Inspired by Bitcoin's ethos of building "open gardens" and protocols, I believe building open source software helps align incentives to truly solve problems without cannibalizing its maintainers. In other words, it's okay to make money out of an app even if the code is built in the open.
Many companies like StackerNews, MongoDB, Elastic, and many others, were built on similar ideas where people and companies are free to use their software and they can also choose to use managed versions of the same, consultancy, support, so on and so forth.
Walled Gardens vs. Open Gardens
When we talk about software ecosystems, two metaphors dominate: walled gardens and open gardens. Apple, famously protective, cultivates a highly controlled environment where every app, device, and interaction is curated. Their walled garden culture arguably allows for consistency, security, and a smooth user experience.. but at what cost?
On the other side, open gardens think Linux, Kubernetes, or the broader open-source world, thrive on transparency, interoperability, and experimentation. Developers can inspect, modify, and redistribute the software. But openness comes with its own challenges: fragmentation, inconsistent security practices, and the burden of self-hosting.
Here’s where the classic saying in the security space “don’t trust, verify” gains renewed meaning. Open-source communities have built ecosystems where verification is embedded in the development process: you can see the code, test it, and even change it if it doesn’t meet your expectations. This is not only a technical stance but a philosophy of trust, where confidence is earned through visibility, not brand reputation.
Community, Adoption, and the Big Tech
Community is the oxygen of open ecosystems. Products like GitLab, Sentry, and MongoDB show how free self-hosted software can cultivate great communities that then convert into paid SaaS users at scale. This “open core” or "SaaS-on-OSS” model seems to strike a delicate balance: community adoption feeds the revenue engine, and enterprise users pay for convenience, support, and scalability.
Yet, this model is not universal. Why do big tech players like Apple, Google, or Amazon rarely embrace it? They actually do it, some more than others but never with their core products or services. I feel these companies have lost the "good guy" narrative a while back as we witnessed them grow massively often not giving back nearly as much as they've gotten from the OSS community. Not to say we can't "verify" what they promise, adopting a "trust me bro" approach which is over time losing people's trust.
Regulation, Trust, and the EU Factor
The EU has begun probing the power dynamics of digital platforms, emphasizing interoperability, fair access, and consumer choice. An example is the recently passed Cyber Resilience Act (CRA) which I read as an attempt to depend less on foreign technology as they mitigate the privacy, security, maintenance, and accountability from adopting pure open-source technology.
They are even creating a new category of software companies, the stewards. Well, not really creating as much as incentivizing people to fill the gap in exchange for being paid as they would to proprietary companies. And if that becomes a model for other nations, maybe we are on the verge of a new era of incentivized open-source. European developers, startups, and enterprises will have to balance community adoption, SaaS monetization, and regulatory compliance.
The Rise of Source-Available Licenses
Enter the source-available license, a category that sits between open source and proprietary code. Licenses like SSPL (MongoDB), BSL (CockroachDB), and Elastic License attempt to protect commercial interests while keeping code visible.
- SSPL: forces SaaS providers to open-source all infrastructure if they offer the software commercially.
- BSL: allows free development use but requires a commercial license for production, converting to permissive licenses after a few years.
- Elastic and RSAL: aim to prevent hyperscalers from monetizing projects without contributing back.
These licenses provoke debate. Are they a pragmatic evolution in the cloud era, or a betrayal of open-source principles? Opinions vary, and the ecosystem is experimenting in real time.
Questions, Not Answers
The story of software today is less about fixed truths and more about exploration:
- Can someone build a profitable company without undermining community trust?
- Are open gardens inherently more resilient or more chaotic?
- Will regulations like the EU Cyber Resilience Act redefine the open vs. walled debate?
- And finally, can source-available licenses become the new norm for balancing openness and profitability?
The answers are not simple, and maybe they shouldn’t be.