});
Home
Glossary
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
AGPL (Affero General Public License)
A copyleft license that triggers obligations when software is offered over a network. Precursor to modern network-use and cloud-native reciprocity thinking.
annual recurring revenue (ARR)
The predictable, subscription-based revenue that a company expects to earn over a 12-month period. It's a key metric used to measure the yearly revenue generated from ongoing contracts, subscriptions, and other recurring income...
anti-cloud resell clauses
License provisions designed to prevent hyperscalers or third parties from offering the software as a managed service without contributing back.
arbitrage
finding and exploiting an inefficiency or imbalance to gain an advantage.
asset class
A category of investments that share similar characteristics, behave similarly in markets, and are usually governed by similar regulations.
attribution registry
An attribution registry in open source is a maintained, queryable record that links software components (packages, modules, repositories, or files) to their required attribution data: copyright holders, license(s), notice text,...
B
bring your own key (BYOK)
An enterprise security capability that allows customers to generate, manage, and retain control of their own encryption keys within a vendor’s cloud environment, rather than relying on the vendor's keys. In the Commercial Open...
business source license (BSL)
BSL (sometimes BUSL) is a time-decaying, source-available license that transitions to open source, usually after 3–4 years. It is designed to protect commercialization during early growth phases. Source code is publicly...
BYO‑Cloud
BYO-Cloud (Bring Your Own Cloud) is a hybrid deployment model where the commercial open source vendor manages the software application and operations (the control plane), but the actual infrastructure and data reside within the...
C
Certified COSS™
The Certified COSS™ Framework is the industry-defining standard and certification mark for "true" Commercial Open Source companies, designed to establish trust and predictability in the asset class. Analogous to a "GAAP" for...
commercial open source (COSS)
A business strategy that involves an open source project and a company that monetizes it through added services or products. A commercial open source (COSS) company is a legally registered entity whose principal business...
community edition
The free, open source version of a product. Compare with enterprise edition.
conditioned rights transfer
Conditioned rights transfer is a governance mechanism designed to solve the "launchpad vs. graduation" dilemma for early-stage open source startups. Instead of a complete transfer of IP on Day 1, ownership and governance rights...
contribute-back clauses
A “contribute back clause” is a license provision that obligates users or customers to return certain modifications or improvements to the project, often under specific terms. It is not a standard open-source concept but shows...
contributor license agreement (CLA)
A legal instrument allowing contributors to grant IP rights to a company or foundation. In licensing innovation, increasingly paired with governance controls. A CLA clarifies that you own the code or content you are...
control-plane licensing
Licensing strategies that differentiate the data plane (often permissive OSS) from the control plane (often source-available or commercially restricted).
COSS Covenant™
The COSS Covenant is a legal framework designed to formalize shared commitments between founders, investors, and the open source community, effectively creating a firewall between the pressures of capital and the integrity of...
curing
In simple terms, "curing" is the structured, data-driven process of transitioning a project from founder-controlled stewardship to neutral, community-led governance. Instead of an irreversible donation on Day 1, we implement...
D
data commons license
An emerging category governing rights to shared datasets, often requiring data contribution, lineage disclosure, or reciprocity in derived datasets.
defensive termination clauses
Many modern open source licenses (e.g., Apache 2.0, GPLv3) include “defensive termination” patent clauses that automatically revoke the patent license granted to a user if that user sues contributors or other users for patent...
developer certificate of origin (DCO)
A lightweight mechanism for contributors to certify that they created the code they are submitting or otherwise have the right to contribute it. Unlike a Contributor License Agreement (CLA), which requires a formal signature...
developer relations (DevRel)
Roles focused on nurturing the user/contributor community. They engage with users, create content, and act as a bridge between community and the company. Sometimes referred to as community managers or developer advocates.
dual licensing
Offering the same code under both an open-source license and a commercial license. A core business model for many COSS companies. Under dual licensing, users can choose which license terms to accept: for example, a copyleft...
E
enterprise edition
The paid version of a software product. Compare with community edition.
F
fair source
A type of source-available license that preserves source transparency but restricts commercial use.
fork
In open source, a fork happens when someone takes the source code and starts a new project with it, diverging from the original. This can be benign (just personal experimentation) or a serious split (as in the community creates...
G
GNU General Public License (GPL)
The GPL (GNU General Public License) is a copyleft free software license family that requires derivative works to be distributed under the same license terms, ensuring users' freedoms to run, study, modify, and share...
governance-integrated licensing
In a governance‑integrated approach, decisions about who can change the license, add CLA requirements, or introduce commercial terms are explicitly tied to project governance structures (e.g., foundation board, technical...
H
hyperscaler
In the COSS economy, hyperscalers (AWS, Google Cloud, Microsoft Azure) are the dominant cloud infrastructure providers that control the underlying plumbing of the modern internet. From a strategic perspective, they represent a...
I
ideal customer profile (ICP)
An ideal customer profile (ICP) defines a specific type of organization (and the buyer persona within it) that is a company's top target. I.e., the type of customer that derives value from your Commercial Offering and is willing...
ideal user profile (IUP)
An ideal user profile (IUP) defines a specific type of user that uses (derives value from) your offering but is not the economic buyer. Compare with: ideal customer profile (ICP)
J
jobs to be done (JTBD)
A strategic framework, jobs to be done (JTBD) is an analytical lens that is used to understand the causality behind user behavior. It posits that customers don't buy products because of their demographic (who they are); they...
M
monthly recurring revenue (MRR)
MRR is the measure of the total predictable and recurring income that a company expects to generate from its active subscriptions in a given month. It normalizes all subscription terms (monthly, quarterly, annual, etc.) into a...
N
net revenue retention (NRR)
Expressed as a percentage, NRR shows how a company is growing over time, as it includes upsells minus churn. For example, if a company start sthe year with $100 in ARR and those same customers are paying $140 a year later...
noncommercial license
A source-available license that permits free usage but prohibits commercial exploitation.
O
open core
Open core is a business model where the foundational software—the "core"—is released under a standard open source license (like Apache 2.0 or MIT) and is free to use, while a layer of value-added features, tools, or hosting...
open source program office (OSPO)
A team or unit within a company focused on open source strategy, compliance, and community engagement. Typically in larger companies, but even a startup might designate someone to handle open source licensing and related issues.
OpenRAIL
OpenRAIL (Open Responsible AI Licenses) is a family of AI-specific licenses that enable open access, use, and distribution of AI models while imposing behavioral restrictions to prevent harmful applications. These licenses...
OSI (Open Software Initiative)
A non-profit organization dedicated to promoting open source software and maintaining the Open Source Definition. The OSI is the global steward of the Open Source Definition (OSD), serving as the recognized authority for...
P
parity license
A reciprocity license requiring that commercial users contribute back or release their improvements under the same terms.
permissive license
A Permissive License is a type of open source license that guarantees freedom of use, modification, and redistribution with minimal barriers (typically only requiring attribution). Unlike "Copyleft" licenses (like GPL) which...
political economy
A branch of the social sciences that studies how political power and institutions interact with economic systems, markets, and the distribution of resources in society. Open source is considered a "political economy" because it...
pre-seed (funding round)
In the venture capital world, Pre-Seed is the earliest formal stage of startup funding. It is the "ignition" capital—the money you raise to prove that your idea has legs before you are ready for institutional Seed...
product-market fit (PMF)
The stage when a product satisfies a strong market demand – usually evidenced by a growing user/customer base and low churn (people stick with the product). For OSS, product-market fit often first shows as numerous developers...
project-community fit (PCF)
A term from OSS business – it means the open source project has garnered a thriving community that actively contributes and advocates for it. It’s an earlier stage than product-market fit, focused on developer interest and...
R
reciprocity trigger
A condition in a license that activates obligations, such as commercial use, cloud resell, scale of deployment, or training of AI models.
reference architecture
A technical blueprint that provides a recommended deployment pattern for a specific technology or solution. It incorporates industry best practices to ensure critical standards (e.g., reliability and security) are met, serving...
rug pull
A “rug pull” in open source is when a project’s maintainers abruptly and significantly change, restrict, or withdraw what made the project valuable—without reasonable warning or community input—leaving users and contributors...
S
seed (funding round)
In the venture capital ecosystem, the Seed Round is typically the first "official" institutional funding stage for a startup. It follows the "pre-seed" or "friends and family" stage and precedes the Series A round. At this...
server-side public license (SSPL)
A MongoDB-developed license requiring that anyone offering the software as a cloud service open-source the entire service stack.
service available market (SAM)
Service Available Market (SAM) represents the portion of the Total Addressable Market (TAM) that a company can realistically target and serve with its current business model and capabilities. SAM is a more practical and focused...
service obtainable market (SOM)
Service Obtainable Market (SOM, sometimes called Share of Market)is the portion of the Serviceable Available Market (SAM) that a company can realistically capture in a specific, often short-to-medium-term, timeframe (e.g., the...
source available
A license that allows users to read the source code but restricts certain kinds of use, such as commercial deployment or cloud operation.
springing license
A licensing model where a project starts under a restrictive or proprietary license but automatically converts to a more permissive open source license when certain conditions are met, typically after a defined time period...
sunset license
A time-based license that automatically transitions from source-available to open source after a defined period.
T
time-decaying license
Any license that changes its terms automatically after a set duration (e.g., BSL converting to Apache 2.0 after 3 years).
total addressable market (TAM)
Total Addressable Market (TAM) represents the maximum revenue that a product or service could generate if it were to achieve 100% market share, without any competition or geographical limitations. TAM is the "big picture"...
training-use restriction
A condition limiting whether the software or content may be used to train AI models.
U
unit economics
Unit Economics (COSS)A financial framework measuring the efficiency of converting open source community engagement into commercial enterprise value. Unlike traditional SaaS models that focus solely on LTV/CAC (Lifetime Value /...
upstream contribution requirement
A license clause requiring that improvements or modifications be contributed back to the project as a condition of continued use.
V
value metric
The specific unit of measurement (e.g., active nodes, data volume, seats) used to determine pricing, ensuring that the price a customer pays scales linearly with the utility they receive. In the context of COSS, selecting the...
value-market fit (VMF)
The point where the company has aligned its value proposition with market willingness to pay. This is essentially figuring out the right monetization formula (e.g., which feature set at what price meets a real need).
W
willingness to pay (WTP)
WTP (willingness to pay) A metric reflecting the maximum amount a customer is prepared to pay for a product or service based on its perceived value. In the context of COSS, WTP is often influenced by the distinction between...