/blog/2013/01/27/taking-post-open-source-seriously-as-a-statement-about-copyright-law/
14 © Black Duck 2013
Simon Phipps – chides GitHub
15 © Black Duck 2013
Steve Walli gets analagous
Github without licenses is like free sex without condoms.
16 © Black Duck 2013
Five Star Summary from Richard Fontana
17 © Black Duck 2013
Hypothesis
What if the POSS generation is NOT a generation of NOT CARING?
But instead a SOCIAL, SHARE-EARLY generation.
Dave Gruber,Black Duck
18 © Black Duck 2013
The Global State of Open Source
“Software is Eating the World”Marc Andreessen
“And Open Source is Driving the Software World”
• 1M Projects
• 100B LoC
• 10M person-years
19 © Black Duck 2013
Analysis of GitHub
0
2000
4000
6000
8000
10000
12000
14000
100
300
500
700
900
1100
1300
1500
1700
1900
2100
2300
2500
2700
2900
3100
3300
projects
Analysis as of April 2013
3+“Stars” = 10% (~320k Projects)3+“Forks” = 4% (~122k Projects)2+ “Stars” = 16% (~530k Projects)
1 Star only = 84%
# of projects with xx Stars
# of projects with xx Forks
Analysis as of September 2013
1M Users: late 20113M Users: Jan. 20134M Users: Sep. 20135M Users: mid-2014
20 © Black Duck 2013
The OSS Project Funnel Circa 2008
Assign a License
Ideate Iterate Organize
Licensed
BroadUse
OSS
21 © Black Duck 2013
Today: Share Early, Collaborate, Assign License when Mature
2013New ParticipantsNew IdeasNew Knowledge
LicensedLicensed
MORE Licensed
Ideate Iterate Organize
Social Sharing & Early Collaboration
BroadUse
MO
RE
MO
RE
Open Source
22 © Black Duck 2013
License “Marketshare”
97%
23 © Black Duck 2013
So What’s Going On?
• Lots more freely available software…for sure• Some developers flouting copyright law and
permission-based society…probably• GitHub has contributed…certainly, but in mostly in a
good way
• Bottom line: Lots of freely available software with no license…So?
24 © Black Duck 2013
The Real Problem
25 © Black Duck 2013
Why Developers Making Code Available
• You want your code to be widely used (and to show your stuff)
• You want to demonstrate your abilities (gain cred) but perhaps not to permit copying
• You want others to contribute• You want to promote open source and software
freedom
You must provide a license to achieve any of the above goals
26 © Black Duck 2013
What is a License?
• Permission by the owner of property to take some act that the owner has the ability to control due to their ownership of intellectual property rights
• What intellectual property rights do you license for software:
• Copyright• Patent• Trademarks
• not licensed in OSS licenses
• Trade secret• not relevant to OSS licenses
27 © Black Duck 2013
Lack of a license may give more or less permission
• Implied License• Not public domain
• Copyright arises automatically• Unclear legal process to effectively renounce
• Possible Scope of an implied license• Use internally• Reproduce and distribute (make, use & sell)• Modify• All of the above • None of the above
28 © Black Duck 2013
People/companies may not use or contribute to your code
• Reluctance of licensees to adopt software when their rights are uncertain
•Problem for operations of licensee (what can I do?)•Problem for licensee financing (investors don’t like uncertainty of no license)
•Problem for licensee merger/sale of assets (acquiring companies don’t like uncertainty of no license)
29 © Black Duck 2013
Your software isn’t “open source”
• A license is what distinguishes open source for any other software
• No license does not comply with the open source definition and the software is not “open source”
• Isn’t public domain• Nor does it preserve freedom
30 © Black Duck 2013
Oh, and, you could be exposed
• Article II of the Uniform Commercial Code applies to all software licenses
•Article II terms apply unless modified or disclaimed in an agreement (“gap fillers”)
•Default liability• Consequential damages: Lost profits• No cap on damages• Damages for warranty breach
•Default warranty• Merchantability: “average quality” in the trade for
merchants• Fitness for a particular purpose: software meets
particular needs of licensee • Non infringement
31 © Black Duck 2013
In Sum, No License
• Leaves software in an unknown state• Limits use and visibility• Doesn’t promote open source or freedom• May expose the copyright holder
• Doesn’t really serve anyone well
32 © Black Duck 2013
GitHub Does the Right Thing
33 © Black Duck 2013
GitHub Takes Action
“Not having a license is not a feature, it’s a bug.”Matthew McCullough, GitHub
OSCON Day 1 Keynote, July 2013
34 © Black Duck 2013
GitHub Responds
July 15, 2013ChooseALicense.com
35 © Black Duck 2013
Featured Licenses on choosalicense
GitHub creates choosealicense.com to helps developers make license decisions.
36 © Black Duck 2013
The “No License” Option
37 © Black Duck 2013
And for the POSSers
38 © Black Duck 2013
So how is it working?
The “No Declared License” trend was fueled by GitHub’s lack of capturing a license.
With GitHub now publically supporting licensing, how is behavior changing?
39 © Black Duck 2013
At least a blip of improvement, but…
0
2000
4000
6000
8000
10000
12000
14000
Added License
40 © Black Duck 2013
Summary and Conclusions
41 © Black Duck 2013
Summary
• Lots of freely available code without a license• Many reasons; mostly more and earlier sharing• Lack of license leads to uncertainty
• Not good for adopters• Not good for developers
• GitHub has made it easy• But the community needs to follow through
42 © Black Duck 2013
When is the right time to declare?
Idea Some Code Getting Organized
First Use First Fork When Requested
“…as projects grow, they tend to sort out any licensing issues, likely because they get corporate users, professional developers, etc.”
Donnie Berkholz, Redmonk
http://redmonk.com/dberkholz/2013/04/22/the-size-of-open-source-communities-and-its-impact-upon-activity-
licensing-and-hosting/#ixzz2f1i6fjis
43 © Black Duck 2013
Recommendations
• Contributors: use an OSI approved license• Will promote not inhibit adoption• Consider displaying the SPDX short form license indication in
each file• Consumers of open source: if there is no license
information, contact the project and request one • Lack of a license may prevent adoption or use of the
software• Community: educate and encourage
44 © Black Duck 2013
Thanks
Thank ye, Merci, Danke, Grazie, Gracias, Tack, …