Analysis: HashiCorp prioritizes its business with BSL license switch, but community upset cannot be ignored

HashiCorp logo on an orange background with the silhouette of a woman holing a smartphone out in front of her face in the foreground
(Image credit: Getty Images)

HashiCorp has announced that it has changed its source code license to the Business Source License (BSL), restricting commercial use and sparking a degree of upset in the open source community.

The move follows similar changes by companies such as MongoDB and Elastic as companies founded on open source ideals try to overcome commercial difficulties.

In this instance, HashiCorp, which had formerly worked under a free open source license, has opted to move to a model that allows for copying, modification, and redistribution in non-commercial projects. Use by commercial vendors will only be allowed under specific conditions.

The reason for the switch, HashiCorp said, was due to too many vendors profiting from the work of open source software (OSS) projects - projects that often don't receive a cut of the profits their work allows others to generate.

“There are other vendors who take advantage of pure OSS models and the community work on OSS projects, for their own commercial goals, without providing material contributions back,” it said.

“We don’t believe this is in the spirit of open source.”

The decision is, however, also grounded in the realities of business. HashiCorp’s finances depend on its products and services and these have taken a hit in recent months.

In June 2023, the company suffered a substantial drop in its stock price following the release of its Q1 financial results for fiscal year 2024. While revenues increased, the workforce had been trimmed by 8% and the revenue outlook lowered to between $564 - $570 million for the full fiscal year 2024.

Making it possible for competitors to build their own software based on the company’s work is not a reality that will delight many investors. Couple this with its less-than-ideal financials from June and it’s clear to see that HashiCorp’s decision to restrict access to its source code makes complete business sense.

RELATED RESOURCE

IBM whitepaper Gaining observability in cloud native applications

(Image credit: IBM)

Comprehend the behavior of a system and explore the significance of observability in the context of cloud-native environments.

DOWNLOAD FOR FREE

The rationale behind the move was echoed by other companies that have also decided to restrict their source code in recent times. MongoDB, for example, switched to the Server Side Public License (SSPL) several years ago also with a view to restricting the use of its code by other vendors.

Since making the decision, MongoDB’s business has fared well with its stock price rising more than 450% over the last five years, and its most recent financials indicating a 47% YoY increase in revenue.

Granted, the licensing switch won’t have been the sole influence over that large increase, but the company’s success will undoubtedly have been helped by its move to claim more money from its work in the DBaaS space.

HashiCorp has said it does not wish to move to a closed-source model, so has moved from the Mozilla Public License v2.0 (MPL 2.0) to BSL 1.1. 

While end users will still have access to the code, vendors providing competitive services built on HashiCorp’s community products will be prohibited from incorporating future changes.

Avi Press, founder and CEO at Scarf, praised HashiCorp’s approach to a problematic subject, describing the move as: “A difficult business decision carefully communicated”. 

“They are a well-meaning group of people who have shown they do care about OSS, whether or not you like their decision,” he added.

Open source outcry

HashiCorp’s move may make a great deal of sense from a business perspective, but the decision to adopt the BSL has upset some high-profile members of the open source community. 

Amanda Brock, CEO at OpenUK, for example, described HashiCorp’s statements on the BSL as “open washing”.

She went on the say: “The pressure of enabling their competitors with their innovations - an inevitability of open source - did not align with the need to generate shareholder value”.

Peter Zaitsev, co-founder and former CEO at Percona, was equally critical and went so far as to brand the switch to the BSL as “hostile”.

“HashiCorp is, of course, within their right to do these changes, but it is hostile towards the community who supported the company along the way,” he said.

It’s a comment that the company isn’t likely to take kindly. In its view, its source code remains available - keeping the spirit of open source alive - just restricted in a way that allows it to make some extra money from its work.

However, both Brock and Zaitsev raise valid points, since HashiCorp is joining a growing list of open source companies trying to find the fine balance between satisfying shareholders and venture capitalists, while also staying true to their open source roots.

Given the very nature of open source, that balance is almost always never perfectly found - often tipping in one way or the other. The polarization taking place within the open source community has been highlighted, and comparisons drawn between the likes of HashiCorp and MongoDB, with foundation-based projects like Kubernetes and PostegreSQL.

The latter two continue to use approved open source licenses, while others - commercial open source companies, both venture-funded and publicly listed - “continue to show their ‘commitment’ to open source as being no more than a marketing ploy to efficiently attract users and customers at early stages”, Zaitsev said.

And this is where the notion of becoming “hostile” towards the community that supported the likes of HashiCorp rings true. Where a foundation has sponsors or donors providing financial or technical support, companies such as HashiCorp are dependent on their products and services for revenues. 

Where rivals are making commercial use of the products, making a difficult business decision such as a change of license is inevitable.

Joe Duffy, CEO at Pulumi, also had harsh words for HashiCorp, saying: “This relicense is very disruptive across the entire market, and ultimately it is the practitioners who pay the price. 

“This new license is insidious and we do not consider it to be true open source given the extreme restrictions preventing an open marketplace”.

Adam Jacob, co-founder and CEO at System Initiative, was blunter still adding that “if Hashicorp had developed their open source community into a diverse and broad one, they would have been the lingua franca of the cloud”. 

“But since they failed to do that, the only rational move is to extract as much money as possible from what remains.”

Disappointment from the open source community aside, license changes such as those made by HashiCorp have a ring of inevitability about them, especially when uneasy investors are involved.

However, the messaging and license wording around the change requires standardizing. 

As Press noted, there are myriad ways for companies to restrict access by commercial competitors, and a standard path to a ‘you can do what you like with our code except commercially compete with us’ license has yet to be defined.

Richard Speed
Staff Writer

Richard Speed is an expert in databases, DevOps and IT regulations and governance. He was previously a Staff Writer for ITProCloudPro and ChannelPro, before going freelance. He first joined Future in 2023 having worked as a reporter for The Register. He has also attended numerous domestic and international events, including Microsoft's Build and Ignite conferences and both US and EU KubeCons.

Prior to joining The Register, he spent a number of years working in IT in the pharmaceutical and financial sectors.

TOPICS