When you are learning your first programming language, you will probably be surprised
to find that a lot of software (from operating systems to instant messaging programs)
not only distribute the source code, but also usually grant anyone in the world
license to take the code they worked hard to produce, optionally modify it, and
share it under their own name. To a young person raised by corporate capitalist
America, this may seem counter-intuitive and even foolish at first examination.
If you spend a few hundred hours perfecting the code, you should be compensated
for your time, effort, and expertise! you might feel.
To these people, I say: Your skepticism is both welcome and refreshing; however, there are numerous business models (some of which are successful) that allow the developers of a free and open source security project to pay their bills and put dinner on the table for their families. I'd like to go over a few that I know of; if you feel I forgot one, feel free to leave a comment below and correct my oversight.
The Freemium Model - Pay Us to Access New Features
For example: Heml.is
When a company releases free and open source software in the Freemium model, they typically give you the source code for their client application and keep the server software proprietary. In order to unlock more features (in the case of online games, player character accessories; in the case of cloud services, more space in the cloud; etc.), you must pay either a one-time fee or purchase a regular (usually monthly) subscription.
Free Product, but Pay Us to Install/Supervise It
For example: nginx
Just because you actively develop a product and give it away for free doesn't mean that the average person will understand how to use it correctly. These people are faced with a choice: Try to learn the proper way to use the tool you created themselves (the route most hackers take), or pay someone else who already knows how the product works and its optimal uses so they can focus their time on other things, such as running their business (the route that most business owners who aren't hackers will take). And what better person to hire than one of the volunteers who contributes their time into developing the free and open source product your company needs?
The "Certified" Model
This is the logical follow-up to the aforementioned "Free product, paid service" business model, for when a company has too many new clients to sate themselves or hire new developers to keep up with.
Let's say, for example, that I designed a geothermal power generator that doesn't require pumping water into the system. See, for example, my crappy sketch below this paragraph. And let's say I released the design details for free as an open hardware project, giving any maker in the world the license to take my design and build their own power generator.
Okay, so far, I just hypothetically produced a invention that can solve most of the world's energy problems for the next few years without exhausting fossil fuel supplies, and gave the idea away for free, and I'm not making any money on it. (In reality, I don't even know if this would work, or if the idea hasn't already been patented by someone else already, but if anyone wants the idea, just give me credit where appropriate and please consider the business model I'm discussing on this section of this blog post.)
But suppose the power company of Frog Balls, Arkansas, decides that they want to install their own geothermal power plants. "Dozens of citizens have deployed their own and removed themselves from the power grid; we want in on that action." This presents a problem for the power company: Who can they trust to deploy a geothermal power system correctly, safely, and dependably? Sure, they could possibly evaluate every candidate themselves for their ability to deploy a system that the power company doesn't understand, but that would be needlessly wasteful and ineffective.
And being the inventor of such a product who gives away the product for free, you're the person whose expertise on the product a company or government agency is most likely going to trust without closer examination. If you built the damn thing, you probably know how it works better than the rest of the general public. (Not always true, but that's how people think. It's an easy, common-sense assumption, and in most cases it will serve them well.)
So here's what you do: Offer training courses for people to become "certified" to deploy one of these free products. People pay to be certified, and they can use their certification to secure higher-paying jobs deploying these systems. Companies who are looking to transition to greener energy will be immensely happy that you offer a certification to prevent an enormous burden on their human resources departments. People who aren't looking for a career in deploying these systems still have the information and liberty they need to deploy their own system. Career electricians will not be displaced because their industry vanished beneath their feet due to technology. You're smiling every step of the way to the bank. Everybody wins.
And if you really want to go the extra mile, have part of the certification exam involve deploying a real product for a non-profit organization. Now you've added "Helping the community" to the list.
Relying on User Donations
This is the stereotypical business model of "free software" projects, and it probably serves as a strong deterrent for most people who might otherwise develop free software. Most people don't like to depend on others' generosity to make it in the world, yet most free software projects I've encountered throughout the years follow this model: "Please donate to support the development of this software."
And despite its bad PR rep, relying on donations to fund your project may actually work (assuming the idea is useful or awesome enough).
Even if this post only scratches the surface, I hope this opens more peoples' eyes to the possibility of a successful career developing free and open source software. Information wants to be free, but time is precious.
UPDATE: Other Suggestions (August 12, 2013)
@DefuseSec offered these tips for prospective Free Software developers:
- Being funded by a large company (e.g. Synergy is funded by Sprint)
- Having a bunch of proprietary for-pay software & taking those profits to fund the open source (e.g. cryptocat, I think)
- Crowdfunding (kickstarter) is a little different than asking for donations because it happens before the work
- Making your software "pay what you want to", which is psychologically different from asking for donations
- This article about funding open source projects is worth reading
- Sell Merchandise (Stickers, T-shirts, etc.)
Thanks Defuse Security!