Hello HN,<p>I'm exploring variations in software business models and came across what I'd call a "closed core" approach: the main system is proprietary, but all additional modules are open-source.<p>- Are there examples of companies adopting this model?<p>- What are the potential benefits or pitfalls?<p>- How does it impact community engagement and software adoption?
Telegram does this by having proprietary server and allowing users to compile its own client.<p>Benefits: you can abuse the users, pitfalls: you can be abused by the Government.<p>I hate to use software where developer party considers I need some "engagement" and the fact I have installed the software at all as "adoption", for me these are clear notices that you are doing some scam.
FusionAuth does this. We have a free as in beer downloadable solution with our own software license (available on our site). I am an employee.<p>Benefits: no risk of hyperscaler takeover or fork or future software licensing fiasco, business model of selling software is proven, either license or SaaS<p>Challenges: no halo effect, harder to get contributions (but you can do 'open development' and get bugs and feature requests from community; we do), some devs get less excited about solution, have to address continuity concerns earlier (maybe?)<p>We have a FAQ on our site addressing this question.<p>Hard to tell about community engagement because straight comparisons are hard, but it definitely retards uptake to some extent. Using a free downloadable option can help; we definitely have customers who kick tires before they talk to us.<p>Really depends on your target market too: devs care more about OSS, business users don't.
My tiny company is starting on this philosophy. The core device and our real IP is closed-source, but all the other components around it are open. Going forward, the same sort of thing will apply - almost everything open, except the bits that are actually hard to replicate.<p>Since the market is security, it makes a lot of sense to open-source as much as possible without compromising our market positioning.<p>I believe several other security-related companies (Tailscale comes to mind) also adopt this philosophy.
> <i>"Are there examples of companies adopting this model?"</i><p>Many examples across the industry:<p>- Autodesk AutoCAD (closed) + Plugins/Addons (many open)<p>- MS Windows (closed) + Many 3rd party programs (open)<p>- Github (closed) + Github Actions (open)<p>- Npm (closed) + Npm modules (mostly open)<p>> <i>"What are the potential benefits or pitfalls?"</i><p>Benefits:<p>- Harder to replicate, the company gets to keep the "secret sauce" a secret<p>- Opening up a way to "extend" the platform means 3rd party developers add value to your system<p>- The core isn't open, so less effort is required to maintain compare to OpenSource<p>Pitfalls:<p>- Closed-source is hard to verify, company is essentially saying "trust me bro"<p>- Less innovation, as user's can't contribute to the core<p>> <i>"How does it impact community engagement and software adoption?"</i><p>There's hardcore FOSS advocates that will hate anything not fully open. But a business has to make money and protect it's IP, having a "closed core" is one way to do that and ensure a sustainable business model.<p>Another approach is the opposite, open-core + closed-premium-addons. An example of this is "React Admin"<p>- Open Core -> <a href="https://github.com/marmelab/react-admin">https://github.com/marmelab/react-admin</a><p>- Premium Modules Offering -> <a href="https://react-admin-ee.marmelab.com/" rel="nofollow">https://react-admin-ee.marmelab.com/</a>