Monetizing Open Source: Support and Security
Key Points
- The discussion centers on how open‑source contributors can monetize their work, emphasizing Red Hat’s model of charging for enterprise‑grade support rather than the code itself.
- Red Hat transforms community projects into polished products by hardening, stabilizing, and providing lifecycle management that lets customers choose supported versions.
- Comprehensive support includes proactive security measures, positioning risk mitigation as a board‑room priority rather than just an engineering concern.
- The company adds value through automated, AI‑driven patching and remediation, offering faster, predictive security updates that the open‑source community alone cannot guarantee.
- This combination of reliable support, lifecycle guarantees, and advanced security tooling creates the business‑value layer that enables companies to earn revenue from open‑source technologies.
Sections
- Monetizing Open Source with Support - Nadhan explains how Red Hat turns open‑source projects into enterprise‑grade products and generates revenue by offering hardened, lifecycle‑managed software plus paid support services.
- Secure Platform, Focus on Value - The speaker argues that by trusting a secure, compliant platform—illustrated with Kubernetes and OpenShift—companies can concentrate on their core differentiators and deliver the last 10% of value to customers instead of worrying about platform security.
Full Transcript
# Monetizing Open Source: Support and Security **Source:** [https://www.youtube.com/watch?v=7_gRjg7DIUw](https://www.youtube.com/watch?v=7_gRjg7DIUw) **Duration:** 00:05:59 ## Summary - The discussion centers on how open‑source contributors can monetize their work, emphasizing Red Hat’s model of charging for enterprise‑grade support rather than the code itself. - Red Hat transforms community projects into polished products by hardening, stabilizing, and providing lifecycle management that lets customers choose supported versions. - Comprehensive support includes proactive security measures, positioning risk mitigation as a board‑room priority rather than just an engineering concern. - The company adds value through automated, AI‑driven patching and remediation, offering faster, predictive security updates that the open‑source community alone cannot guarantee. - This combination of reliable support, lifecycle guarantees, and advanced security tooling creates the business‑value layer that enables companies to earn revenue from open‑source technologies. ## Sections - [00:00:00](https://www.youtube.com/watch?v=7_gRjg7DIUw&t=0s) **Monetizing Open Source with Support** - Nadhan explains how Red Hat turns open‑source projects into enterprise‑grade products and generates revenue by offering hardened, lifecycle‑managed software plus paid support services. - [00:03:12](https://www.youtube.com/watch?v=7_gRjg7DIUw&t=192s) **Secure Platform, Focus on Value** - The speaker argues that by trusting a secure, compliant platform—illustrated with Kubernetes and OpenShift—companies can concentrate on their core differentiators and deliver the last 10% of value to customers instead of worrying about platform security. ## Full Transcript
Welcome to Tech Talk!
We're continuing our series on Open Source.
And I have invited with us Nadhan, the Red Hat guy.
And I really wanted to follow up on a question that came up in our recent video.
We were talking about open source and how much people love it.
But they asked, "How do we make money doing this?"
And I thought I addressed this in the video.
But I mentioned there was a foundational layer that you can use then to build business value in the last percentage.
And I kind of alluded to support, but maybe I didn't cover it all too well.
Being able to charge for that.
This is part of the Red Hat business model.
Can you elaborate on these points for our viewers?
Absolutely, Dan. I'm going to start with support.
Support is something that you really get to when something breaks.
You want a foundation and you want to build up on it, and you want to actually secure it.
You want to make it enterprise-grade from the get-go.
What am I talking about?
I am talking about going from project to product.
And what's the difference?
So when it comes to product, what Red Hat does is, we not only have employees who are paid to contribute in the open source community.
We actually take a set of projects and then harden them.
We stabilize them.
That's what you get with a product.
You get a lifecycle management.
So that customers can actually use the version that best fits their needs and they have the support needed.
Now, another way to mitigate support-- the need for support --is to make sure that you're ahead of the game
when it comes to security. What comes to your mind, Dan, when you think about security?
There's a lot-- that's a hot issue, quite honestly. And it can cause quite a panic.
We've had some stirs and problems and break-ins and breaches and stuff like that.
That can really drive a company crazy.
How is it that this helps in the security?
To your point, security is actually a boardroom topic.
It is not a bunch of engineers and just hardware and software or applications thinking about it.
It's risk management.
It is mitigating risk.
And you want to be ahead of the game.
You want to be ahead of the hackers.
So proactive remediation is what I'm talking about.
I'm talking about automated patching.
So if you leave it to the open source community, you don't get that type of "looking for what is the next vulnerability".
What is the next issue that is likely to crop up?
What we do is, we have products that would actually track what what types of remedial measures were taken and apply artificial intelligence to that.
So that we can predict and then also be proactive about the remediation.
And then that is automated patching for different types of products that we actually provide.
And there have been vulnerabilities because it was manually patched in the open source community.
And that's where the automated patching-- which you get with product and you don't with project.
So you're saying that's where the value-add, where the business value-add, that other companies can then offer for open source project.
Is that kind of the model you're proposing?
Well, tweak it a little, Dan.
If you are secure on that foundation with the product, you can add business value with your core competencies.
Maybe you are building a soft drink, or maybe you're flying an airline, or running a bank.
And you can focus on that-- that differentiates your business --rather than worrying about "Is my platform secure or not?"
Can I focus on the last 10% that really delivers value to my customers?
Exactly.
Got it.
And so let's cite a specific example. Like, for example, Kubernetes is a project and OpenShift is a product.
How does the security issue come into play specifically with it?
Absolutely.
So security is not-- so Kubernetes is a library-- a set of projects.
Now, Kubernetes is also-- there is a reason why it is getting the traction it is--
--because there are different companies.
Google started it, Red Hat joined.
And then now it is available across multiple cloud providers.
But there is something to be said about being compliant--
--no matter what hardware vendor you are working with, or which software vendor you are needing to integrate.
Or which, hybrid cloud / cloud provider you are working with.
You want to be on a platform that is secured and compliant no matter where you are applications are running.
That is really what makes it a platform that allows you to work with the ecosystem.
And this also mitigates risk because, Dan, you don't want to actually hit that panic button for support.
If you make sure you are working with the ecosystem,
you are certified on hardware, you are compliant, and you're patching, and you are secure.
And with lifecycle management, the chances that you will actually make that support call-- you are actually reducing it.
You are mitigating risk.
So strong foundation-- very minimal support, only as needed.
Got it.
And so the takeaway message from this is, is that open source is a bus you can get on essentially.
Enterprise open source!
Fair enough.
And you can ride along, but not necessarily have to drive the bus.
Yes.
In fact, please don't.
Because it takes multiple companies, not just contributors.
And open source is fun.
Let's face it.
Transformation is not just a week's project.
And it's not a destination, it's a journey.
And what we are transforming to today could change tomorrow.
That's where the ride is fun.
The open source ride.
The enterprise open source ride.
Excellent.
And that's a good note to end on.
So we're going to wrap with that.
If you'd like to hear new topics on Tech Talks, be sure and drop us a line below.
And before you leave, please remember to hit Like and Subscribe.