COSS - Genetic Marker for Disrespect

The term "Commercial Open Source" or COSS is an indicator that you will not receive software freedom from a vendor that's enjoying it themselves.

A certain category of companies like to describe their activities as “Commercial Open Source” or “COSS”. They are typically operating open-core business models, where the basic kick-the-tyres code is available under an open source license but the software you actually need is under some combination of licenses - typically not OSI approved - that are designed to ensure you can’t run the code in production without paying the company.

The most basic problem with naming this model as they do is that the software freedom stops with the open-core company. Their customers don’t receive it, so the implication of available freedoms accompanying use of the word “open” is not actually delivered.

I am delighted for those companies that they are gaining the benefits of open source themselves - I and others have been advocating those benefits for decades. But as their customer it is no more relevant to me than knowing they use Scrum, comply with ISO-9001 or program in Rust; it’s just more marketing jargon. Their use of the word “open” or even of “Open Source” creates a false impression of benefit – “Software Freedom Inside” – that erodes trust when the betrayal is understood, both in the company and in those who use the terms inappropriately.

Naturally there are other problems layered on this fundamental one.  

  • The term implies other open source software is somehow not for commercial use, which is untrue
  • Most open-core projects treat “community” as a synonym for “customer” rather than for “collaborator” so it can be very hard to enjoy software freedom even on the core part that’s under an open source license. In particular, it may be hard to upstream improvements or engage technically. 
  • People who want to pay in effort rather than money may be considered freeloaders by open-core projects. If they are willing to take payment in effort, it will be for real - there will be a contributor agreement to sign through which you will grant the company effective ownership of your work so they can monetise it. 
  • There is usually a VC lurking in the shadows in whose interests the project may well act irrationally, demanding antifeatures, changing licenses, deprecating perfectly good code and even shutting down to serve a higher bidder.

You’ll get all sorts of excuses and the vendor will try to gaslight you into thinking you are the problem not them (“don’t you realise we have to make money?”). But the basic truth is they decided to make money from open source without sharing the freedom with you, and were either so ashamed or so dishonest they decided to still call it Open Source.

Consequently, the phrase “Commercial Open Source” and the descriptive term open-core are both genetic markers for software you probably should stay away from. It does not offer you your freedoms and the company behind it does not respect them or you.