Open source development may not always pay the bills

At IT conferences, Marty Roesch gets a lot of attention – and offers for drinks at the hotel bar – once attendees find out who he is.

A typical reaction: “Hey, it’s the Snort guy! You know, Snort! The pig with the big sniffing nose on the website? It’s a riot! We use it everywhere. Hey man, have a drink on me!”

As the Snort guy, Roesch is the creator of an open source network intrusion detection system and associated website, He spent years developing the program and enjoys the recognition. Through the Internet and word of mouth, thousands of IT administrators have downloaded his software to use at their companies. “You’d think it’d get old,” he said. “But it takes us back to the heroic age of computing when individuals were recognized for doing great things.”

There’s just one problem: the recognition and free drinks don’t pay Roesch’s hotel bills at the conferences. Acceptance is one thing; making a living is another.

Open source developers like Roesch have a couple of choices. One is to be a consultant for the software they create, in which case they devote their lives to running a consulting business when they’d rather be writing code. The other is to build proprietary extensions to their open source applications to create a more well-rounded package and sell that for real money (a move frowned upon in open source circles, of course). That’s what Roesch did with his company, Sourcefire. The Columbia, Md.-based company layers some management tools and a friendly GUI on top of Snort (which is still available for free) on a preconfigured server for sale to CIOs who don’t want to manage the stuff themselves.

Roesch said he had no choice. Venture capitalists wouldn’t touch his company when he tried to sell it in 2001. “They wouldn’t go near it unless we had some [proprietary] intellectual content wrapped around it,” Roesch said.

Once he put a proprietary wrapper around Snort, Roesch got his money, and his business is growing nicely, he said. Sourcefire is privately held.

Other nascent open source software developers are doing the same thing. Sweden’s MySQL AB, for example, offers separate proprietary versions of its open source database with service contracts that pump up revenue.

But even the companies that have managed to successfully sell themselves as service and support providers for open source have struggled to find a winning business model.

Take Red Hat Inc., the GNU/Linux operating system distributor based in Raleigh, N.C. Though US$79 million Red Hat is now profitable, it was a long time coming. The company incorporated in 1998, went public in 1999 and posted its first profitable quarter in November 2002.

Red Hat became the nation’s dominant distributor by selling Linux with add-on tools developed by its own staff and by partnering with big companies such as Dell Computer Corp., IBM Corp. and Oracle Corp. It’s a strategy reminiscent of the dominant proprietary operating system company, Microsoft Corp., except that Red Hat must make its source code available to everyone who buys it, under the GNU General Public License that governs Linux.

Red Hat’s future, said President and CEO Matthew Szulik, is delivering a subscription Linux service to customers with dedicated Red Hat support. “We define software as a service,” he said.

Right now, the open source community is rooting hard for Red Hat and other vendors with open source roots because they are the underdogs. But if Red Hat becomes the Microsoft of Linux, all those programmers in the open source community may begin, like the Snort guy, to wonder why they are still working for free.

At the very least, somebody owes Linux creator Linus Torvalds a drink.