CSO

Everybody's up in arms again about licensing and security software.  I swear this happens every 6 months or so.

It’s easy to get used when you’re offering your services up for free.  Linux fits into this role nicely.  As an operating system, most of the components of the typical Linux distribution have enough people working on them that it’s sustainable.  As a business, it's to my advantage to staff some full-time developers for an OSS project if I use it as the core of my solution.  It's much better than developing the entire project from scratch.

 
However, when it comes to security applications, they are a niche.  A very expensive niche because they are low-volume and usually enterprise-wide solutions.  That means vendors can and do charge a significant amount of cash for their software.

Inside the security world, the Linux/OSS developers have mixed feelings about this.

Out of the most well-known Linux and OSS security projects, they've mostly migrated to different licensing because their competition was reusing their effort.  Nessus went the way of closed source.  Snort charges for signature updates.  Metasploit went the way of community-supported.  In fact, HD Moore has an excellent presentation on the economics of open-source security projects, so don't think that all of these ideas are completely new.

The shocker now is the slow march from truly free GPL-licensed (or similar) works "backwards" toward a proprietary license with dual-licensing as an intermediate step.  This phenomenon was documented last month in a report entitled 2007 Open Source Think Tank: The Future of Commercial Open Source.  It's a good read for the OSS security vendors out there, just remember that it starts out with some biases and some sponsors. =)