Working at the Internet Systems Consortium, I feel I have a somewhat privileged look into the open source business model, which I’d like to address. We face the unique challenge of developing and maintaining BIND, the most-installed nameserver software on the planet, which some estimates place on 80% of all DNS servers. We’re proud of our open source heritage–one that began with the first iteration of BIND in 1994. I believe a large part of our success is due to BIND’s flexibility and resilience–it’s software that just works on both large and small scale. The other part is, of course, its price; free is a difficult cost to argue against. According to Dan Ariely, in his paper “Zero as a Special Price”:
“Decisions about free (zero price) products differ, in that people do not simply subtract costs from benefits and perceive the benefits associated with free products as higher.”
Now, don’t get me wrong: I’m a firm believer in the software we produce. However, there are number of costs associated with using open source code that aren’t necessarily visible at a glance. Maintaining BIND in-house or creating a fork requires engineers who understand it, who are familiar with the security community, and are able to install, make, and assemble a compatible patch for each platform used–it’s not exactly a simple download. But there’s another issue more significant than the resources and time required. BIND’s main advantage–a myriad of eyes to improve quality–also contributes directly to its major drawback. People who download open source code don’t have access to the same support as those who use purchased software.
I’ve watched as BIND has been adopted and customized to address all manner of DNS requirements, and I’ve come to realize that some customers need more from ISC. Some need that extra level of support for their systems–some need it 24/7. Some want to know they are following best practices and relish the idea of using our engineers as a sounding board. Many simply need a higher level of performance and stability than they could achieve on their own. The most compelling reason I can think of is achieving peace of mind: knowing that your infrastructure is receiving security patches as soon as they are available and is therefore safest from harm.
ISC has recognized this need from our most demanding customers; we’re adopting a subscription model based on the depth of service most appropriate for each customer. ISC now offers extended support and packaged consultancy for best practice implementation to enterprise-level customers. We’re taking the first steps towards making things convenient, not just functional.
I’ve got good reasons to believe ISC’s support team is some of the best in the business. Our veterans are systems engineers, computer programmers, and network analysts, all of whom have at least five years of experience. If they don’t know something, they can just ask the people who wrote it–if they’re not next door, they’re just an email away.
The important takeaway is that there’s a difference between price and cost. The price of open source is always zero–and that offers a great many benefits to the internet community. There are also costs associated that stem from how much a company might be willing to risk. When you are running mission-critical infrastructure without support, they can be simply astronomical. Sometimes, free is just too expensive.