Open Source Companies: Navigating Challenges and Building a Business on Open Source

Many open source companies and organizations, including amazee.io, have navigated the challenges of open source to build their platforms and services. 

Open source is the best way to create software because it speeds up product feedback and innovation, improves software reliability, scales support, drives adoption, and pools technical talent.

In this blog, we'll take a closer look at the challenges that open source companies encounter when building their foundations on open source and explore practical solution suggestions for each of them, including practical examples from our own experience.

To start, here is a list of some of the challenges we, as an open source company, have been facing in the last few years:

• License Management and Compliance
• Security Concerns
• Support and Longevity
• Integration and Compatibility
• Cultural Shift and Internal Resistance
  

Now, let’s dive into how we addressed these challenges.

Challenge 1: License Management and Compliance

The open source company ecosystem is vast, offering many licenses, each with its own terms. Integrating multiple components can lead to a complex web of licenses to manage, and overlooking compliance can have potential legal consequences. 

To address this challenge:

Solution suggestion 1: Automated License Compliance Tools – Implementing tools like FOSSology or Black Duck can help automatically scan and identify licenses, making management more accessible and reducing manual oversight.

Solution suggestion 2: Dedicated Open Source Program Office (OSPO) – Having a dedicated team or office to oversee open source efforts can centralize responsibility and ensure continuous license tracking and compliance.

amazee.io consistently scans to ensure a solid understanding of license implications. This is super important, considering the current situation within the open source ecosystem. Let's take HashiCorp as an example: HashiCorp changed their license from Mozilla Public License v2.0 (MPL 2.0) to Business Source License (BSL) v1.1 – which is considered “source-available,” but not open source in the traditional sense. This change significantly and severely impacted organizations that have been using their solutions. HashiCorp had its reasons to make that move, but we have also seen that it will prevail, collaborate, and find alternatives within the open source company ecosystem. The launch of OpenTofu as an official fork, is the perfect example. Nevertheless, if you are building your own business on top of open source technology, you must be aware of this “risk” and have existing “mitigation” plans in place.

Challenge 2: Security Concerns

While open source's collective eyes can identify vulnerabilities, not all projects actively address security issues; this leaves it up to adopters to be vigilant. It is essential for organizations to stay updated on vulnerabilities and be proactive in patching them.

To address security concerns:

Solution suggestion 1: Regular Vulnerability Scanning – Tools can automatically scan dependencies for known vulnerabilities, alerting teams to take timely action.

Solution suggestion 2: Contribute Back to the Community – Active participation in open source communities can help identify vulnerabilities and contribute to their resolution.

As amazee.io is ISO27001 and IRAP certified, we are obliged to comply with the highest industry standards. We employ various tools, including Syft and Grype from Anchore, and Trivy from Aqua, and we conduct regular security audits to maintain the highest security standards. Security needs to be a top priority in your organization, as a single incident can have severe consequences. No loopholes - no excuses.

Challenge 3: Support and Longevity

Some open source projects are transient, which can pose risks for companies heavily reliant on them. A project in use today could lose momentum tomorrow. If a company's platform relies heavily on such a project, this can pose risks. To safeguard against this, companies often need to be prepared to invest in in-house expertise or seek third-party support.

To safeguard against this:

Solution suggestion 1: Internal Training and Skill Development – Investing in training sessions can help develop in-house expertise, reducing reliance on external community support.

Solution suggestion 2: Backup and Migration Strategies – Having a backup strategy and alternative tools in mind ensures a smooth transition if a project becomes obsolete.

At amazee.io, our team is very active within the open source community, trying to understand major shifts in open source project adoption and community changes. This allows us to anticipate changes and proactively look for alternatives in case of significant changes to a single project.

Challenge 4: Integration and Compatibility

While open source offers flexibility, it only sometimes guarantees seamless integration, especially with proprietary systems. Custom solutions and 'glue' code often become necessities, requiring additional resources and increasing complexity.

To address this challenge:

Solution suggestion 1: Standardized Interfaces and Middleware – Adopting or developing middleware solutions can bridge the gap between open source and proprietary systems, easing integration.

Solution suggestion 2: Collaboration with Open Source Projects – Directly engaging with or sponsoring open source projects can guide them towards better compatibility with business needs.

This is a challenge for many organizations and the lifeblood of other companies. This is the exact area we are operating in and is part of our business model. amazee.io is the glue between open source projects. We wholeheartedly believe in open source and the freedom of choice it provides. By “gluing” open source projects to an open source platform we allow organizations to experience the true benefits of open source. The amazee.io platform, which comprises more than just Lagoon, currently combines more than ten open source projects – Kubernetes, Prometheus, Harbor, OpenSearch, and Keycloak, amongst others.

Challenge 5: Cultural Shift and Internal Resistance

Moving to open source isn't just about technology, it's also about people. Those used to proprietary tools might resist the shift or need more skills for open source tools. Training, mentorship, and change management are vital components of an open source adoption strategy.

To address this challenge:

Solution suggestion 1: Open Source Champion Programs – Identifying and promoting open source champions within the organization can help drive enthusiasm, mentorship, and internal adoption.

Solution suggestion 2: Continuous Learning Platforms – Offering employees platforms like Linux Academy or Coursera to upskill in open source technologies can bridge skill gaps and reduce resistance.

Cultural Shift and Internal resistance has never been a huge topic at amazee.io. Since its inception, amazee.io embraced open source and is a firm believer and advocate. We proactively encourage our team to contribute back to other open source projects. amazee.io team members are currently contributing to 45+ open source projects, including Kubernetes, Lagoon, Ansible, Drupal, OpenSearch, FluentD, Helm, Harbor, Puppet, Varnish, and many more. 

Open source offers many business opportunities, but it's essential to navigate the associated challenges effectively. Companies can leverage open source's power by addressing issues related to license management, security, support, integration, and cultural shifts while minimizing risks. amazee.io's experience serves as a testament to the effectiveness of these solutions in building a successful business on open source foundations. As you consider your journey into open source, remember that the rewards can be substantial with the right strategies and a commitment to these challenges.

If you’re interested in learning more about our fully open source application delivery and hosting platform, schedule a meeting with us today. We’d love to chat.