Ask HN: Does Anyone Use a "Closed Core" Software Model?
Hello HN,
I'm exploring variations in software business models and came across what I'd call a "closed core" approach: the main system is proprietary, but all additional modules are open-source.
- Are there examples of companies adopting this model?
- What are the potential benefits or pitfalls?
- How does it impact community engagement and software adoption? Obsidian.md: closed source app but it uses an open storage format (markdown) and there's a sprawling ecosystem of open source plugins. Telegram does this by having proprietary server and allowing users to compile its own client. Benefits: you can abuse the users, pitfalls: you can be abused by the Government. I hate to use software where developer party considers I need some "engagement" and the fact I have installed the software at all as "adoption", for me these are clear notices that you are doing some scam. Interesting example.
I was thinking about this more in the direction of "protecting the IP/investment" rather then "abuse the users" but i get your point. With the telegram example, i don't see it very much different from a SaaS where you get to talk to an API however you want. My question was more in the space where the customer gets the entire codebase (to deploy it themselves) where just the core is closed (or proprietary with maybe source available) would seeing the source for the core (but no rights to alter/reuse) improve your opinion as to "doing some scam"? Making a software which is going to serve you instead of me. FusionAuth does this. We have a free as in beer downloadable solution with our own software license (available on our site). I am an employee. Benefits: no risk of hyperscaler takeover or fork or future software licensing fiasco, business model of selling software is proven, either license or SaaS Challenges: no halo effect, harder to get contributions (but you can do 'open development' and get bugs and feature requests from community; we do), some devs get less excited about solution, have to address continuity concerns earlier (maybe?) We have a FAQ on our site addressing this question. Hard to tell about community engagement because straight comparisons are hard, but it definitely retards uptake to some extent. Using a free downloadable option can help; we definitely have customers who kick tires before they talk to us. Really depends on your target market too: devs care more about OSS, business users don't. Tailscale is another one. The coordination server is closed source but all the clients are open source. I think Datadog does similar.
I always thought it brought benefits to knowing what runs on your machine, and one time we modified it. Likewise New Relic. My tiny company is starting on this philosophy. The core device and our real IP is closed-source, but all the other components around it are open. Going forward, the same sort of thing will apply - almost everything open, except the bits that are actually hard to replicate. Since the market is security, it makes a lot of sense to open-source as much as possible without compromising our market positioning. I believe several other security-related companies (Tailscale comes to mind) also adopt this philosophy. Many games had mods made by the comunity, and some of them are unofficialy "closed core". Skyrim (mods are open source)? I'm kidding, sort of, games that rely on "user generated content" often feel like exactly this. > "Are there examples of companies adopting this model?" Many examples across the industry: - Autodesk AutoCAD (closed) + Plugins/Addons (many open) - MS Windows (closed) + Many 3rd party programs (open) - Github (closed) + Github Actions (open) - Npm (closed) + Npm modules (mostly open) > "What are the potential benefits or pitfalls?" Benefits: - Harder to replicate, the company gets to keep the "secret sauce" a secret - Opening up a way to "extend" the platform means 3rd party developers add value to your system - The core isn't open, so less effort is required to maintain compare to OpenSource Pitfalls: - Closed-source is hard to verify, company is essentially saying "trust me bro" - Less innovation, as user's can't contribute to the core > "How does it impact community engagement and software adoption?" There's hardcore FOSS advocates that will hate anything not fully open. But a business has to make money and protect it's IP, having a "closed core" is one way to do that and ensure a sustainable business model. Another approach is the opposite, open-core + closed-premium-addons. An example of this is "React Admin" - Open Core -> https://github.com/marmelab/react-admin - Premium Modules Offering -> https://react-admin-ee.marmelab.com/