Half-open source

On October 17th, MySQL AB announced a new commercial offering, based of course on their renowned opensource database product. Apache folks Ian Holsman and Steve Loughran comment on the announcement.

But we have a very similar scenario even closer to home, with the acquisition by Breach Security of mod_security. I’ve actually been thinking about the possible implications of that one, with a view to featuring it in my column for El Reg, and my conclusion is that if Ristic and Breach play their cards right, this could be good news for everyone. Ristic’s interview with securityfocus is reassuring on this count.

One thing that may have profoundly affected the mod_security situation is the use of the GPL. Of course, Breach (like MySQL) can do exactly what they like with their product. But if AN Other bases a new product on it – and mod_security certainly has scope for that – it has a profound effect. In effect, Breach have bought themselves a monopoly on the right to release a closed-source enterprise edition.

Posted on October 23, 2006, in apache, gpl, mysql, open source. Bookmark the permalink. 4 Comments.

  1. “Closed source enterprise edition”? What was I thinking?

    Yes, that’s what they’ve announced. But of course their monopoly extends further than that. Hardware devices embedding something based on mod_security are just one example.

  2. So maybe there’s room for another module with an ASL license instead, it shouldn’t be entirely impossible to write one from scratch ๐Ÿ˜‰

  3. I too believe the acquisition of ModSecurity can be good news for everyone. I wouldn’t have agreed to it had I thought otherwise. Those who have followed ModSecurity know its growth had started to put strains on me and that the development speed was never to my liking. A month or so down the road, things are starting to improve. ModSecurity 2 has just been released. So has been the first release from the rules sub-project (also GPLv2), now run by Ofer Shezaf, the CTO of Breach Security. And the monitoring & log centralisation product, ModSecurity Console (previously for-pay) is now available for free with a licence for up to three sensors.

    So I say let’s judge Breach Security based on its actions. I understand that there are doubts, and always will be, but I am hoping they can fade over time. ModSecurity is *very* important to me. I am therefore hoping I will be able to continue to run project as I did so far in spite of the change of ownership.

    Regarding the closed-source enterprise edition, Breach Security did not announce any such thing and there are no plans to go there. The plan is add value in other ways and build appliances using the same code base.

  1. Pingback: El Reg column « niq’s soapbox

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: