In the open-source community, there is strong camraderie between developers. Developers code for the love of coding and for reputation, rather than for profit. This results in some innovative, dynamic projects, like the Linux OS, the Apache web server, the Firefox web browser, and the OpenNMS network management suite, among many, many others.
Commercial companies take advantage of this innovation to build equally innovative products. Linksys‘s WRT54G routers and the Tivo DVR use Linux. These companies can do so as long as they honor the GPL license, which gives one the right to do whatever one wants with the source code as long as any changes get released back into the community. This encourages collaboration, which in turn lends itself to some amazing tools as hackers can modify any project to suit their needs. Indeed, Linksys and Tivo all but encourage their users to hack their products. Often, their users’ cool ideas wind up in a future version of the mainstream product.
On rare occasions, a project will grow to the point where a contributor becomes greedy. Parts of the project become proprietary. The company begins to benefit from the work of others without sharing anything in return. Such is the case with the world-class network security tool, Nessus and its primary sponsor, Tenable Security.
My friend Brian Weaver works in the security industry and uncovered some dirty tricks in Tenable’s release of Nessus source code, tricks clearly designed to sabotage the GPL versions of Nessus. Why would they do that? Because they sell a commercial version which now competes with the free version.
It appears that Tenable is violating the spirit, if not the letter of the GPL agreement. And the proof is right in the source code the GPL obligates Tenable to release.
That demonstrates another wonderful aspect of open source: accountability. Dirty tricks have nowhere to hide. With the work of Weave and other Nessus contributors, these actions will not go unnoticed. In fact, companies pulling stunts like this have been known to have their project’s open source developers take control of the GPL project. The activity continues around the free version, leaving the commercial version to whither and die. See SSH and OpenSSH for examples.
In short, everyone is expected to play nice in the open source world because reputation is everything. Cross the line into evilness, as Tenable seems to have done, and the community will ostracise you. It will be interesting to watch the repercussions of this one.