#92 — To be open source, or not to be open source, that is the question

Why it matters: The open source decision can make or break infrastructure and developer tool startups, yet most founders treat it as an afterthought rather than a strategic choice that requires "extreme consideration and gravity."§

By the numbers: HashiCorp's Vault Enterprise grew from zero to over $100M ARR using an open core model, proving the commercial viability of strategic open source approaches.§

The big picture

Much like former HashiCorp executive Andy Manoske, we'd argue that founders need to approach open source decisions as core strategic choices, not default settings. The decision affects everything from product development to community relations to legal exposure.§

Key insight: There are significant costs associated with creating and cultivating an open source community. Without proper investment in time and resources, simply open sourcing "for kicks" appears disingenuous to the broader open source community.§

Two fundamental motivations

The moral imperative

FOSS philosophy: Free and Open Source Software communities, exemplified by Richard Stallman's GNU Foundation, view open source as protecting fundamental civil liberties around privacy and security.§

Core principles:§

• User rights to privacy and security
• Legal protections through licenses like GPL
• Software freedom as social action

Examples: Debian Linux, GNU C Compiler (GCC), Gnome and KDE window managers§

For founders: If you align with FOSS values, that alone justifies going open source — no strategic business case required. You should feel confident standing up for these values, even with stakeholders like investors.§

The commercial approach

Different mindset: Commercial open source communities see open source as a functional means of developing commercial products, not necessarily social change.§

Business focus: Using community-developed components to build potentially even closed-source commercial products.§

Smart reasons to go open source

1. Force product excellence through transparency

The principle: Being open source forces your product to be better by subjecting it to public scrutiny.§

Kerckhoffs's Principle explained:§

• Created by Dutch cryptologist Auguste Kerckhoffs
• Defines encryption systems secure enough for military use
• Core concept: "No security in obscurity"
• System remains secure even when enemies know how it works

HashiCorp case study: Vault's core cryptographic libraries stayed open source to:§

• Meet globally accepted security standards
• Leverage community scrutiny from world-class cryptologists
• Validate new encryption mechanisms safely
• Outperform closed-source competitors on security

Broader application: If your market constraints mean open source will force you to hold your product to a higher standard, that's strategic justification.§

2. Win developer trust for infrastructure

Market reality: For fundamental infrastructure components, developers often won't consider products without open source elements.§

Database example:§

• Most successful databases (except Oracle) are open source
• Developers trust what they can inspect
• They'll pay for managed services, but want open underlying technology
• Closed alternatives (Dynamo, Aurora, Spanner) continue losing to Postgres and MySQL

Bottom line: For low-level infrastructure, open source is table stakes for developer consideration.§

3. Enable enterprise evaluation (freemium strategy)

Target market: Mid-enterprise companies ($100M-$3B annual revenue) need hands-on product evaluation.§

Why it works:§

• Decision-makers can run code locally or in their environment
• They can modify, test, and validate solutions
• Provides confidence before standardizing on your technology

Key difference: Closed source or source-available free tiers often fail because they don't allow meaningful modification and customization.§

Success factor: "There's a delicate art to doing good open source marketing like this, and people who can do it are worth their weight in gold."§

Dangerous motivations that backfire

❌ Lead generation exploitation

The scheme: Using open source repositories to harvest contributor emails for sales outreach.§

Why it's toxic:§

• Violates social contract with community
• Following a repo ≠ consent to marketing
• Committing to projects ≠ sales lead qualification
• Creates serious reputational risk
• May create legal exposure in some countries

Community perception: Seen as significant transgression across all open source user types.§

❌ Free labor expectations

The myth: Open source will generate meaningful community contributions and free development work.§

Reality check:§

• Most open source projects face maintainer crisis
• Projects typically maintained by small, overworked, underpaid groups
• New projects rarely receive substantial outside contributions without massive coordination effort
• Treating contributors as unpaid employees damages reputation

Current context: Particularly problematic during tech layoffs and industry turbulence when many contributors are already struggling.§

Better approach: Hire regular contributors you enjoy working with — HashiCorp found these became some of their most productive employees.§

Strategic implementation framework

Decision criteria checklist

Ask yourself:§

• Do I have philosophical alignment with FOSS values?
• Will open source force my product to be better?
• Is open source required for developer trust in my market?
• Do I need hands-on evaluation for enterprise sales?
• Can I invest properly in community building?
• Am I prepared for the long-term maintenance costs?

Community investment requirements

Essential commitments:§

• Dedicated resources for community management
• Clear communication channels and response protocols
• Proper documentation and onboarding materials
• Transparent roadmap and decision-making processes
• Legal frameworks that protect both company and contributors

Avoiding common pitfalls

Respect boundaries:§

• Never harvest emails without explicit consent
• Don't treat contributors as free employees
• Maintain transparent communication about commercial interests
• Honor the social contract with your community

Set realistic expectations:§

• Don't count on significant community contributions early on
• Budget for internal maintenance and development
• Plan for community management overhead
• Prepare for public scrutiny of your code and decisions

The bottom line

Open source isn't a growth hack, marketing tactic, or cost-saving measure. Open source is a fundamental strategic choice that affects your entire business model, product development approach, and relationship with the developer community.§

The stakes: Get the reasoning right from day one, or risk damaging both your product and reputation in ways that are difficult to recover from.§

Next steps for founders:§

1. Evaluate your specific market constraints and personal values
2. Assess your capacity for proper community investment
3. Make this decision early in your company's lifecycle
4. Treat it as doctrine, not a tactical choice you can easily reverse

Remember: This decision will shape your company culture, hiring strategy, product roadmap, and go-to-market approach for years to come. Invest the time to get it right.§