Business Continuity Risk

[theashguy]

The most compelling argument (I felt) from @freakboy3742's keynote this morning at PyCon AU (and the one that immediately got my business brain pumping) was the Business Continuity Risk involved in not securing your supply chain. This is a real lever the we have to build a funding system around, and one that big business understands.

If we can draw a solid, tangible line between the underlying packages a product uses (proving that these businesses really do have skin in the game), and the risk in the ongoing running of the business you can cause a real, tangible affect on things like VC Investment / Share Price etc. which would provide a natural market based driver for backing open source software.

I'm still percolating this one but I thought I'd pull it up to the top of the issues list for discussion. My questions would be:

• Nothing is new-- what examples are there of people trying this in the OSS world already?
• Seriously, nothing is new-- How have people achieved introducing successful, novel monetisation models (which is effectively what we're looking at here) in other contexts. What hurdles did they run into (I'm especially thinking about the history of VC / The Valley, or maybe the MicroLoans stuff thats been happening in the third world). Any economists, or well read history folks in the house?

[jayfk]

@nayafia did some research on this: https://github.com/nayafia/lemonade-stand

[theashguy]

Love it. One of the next things I was going to bring up was that we probably want at the end of this a kind of Open source funding stack that can be implemented on different projects at different times, and all of the current funding models are going to play a part in that.

[Antman261]

This is where my instincts keep pulling me when I think about this issue. But my mind always goes to platforms because I'm a creative masochist - create a platform wherein open source projects can build a risk/funding profile and companies can subscribe to regular contributions, to lower the risk that that dependency falls out of maintenance.

That way companies can see the health of their OSS dependencies and open source projects can get funding or not in a predictable and sustainable way. Otherwise, how else is there an economic lever other than commoditising a complement?

It's really an exercise in raising risk visibility and lowering contribution resistance.