At the beginning of 2018, it didn’t seem like the open source movement could get any bigger. Android, the world’s most popular mobile operating system; websites including Facebook and Wikipedia; and a growing number of gadgets have open source software under the hood—literally, in the case of cars. The world’s largest companies, including Walmart and JP Morgan Chase, not only use open source but have released their own open source software so the rest of the world can modify and share their code.
Then, in June, Microsoft announced plans to buy GitHub, the platform used by millions of developers and companies, including Google and Walmart, to host popular open source projects, for $7.5 billion. Four months later, IBM said it will buy Red Hat, a company that open sources all of its products, for $34 billion, one of the biggest acquisitions in tech history.
The Red Hat and GitHub acquisitions overshadowed some smaller deals that in another year would have been big news in the open source community, including Salesforce’s $6.5 billion acquisition of Mulesoft, which helps companies move applications to the cloud; Adobe’s $1.68 billion acquisition of ecommerce company Magento; and AT&T’s acquisition of Alien Vault, which makes an open source security management system, for an undisclosed amount.
It’s not that these companies are new to open source. AT&T, for example, released an open source AI platform last year. But it’s still a big deal to see Microsoft, which pioneered the modern software industry, and IBM, tech’s most venerable company, go all in on open source. This year’s acquisitions are significant risks for the two companies. If Microsoft alienates GitHub users, it could lose the goodwill it has built in the developer community in recent years. And $34 billion is a lot of money even for a behemoth like IBM. The companies’ willingness to take on these risks signals that they see open source not as a fad or an adjunct but as a core part of how companies will make software in the future.
Even as open source has found acceptance in the business world, it still faces challenges. Linus Torvalds is the creator of the open source operating system Linux, which is found at the heart of Android, the Amazon Echo, Tesla displays, and many more products. In September, Torvalds apologized for years of unprofessional behavior and announced that the project would finally adopt a “code of conduct” to establish rules governing how the project’s contributors would behave and treat one another.
The decision provoked an immediate and ongoing backlash, particularly in the form of harassment toward Coraline Ada Ehmke, the programmer and activist who wrote the code of conduct adopted by Linux and many other open source projects.
Meanwhile, even as companies like Red Hat and Mulesoft attract multibillion-dollar acquisitions, other open source projects struggle to find sustainable business models to pay developers to maintain projects. When popular but unprofitable projects go unmaintained, it can lead to security issues, such as critical vulnerabilities discovered in 2014 in OpenSSL, used by nearly every site that processes credit card transactions, and Bash, which is included in many operating systems. In November, a popular open source module was used to spread malware.
Revenue concerns led Redis Labs, which makes a popular open source database, to adopt a controversial new licensing scheme this year that limits how others can use its software, and that critics say deviates from open source principles. Meanwhile, the “Netflix for open source” company Tidelift, which raised $15 million in venture capital this year, is trying to apply Red Hat’s business model to smaller open source projects by signing up customers for a single support subscription fee covering multiple projects.
The past year underscored just how big open source won. But 2018 also showed that open source still has some growing up to do.