Why do people pay for open source?

Donald Fischer
by Donald Fischer
on July 10, 2018

The free ride opportunity

Free riding is practically the definition of open source software. (Well, there is a definition in fact, but bear with me.)

When you use open source, there's no form to fill out, no sales rep to speak to, no free trial to initiate. You just grab the code and go.

Frequently, it's so frictionless that you don't even realize you're doing it. "create-react-app hello-world", a wall of text scrolls by for a bit, and you've installed over 1,000 distinct new open source dependencies, each with its own creator and maintainers (hopefully! 🤞).

What's not to like?

Open source software is used in many different situations. It's wonderful and amazing that a student, weekend hacker, or independent entrepreneur has access to so much unfiltered, raw intellectual building material. In this sense, open source is a dream.

So why do people pay for open source software? Answer: they don’t. They pay for promises about the future.

Professional application development teams in large organizations seek out the same open source projects and benefit from the seamless nature of open source experimentation and exploration. Just like hobbyists and students, they download and use the code for free.

But when that software goes into production in a professional organization, lots of important questions start to come up. The dream starts to get complicated.

Does the specific software you use have any known security vulnerabilities in it?

Is the license information complete and accurate?

Is anyone actively maintaining this software?

Will any of this be true tomorrow?

Says who?

And if not, who’s going to do anything about it? And why?

These assurances are worth paying for

When people want to use open source software in a professional setting, they need clear and consistent answers to questions like these. And we think the best way to answer these questions is hiding in plain sight.

The individuals and teams who maintain open source projects are in the best position to make and maintain promises about the future of the software they are building. What's been missing is a clear alignment of interests between these teams and the downstream professional consumers who use their creations.

This is where Tidelift comes in.

Tidelift makes it possible for professional application development teams to go to a single source for uniform security, licensing, and maintenance promises about the the current and future state of the software they use. Professional teams pay for a Tidelift subscription, and Tidelift tracks which components they use and then pays the participating maintainers of those projects. Tidelift coordinates and verifies the process end-to-end.

Sign up to receive email updates from Tidelift

In this model, only the maintainers behind the specific components you use get paid. And you’re not paying them out of the kindness of your heart—you’re paying them (via Tidelift) for a service level agreement. You’re paying for the specific value of having a counterparty on the hook to provide the assurances you need to use a particular open source component in production, on an ongoing basis.

And as a bonus, you are helping the people who actually create and maintain the software you are using get paid. Paying the maintainers is both good and useful, because it gives them the freedom and motivation to keep making more and better software. But those happy outcomes are also just a side effect of serving your own self-interest in having someone accountable for the quality of the software you depend on. 

Let’s not break what already works

Our goal at Tidelift is to preserve the best attributes of open source—including its frictionless nature. That's why there is no “enterprise distribution” or alternative package manager with Tidelift.

You keep installing and using the software the way you already do, via your favorite package manager or artifact management tool. But when you value security, licensing, and maintenance assurances for those components, Tidelift makes it possible to pay the maintainers to deliver those as well, under standardized terms.

Think of it as a service level agreement overlay for the open source software you already use.

So by all means: go ahead and free ride if all you want is the code itself. Open source gives you the right, and it is part of what has made open source so ubiquitous. That's a wonderful thing.

But when you need someone to stand behind the open source software you use, Tidelift will help you get the assurances you are looking for, directly from the people who create and maintain the software today. Tidelift makes it easy to pay the people who make it happen, to make this happen, for you.

We think that's the best of both worlds, and a clear win-win.

Free dependency analysis