In the early 1980s, a programmer at MIT named Richard Stallman got into an argument with a printer.
The Xerox laser printer in MIT's AI Lab had a bug: it would sometimes jam and not notify users. Stallman wanted to fix the driver code, as he had done for an older printer, but Xerox had not provided the source code for this new model. He couldn't fix it. He couldn't even look at it.
This experience crystallized something that Stallman had been thinking about for years: software had become proprietary, and that was a problem. Not just an inconvenience — an ethical problem. Software companies were increasingly treating their code as trade secrets, preventing users from studying, modifying, or sharing the programs they ran on their machines. Users had become dependent on software they couldn't control.
In 1983, Stallman announced the GNU project to build a completely free (as in freedom) operating system. In 1985, he founded the Free Software Foundation. In 1989, he published the GNU General Public License — a legal instrument that would prove as consequential as any software he ever wrote.
What began as one man's principled objection to a printer driver became the foundation of a movement that now runs most of the internet.
What Is Open Source Software
Open source software is software whose source code is publicly available for anyone to view, study, modify, and distribute.
The term "open source" was formally defined by the Open Source Initiative (OSI) in 1998. The OSI's Open Source Definition requires that qualifying software must:
- Allow free redistribution
- Include source code
- Allow modifications and derived works
- Not restrict use in any field (commercial, academic, personal)
- Be license-technology neutral
This is distinct from "freeware" — software that costs nothing to use but whose source code is closed and cannot be inspected or modified. And it is distinct from "shared source" arrangements where code is viewable but not modifiable. Open source means the full stack of rights: see, change, and redistribute.
Source Code vs. Binaries
Understanding why source code access matters requires understanding what source code is.
Computers execute binary code — sequences of machine instructions. Programmers write in higher-level languages (C, Python, Java, JavaScript) and translate that code into binaries through compilation or interpretation. Source code is the human-readable version; binaries are what the machine actually runs.
Without source code, you can use the software but you cannot understand it, audit it for security vulnerabilities, modify its behavior, or fix its bugs. You are entirely dependent on the vendor. With source code, any capable programmer can do all of these things. The difference is analogous to being given a recipe versus being given a prepared dish — one you can learn from, modify, and reproduce; the other you can only consume.
The Free Software Movement: Stallman's GNU Project
Richard Stallman's contribution to the open source world is both technical and legal.
Technically, he and the GNU Project built most of the components of a free operating system: compilers (GCC), text editors (Emacs), debuggers, utilities, and core system tools. These were extraordinary engineering achievements, produced without commercial funding, driven by a community of contributors who believed software should be free.
Legally, Stallman invented copyleft — a clever inversion of copyright. Standard copyright gives creators exclusive rights to their work. Copyleft uses copyright law to guarantee that software and all derivatives remain free. The GNU General Public License (GPL) allows anyone to use, modify, and redistribute GPL software, with one condition: any modifications or derivatives distributed to others must also be released under the GPL.
This "viral" property of the GPL was controversial and is still debated. It ensures that no company can take GPL code, improve it, and release a proprietary product based on those improvements. Critics argue this restricts commercial adoption; proponents argue it is the mechanism that ensures the commons grows.
The GPL remains the most widely used open source license in the world, and it is the license that governs Linux.
Linux: The Kernel That Changed Everything
In 1991, a Finnish computer science student named Linus Torvalds posted to a Usenet newsgroup:
"I'm doing a (free) operating system (just a hobby, won't be big and professional like GNU)."
That hobby became Linux — the operating system kernel that Torvalds wrote and released under the GPL. It was the missing piece the GNU Project had been building toward but hadn't finished: a free kernel to complete the GNU operating system.
The combination — GNU tools plus the Linux kernel — produced a complete, free, modifiable operating system. Linux was adopted by developers and hobbyists who contributed improvements back to the codebase. The community and the codebase grew together, each reinforcing the other.
Today, Linux runs approximately 96% of the world's top web servers, all of the world's 500 fastest supercomputers, and most smartphones via Android (which is built on the Linux kernel). When you use Google, Facebook, Amazon, Twitter, or virtually any major web service, you are almost certainly interacting with software running on Linux.
This outcome — a free operating system created and maintained by thousands of volunteers worldwide becoming the dominant platform for computing infrastructure — was not obviously predictable in 1991. It changed how the industry thought about what open source software could be.
The 1998 Rebranding: "Open Source"
By the late 1990s, Linux and open source software had proven themselves capable of enterprise-grade quality. But the term "free software" created commercial confusion — was "free" about price or freedom? Stallman meant freedom, but many heard price.
In January 1998, shortly after Netscape announced it would release the source code to its Navigator browser (later becoming Mozilla/Firefox), a small group including Eric Raymond and Bruce Perens coined the term "open source" as an alternative branding.
The explicit goal was to make the movement more palatable to businesses and to shift the emphasis from ideology to pragmatism. Open source, in this framing, was about better software through public development processes — not political philosophy.
Stallman has consistently refused to use the term "open source," arguing that it obscures the essential values of the movement. The two camps have coexisted uneasily since, generally grouped as the FLOSS community: Free/Libre and Open Source Software.
For practical purposes, most software qualifies as both free software and open source. The philosophical difference rarely matters in day-to-day development.
OSI Licenses: The Legal Landscape
The OSI maintains a list of approved open source licenses. They vary significantly in their terms. The major categories:
| License Type | Examples | Key Characteristic |
|---|---|---|
| Strong copyleft | GPL v2, GPL v3 | Derivatives must use the same license |
| Weak copyleft | LGPL, Mozilla Public License | Copyleft applies to modifications of the library, not the work using it |
| Permissive | MIT, Apache 2.0, BSD | Use, modify, and redistribute with minimal restrictions; derivatives can be proprietary |
| Network copyleft | AGPL v3 | Extends GPL copyleft to software used over a network (plugging the "SaaS loophole") |
Permissive licenses — MIT, Apache 2.0, and BSD variants — have become dominant in recent years because they allow commercial use without restriction. Major projects using permissive licenses include Node.js (MIT), Kubernetes (Apache 2.0), React (MIT), and TensorFlow (Apache 2.0).
The choice of license is a significant strategic decision. Companies with large open source footprints (Microsoft, Google, Meta) generally prefer permissive licenses that allow them to incorporate open source code into proprietary products. Pure free software advocates prefer GPL-family licenses that ensure the commons remains open.
How the GitHub Ecosystem Changed Everything
Git — the version control system Linus Torvalds wrote in 2005 to manage Linux kernel development — became the foundation of modern software collaboration. In 2008, GitHub launched as a hosting platform for Git repositories, and the effect was transformative.
GitHub lowered the barrier to contributing to open source dramatically. Before GitHub, contributing to an open source project required navigating mailing lists, patch submission processes, and tribal knowledge. GitHub introduced the pull request model: fork a repository, make changes, submit a pull request, and maintainers can review and merge your contribution with a few clicks.
By 2023, GitHub hosted over 420 million repositories and more than 100 million developers. The platform has become the de facto home of open source development, even for projects that predate it.
The GitHub effect:
- Made open source contributions legible as professional credentials
- Created a public record of developer activity that functions as a portfolio
- Enabled collaboration between people who have never met
- Produced network effects that concentrated open source activity on one platform
Microsoft acquired GitHub in 2018 for $7.5 billion. Many open source advocates expressed concern; so far, GitHub has continued to operate as a relatively open platform.
Corporate Open Source: How Businesses Participate
The relationship between corporations and open source evolved from hostility to dominance. In 1998, Microsoft CEO Steve Ballmer called Linux "a cancer." By 2019, Microsoft had become the single largest contributor to GitHub and had acquired GitHub itself.
The shift happened because companies discovered open source was in their economic interest:
Shared infrastructure costs: When many companies use and contribute to the same foundational software (Linux, Kubernetes, PostgreSQL), they share the cost of development and maintenance. No single company needs to fund the entire stack.
Talent and recruitment: Developers want to work at companies that contribute to open source. Open source contribution builds a company's reputation in the developer community.
Ecosystem building: Releasing software as open source builds an ecosystem of tools, integrations, and expertise around your platform. This is why Amazon, Google, and Microsoft all contribute heavily to Kubernetes — they compete on the managed services layer, but benefit from a healthy shared infrastructure.
Developer adoption: Free and open software spreads faster. Once a tool is widely adopted, commercial offerings (support, hosted versions, enterprise features) can follow.
Open-Core and Dual Licensing
Two common commercial models built on open source foundations:
Open-core: Provides a free, open source core product and charges for proprietary enterprise features. GitLab, Grafana, and Elastic have used this model. The tension: if the open source core is good enough, there's no incentive to pay for enterprise features.
Dual licensing: Software is available under a restrictive copyleft license (GPL) for free use, and under a commercial license for companies that don't want the copyleft obligations. MySQL (owned by Oracle) uses this model.
Both models have faced challenges. Companies that built substantial businesses on other companies' open source work — without contributing back — created resentment and license changes. HashiCorp switched its Terraform and Vault products from the Mozilla Public License to the more restrictive Business Source License in 2023, citing cloud providers monetizing their work without contributing. Redis Labs, Elastic, and MongoDB have made similar moves, each provoking significant community debate.
The Security Paradox
Open source software's relationship with security is genuinely complex.
The case for security through openness: Linus's Law, articulated by Eric Raymond in his 1999 essay "The Cathedral and the Bazaar," holds that "given enough eyeballs, all bugs are shallow." Public code can be audited by the entire security research community. Vulnerabilities found by independent researchers can be reported and fixed without the company being able to suppress the information. Many security tools — Wireshark, OpenSSL, nmap — are themselves open source.
The case against: Most open source projects are maintained by very small teams — often a single developer — with no formal security review processes, no security team, and no security budget. The 2021 Log4Shell vulnerability in Apache Log4j demonstrated the risk acutely. Log4j is a logging library used in hundreds of millions of Java applications globally; the vulnerability was critical and widely exploitable. It was maintained by a small team of unpaid volunteers. No enterprise used it because it was secure — they used it because it was convenient and assumed someone else had checked the security.
A 2022 study by the Linux Foundation found that the top 500 open source packages collectively have fewer than 3,000 full-time equivalent developers maintaining them — an extraordinarily thin layer of human attention supporting global digital infrastructure.
The response has included the OpenSSF (Open Source Security Foundation), government initiatives to fund open source security, and commercial tools for software composition analysis — tracking which open source components an application depends on.
Why Open Source Won
The triumph of open source across the industry is so complete that it's easy to forget how improbable it once seemed. In 1999, the conventional wisdom was that proprietary software, with its professional development teams and quality control processes, would always outperform volunteer-developed open source alternatives.
The opposite happened. Open source won for compounding structural reasons:
Aggregated talent: No single company employs all the best developers in any domain. Open source can attract contributions from the best developers globally, regardless of employer or nationality.
Accumulated improvement: Open source software with many contributors accumulates improvements faster than proprietary alternatives developed by a single team. Linux today reflects decades of contributions from thousands of developers.
No lock-in: Organizations that depend on proprietary software are dependent on the vendor — for bug fixes, security patches, and continued development. Open source eliminates that dependency. This became especially important as software moved to the cloud; organizations wanted infrastructure they could run and modify themselves.
Generativity: Open source creates platforms that others can build on, creating entire ecosystems. The Android ecosystem, built on Linux and other open source components, would not exist as proprietary software.
Economic logic at scale: For infrastructure software that many companies need — operating systems, databases, web servers, container orchestration — there is no competitive advantage in each company building its own proprietary version. The rational strategy is to build it once, together, and compete on the layers above.
"Open source is the largest collaborative project in human history. Billions of lines of code, written by millions of contributors across every country in the world, powering almost all of digital civilization. And most of it was built by people who weren't paid to do it." — common observation in software engineering
The Sustainability Crisis
Despite its success, the open source movement faces a serious and growing sustainability problem. The infrastructure of the internet depends on thousands of libraries and tools maintained by small teams — often single individuals — working without compensation.
A 2020 study by the Linux Foundation and Harvard's Laboratory for Innovation Science (LISH) analyzed the top 500 open source packages by dependency count and found that:
- The top 500 packages collectively had fewer than 3,000 full-time-equivalent maintainers
- Many critical packages had one or two active maintainers
- Maintainer burnout and abandonment were significant risks across the ecosystem
The consequences became vividly clear in several high-profile incidents:
Log4Shell (2021): The Log4j vulnerability (CVE-2021-44228) was rated the maximum severity: 10 out of 10. Log4j, a Java logging library embedded in hundreds of millions of applications, was maintained by a small team of volunteers. The vulnerability required emergency patches and created weeks of frantic remediation work across most large organizations worldwide.
Left-pad (2016): A JavaScript package called "left-pad" — an 11-line function — was unpublished by its author after a trademark dispute. It broke thousands of builds that depended on it, including Node.js and Babel. The incident revealed how deeply the modern software supply chain depends on tiny, unmaintained packages.
Faker.js and colors.js (2022): The maintainer of these widely-used JavaScript libraries deliberately introduced breaking changes to protest corporate free-riding on his unpaid work. His message was unambiguous: the expectation of indefinite free labor is unsustainable.
The community has responded with several initiatives. GitHub Sponsors, Open Collective, and Tidelift provide mechanisms for companies and individuals to fund maintainers directly. The OpenSSF (Open Source Security Foundation, founded 2020) channels corporate resources into security audits of critical open source projects. The US government's executive order on software supply chain security (2021) explicitly named open source dependencies as a risk area requiring attention.
The core tension remains unresolved: open source software generates enormous commercial value, much of which accrues to corporations that contribute little to the projects they depend on. Whether the sustainability solutions emerging now are adequate to the scale of the challenge is genuinely uncertain.
Open Source and Geopolitics
Open source has increasingly intersected with geopolitical tensions. Several notable developments:
Sanctions compliance: When US sanctions were applied to Russia following the 2022 invasion of Ukraine, several open source maintainers revoked access or introduced deliberate breakage for Russian users — raising questions about whether open source licenses create enforceable obligations to all users regardless of geopolitical context.
China's dependency on open source: China's technology sector is deeply dependent on Western open source projects. Growing tension between US and Chinese technology ecosystems has accelerated Chinese government investment in domestic open source alternatives and in establishing local foundations (like the OpenAtom Foundation) to steward Chinese open source projects.
Export control questions: Some open source software with cryptographic capabilities technically falls under US export control regulations. The OSI and legal community have worked to establish frameworks that allow export of open source software while complying with regulatory requirements, but the legal landscape remains complex.
These geopolitical dimensions add a new layer to the open source landscape that the movement's founders did not anticipate. The vision of software as a global commons available to all — embodied in licenses that explicitly prohibit discrimination by nationality or field — is increasingly challenged by the reality of a fractured geopolitical environment.
The movement that began with a frustrating printer in a university lab now powers smartphones, autonomous vehicles, space exploration, genomics research, and financial markets. Richard Stallman's original political vision and Linus Torvalds's practical kernel created conditions for something neither of them fully anticipated: a global collaborative infrastructure that runs the modern world — and that now navigates the tensions of that world alongside everyone else.
Frequently Asked Questions
What is open source software?
Open source software is software whose source code is made publicly available for anyone to view, modify, and distribute. The term, and its formal definition, was established by the Open Source Initiative (OSI) in 1998. To qualify as open source under the OSI definition, software must allow free redistribution, must include source code, must allow modifications and derived works, and must not discriminate against persons, groups, or fields of endeavor. Open source is distinct from 'freeware' (free to use but source code is closed) and from the older 'free software' movement (which emphasizes software freedom as a political value).
What is the difference between free software and open source?
The 'free software' movement, led by Richard Stallman and the Free Software Foundation since 1983, emphasizes four essential freedoms: to run the software, to study and change it, to redistribute copies, and to distribute modified versions. The motivation is political and ethical — software freedom as a matter of user rights. 'Open source,' a term coined in 1998, was a deliberate rebranding that emphasized the practical engineering and business benefits of publicly viewable code rather than the ideological dimension. Most software qualifies as both, but the communities and philosophies differ: Stallman considers 'open source' to be missing the point.
How is open source software funded?
Open source funding models vary widely. Many projects depend entirely on volunteer contributions. Foundation-supported projects (Apache, Linux Foundation, CNCF) receive corporate donations and membership fees. Dual licensing offers open source code for free but charges for commercial licenses. Open-core models provide a free open source core with paid proprietary extensions (GitLab, HashiCorp before its license change, Elastic). Support and services companies (Red Hat was the original model) give away software but sell support contracts. Direct sponsorship via GitHub Sponsors, Open Collective, and Patreon allows individuals and companies to fund maintainers directly. The funding landscape remains fragile for many critical projects.
Why does open source now power most of the internet?
Open source won for compounding reasons: shared development costs (thousands of contributors improving code no single company could afford to build alone), rapid iteration (bugs found and fixed faster with public code review), no lock-in (adopters can modify and maintain code themselves), and network effects (as usage grew, more developers contributed, improving quality further). Linux now runs an estimated 96% of the world's top web servers, all major cloud platforms, and most smartphones (Android). The Apache web server, Nginx, Python, PostgreSQL, and Git are among the foundational open source tools that power nearly every web application in existence.
What are the security implications of open source?
Open source security is genuinely dual-natured. On one hand, public code can be reviewed by anyone, which means vulnerabilities can be found and reported by the security community — a principle sometimes called Linus's Law ('given enough eyeballs, all bugs are shallow'). On the other hand, most open source projects are maintained by small volunteer teams with limited security expertise and no formal security review processes. The 2021 Log4Shell vulnerability in the widely used Log4j library, maintained by volunteers, demonstrated how a single flaw in a critical open source dependency could threaten millions of systems worldwide.