HashiCorp’s New “Business Source License”: Facts and Analysis

What, Why, and “Will this affect me”

What Happened?

On August 10th, HashiCorp, the makers of popular open source tools like Vault, Terraform, Packer, and Consul, among several others, announced that subsequent releases of the source code for these tools will be under the Business Source License (BSL) v1.1 instead of MPL 2.0. Because BSL is not considered to be open source by the Open Source Initiative (OSI), HashiCorp is referencing these products as “freely available” or “community” versions instead of open source. Their implementation of the license also includes a critical “Additional Use Grant” which states:

“You may make production use of the Licensed Work,
provided such use does not include offering the Licensed Work
to third parties on a hosted or embedded basis which is
competitive with HashiCorp’s products.”

Why Did this Happen?

HashiCorp explains the rational for the license change as being a way to protect their control of their product’s commercialization. Translation:

They are finding that the process of investing “tens of millions of dollars” annually to enhance and maintain their open source tools, while allowing open competition for commecialization, is not sustainable. Their financial results from the most recent quarters support this:

• A reduction in full year revenue guidance from Q4 2023 by $25 million
• Q1 2024: Revenue of $138 million, GAAP Net Loss of $53.3, Net Margins of -38%
• An expectation that revenue growth will be less than 2% Quarter over Quarter for all of 2024 (they guide for between $564–$570 million in revenue for 2024). This level of growth is a dramatic slowdown and makes it hard for HashiCorp to market itself as a “growth story” going forward.

In summation, HashiCorp is feeling the pinch from an environment where their fixed costs are elevated from maintaining open source projects and their competition is able to freely undercut them on directly competitve products, and this is their way of re-balancing the situation.

Will this Effect Me*?

*This is not legal advice — just our best interpretation. For your situation, please discuss with an attorney.

I am a user of HashiCorp community tools for personal projects: No effect. You can copy, modify, and redistribute subsequent releases of HashiCorp community software, as well as embed them in non-commercial tools.

I am a user of HashiCorp community tools within my organization: No effect. You can copy, modify, and redistribute subsequent released of HashiCorp community software, as well as embed them in internal tools that are not sold to others as competitive alternatives to what HashiCorp sells.

My organization sells a product that either runs or embeds HashiCorp community software and is competitive to a HashiCorp offering: If this is you, without a separate licensing or commerical agreement, your competitive offering will be in violation of HashiCorp’s license for all releases of their community software after August 10, 2023.

Analysis

TLDR: There were some aggressive and completely legitimate business tactics at play here, and HashiCorp, as owner of the underlying IP, has the trump card.

The first move was by a series of competitors that have emerged that compete directly against HashiCorp offerings for managing their community-level tools. With an open license and no fixed costs for maintaining and enhancing underlying tools, competitors were able to carve out market share, sometimes due to differentiated and forward-leaning features, and many times with aggressive differentation on price. We are particularly familiar with the Terraform ecosystem, and some of the direct competitor’s to HashiCorp’s Terraform Cloud and Terraform Enterprise include Scalr, Env0, Spacelift, and digger.

While HashiCorp stated that these vendors “take advantage of pure OSS models, and the community work on OSS projects, for their own commercial goals, without providing material contributions back”, this feels excessive. None of these companies did anything wrong (accept perhaps the implementation of a business strategy with a critical weakness), and they released innovative tooling which pushed HashiCorp to improve their own offerings. Lastly, “providing material contributions” to an enterprise-owned tool is sometimes not supported well enough to be easy, and certainly should not be an expectation of OSS usage.

The second move was for HashiCorp to make the license change. This protects the IP and interests of the corporation, and are completely legal, legitimate, and understandable. As we discussed earlier, their recent financial performance necessitates an overhaul in commerical strategy, and this is such an overhaul. At the end of the day, when you own the IP, you hold the keystone to a broad ecosystem.

Open Questions

What happens to direct competitors to HashiCorp’s SaaS offerings? For the SpaceLifts and Env0s of the world, is HashiCorp’s new license enforcement strategy could go two main ways:

1. Forbid all directly competitive offerings, full stop. This would be quite disruptive and mean the wind-down of many competive offerings as they become obselete with subsequent version releases of the underlying community tools.
2. Negotiate large, financially material licensing agreements. This would be less disruptive, but would serve to raise prices across the entire ecosystem as HashiCorp essentially distributes the cost of maintaining community tools across the ecosystem.

Will there be a major fork of Terraform and other popular HashiCorp community tools?

Only time will tell, but it seems unlikely that a major fork would work. There is no organization that can provide the resources necessary to maintain and upgrade forks of community tools at the same level of proficiency as HashiCorp. The broader user community will want to stay with the offering with the most well-maintained features, and that will almost certainly continue to be HashiCorp’s community offerings. For a tool like Terraform, HashiCorp could always change the license around things like major providers, which would further burden any alternative community fork. Lastly, even if an extremely well resourced company wanted to support a fork, HashiCorp’s focus and organizational knowledge is a deep moat. As one example, AWS, an organization as well resourced as they come, could not supplant ElasticSearch with their OpenSearch fork.

What does this mean for HashiCorp’s ecosystem going forward? It is really hard to say. The usage rights of their community tools for most of their user base is completely unchanged (see above: “Will this Effect Me?”), minimizing the overall effect. If this is the beginning of HashiCorp closing off their ecosystem, however, then yes, their ecosystem/buy-in around new products could be harmed going forward. That being said, only time will really tell.

—

What did we miss? What do you think of the License change? Let us know in the comments below!

—

dragondrop.cloud’s mission is to automate developer best practices while working with Infrastructure as Code. Our flagship OSS product, cloud-concierge, allows developers to codify their cloud, detect drift, estimate cloud costs and security risks, and more — while delivering the results via a Pull Request. For enterprises running cloud-concierge at scale, we provide a self-hosted management platform. To learn more, schedule a demo or get started today!