An influential group sponsored by the Silicon Valley tech titans warns that efforts are underway to 'undermine the integrity of open source'

An influential group sponsored by the Silicon Valley tech titans warns that efforts are underway to 'undermine the integrity of open source'

simon phipps open source initiative

Wikimedia Commons

Simon Phipps, a well-known programmer and the president of the Open Source Initiative

  • The board of the Open Source Initiative signed an open letter reaffirming the Open Source Definition on Tuesday, with groups like the Mozilla Foundation as co-signers.
  • The Open Source Initiative is an industry group, sponsored by the likes of Microsoft, Facebook, and Google, that decides on the official definition of open source.
  • The open letter comes as companies like MongoDB, Confluent, and Redis Labs are making controversial changes to their open source software licenses to protect their intellectual property from big cloud providers like Amazon or Alibaba.
  • The OSI's position is that the whole point of open source is that anybody can use the software for any purpose, even if it's turning a profit - and that without that definition, it would discourage corporate users especially from embracing open source at all.

For hundreds of years, the definition of a kilogram has stayed exactly the same. It's a measure of standardization that allowed traders from all over the world to know exactly what they were buying, and how they could sell it.

Now, one of Silicon Valley's most important industry groups warns that the definition of the term "open source" must be guarded just as zealously as that of the kilogram - and that "recently there have been efforts to undermine the integrity of open source" by stretching the definition to suit their own self-interest.

"These efforts are motivated by the interests of a few rather than the benefit of all, and are at odds with the principles that have so demonstratively served us well in the past decades," writes the board of directors of the Open Source Initiative, in an open letter published earlier this week.

"If allowed to continue, these efforts will erode the trust of both users and contributors, and hinder the innovation that is enabled by open source software, just as surely as having multiple definitions of a kilogram would erode and undermine commerce," the OSI board wrote. The letter is co-signed by industry groups including the Mozilla Foundation.


The Open Source Initiative is a cross-industry body, sponsored by Google, Facebook, Microsoft, Amazon Web Services, and almost every other major player in the tech industry. Its mandate is to decide what qualifies as open source, and what doesn't.

Its mission has taken on new importance, of late: Smaller software companies like Confluent, Redis Labs, and MongoDB have recently found themselves at the center of controversy, as they change their open source licenses to place specific restrictions on how others - namely, larger clouds like Amazon's or Alibaba's - can use their software.

While the OSI's blog post didn't mention these companies by name, it's clearly of relevance. MongoDB's new license is currently under review by the OSI, with a decision on whether it can refer to its new license on open source expected to come within the next few weeks. And some, like Deshpande Salil, the managing director of Bain Capital Ventures, have questioned whether the OSI provides a necessary service.

"OSI, which has somehow anointed itself as the body that will 'decide' whether a license is open source, has a habit of myopically debating what's open source and what's not," Salil wrote in a November op-ed for TechCrunch.

All of this contributed to the timing of the open letter, say OSI officials.


"There has been genuine uncertainty especially from venture-backed companies built around open source," Josh Simmons, treasurer of the OSI and a program manager at Google in his day job, told Business Insider. "These are coming from individuals who do know better who seem to be making the claim that in order to do business, they need to change the definition of open source, which I think is a pretty wild argument to be making."

For its part, MongoDB is sticking to its guns: "MongoDB believes that the SSPL [license] meets the tenets of open source and we appreciate the feedback from the community during the OSI review process," the company said in a statement.

The cloud is putting pressure on open source

With the rise of cloud computing, smaller companies have run into the issue of seeing the open source software they created packaged and sold by other cloud companies like Amazon Web Services and Alibaba Cloud. It's legal - by the OSI's very definition, open source software can be used for any purpose, including turning a profit.

Still, this has rankled some smaller software companies, which have adopted these controversial new licenses as a means of fighting back by limiting how their software can be used. As Confluent CEO Jay Kreps explained in a recent blog post, his view is that open source can't be "free and unsustainable R&D" for tech giants like Amazon.

Then, there's the curious case of Lerna, which last year added a provision to its license that it can't be used by companies that work the United States Immigration and Customs Enforcement (ICE).


However, it's the view of open source software advocates that this is a case of trying to have your cake and eat it too, in a phenomenon they call "open washing." Companies can reap the rewards of open source, such as faster innovation, or they can place limitations on how their software can be used - but not both, says Patrick Masson, general with the OSI and an adjunct professor at the University at Albany, says.

"The benefits of open source licensing have created the innovation and mass adoption across all industries, including the right to use for any purpose," Masson told Business Insider. "There's all sorts of licenses out there now that are examples of people who have good intentions are not understanding the definition of software freedom."

According to the OSI's definition, there should be no discrimination on how open source software gets used. That goes even if those would-be users are mega-companies who want to sell the software on their cloud. If you place those limitations, it's the OSI's view that it's no longer open source.

"They're saying, 'we don't want bad people.' They might pick a license and say, 'you can use this for anything you want, but people who are engaging in cyber warfare or government or spying, they can't use it,'" Masson said. "We ask them to please not call it 'open source.' To put in these constraints, you're ignoring parts of the Open Source Definition."

An academic debate with real-world ramifications

While it may seem academic to debate the meaning of open source, the outcome could have major ramifications for businesses everywhere.


To the OSI's point about the kilogram standard, corporate legal teams have a responsibility to make sure that their use of any software is both legal and in compliance with the vendor's licensing terms.

Without a body like the OSI to approve a license as open source, says Simmons, those legal teams would have to go through the lengthy, expensive process of vetting the license of every new piece of software they want to adopt. The same goes for any company that wants to release their code under an open source license.

Read more: Startups are taking on Amazon's cloud with a controversial new plan, but experts warn it could undermine the foundations of open source

As a result, Simmons says, the use of open source software in businesses would fall. In turn, there'd be fewer people contributing code back to open source software projects. And companies might turn to proprietary software, from the likes of Oracle or Microsoft, which is more expensive, but at least has known licensing terms, says Simmons.

"Just that kernel of doubt whether a piece of software that claims to be open source really is open source would drive up the cost to open source," Simmons said. "Not only does this hurt open source, but it hurts the users."


Community discussions

Simmons notes that the OSI is not a self-appointed regulatory body, but rather, community-driven. Discussion around licenses is open to anyone who wishes to participate. He also notes that the OSI supports the creation of new open source licenses, but that they need to be vetted by that community before they qualify as open source.

Masson also notes that it's not impossible for the Open Source Definition to change, but if it does, it must be a "collaborative and community process."

Specifically, Simmons says that he would have liked to see MongoDB submit its new license to the OSI to be vetted before it was announced, not after.

"It was just, 'here's a change, and oh, it's not OSI-approved yet, but it's basically open source,'" Simmons said. "That's just acting in bad faith. OSI is driven by community consensus. They should just get engaged and be part of the process."