Yesterday Dharmesh Thakker and his colleagues at Battery Ventures unveiled the Battery Open-Source Software Index. The BOSS Index is the result of a significant and thoughtful research effort designed to (a) empirically rank the relative popularity of open-source software projects, and (b) provide perspective on the innovative companies that are built upon open source technologies.
Beyond it's clever name, the index is BOSS for four reasons:
1. BOSS ranks Sonatype #30. Over the years, our company has been fortunate to receive some very nice accolades. But our ranking in the BOSS index is one that we are particularly proud of. We're proud because it reflects on the pioneering contributions that our founders made to Apache Maven many years ago. Also, we're proud because it speaks to our role as the creators and longstanding caretakers of the Maven Central Repository which reliably fosters the sharing of open source components between millions of developers around the world. Note: Since it's inception in 2007, members of the open source community have contributed 1.7 million unique components to the Central Repository. Since then, these component parts have been requested 120 billion times by other developers; and 31 billion times alone in 2016.
2. BOSS reinforces the strategic importance of open source software innovation: Open source enables organizations to stand on the shoulders of giants. Thus, it is the primary way that modern applications are made -- both packaged and proprietary. Many of the hottest new enterprise software vendors offer products that are built upon free and open-source foundations. Furthermore, large enterprises everywhere are consuming an ever expanding volume and variety of open source software as they strive to innovate and compete on a global playing field.
3. BOSS raises the critically important question of open source hygiene. Whether we are buying commercial value from open source vendors like Red Hat, Docker, GitHub, or Cloudera -- or building custom apps ourselves utilizing Java, npm, PyPI, Ruby Gems, or other language formats -- we live and operate in a world defined by infinite choice. Therefore, the question is begged; how is it possible that stakeholders (enterprises, ISVs, investors, and regulators) can evaluate all of these new open-source offerings? How can they tell the good projects from the bad? Which ones practice the best hygiene? And which ones, if consumed, might expose unwelcome downstream licensing or security risks? Such questions are NOT easy to answer. Want proof? Just take a look at the S-1 filed last week by Cloudera which reads like an argument against building a business on open source.
4. BOSS validates the opportunity for those capable of automating the modern software supply chain. As a commercial software vendor built upon multiple open source foundations (Maven, Central Repository, Nexus Repository Manager) Sonatype has traveled an interesting road. Wayne Jackson, our CEO is an open source pioneer who has "been there, and done that" and knows firsthand that having lots of users -- while essential to community engagement -- does not guarantee that an open-source project will translate into a successful business. As Battery Ventures pointed out last year, the combination of community and commercial success requires unique persistence and a highly creative approach to the market. Throughout our journey at Sonatype, and with Wayne at the helm, we have come to understand the staggering volume and variety of open source components flowing through every development environment in the world. From this unique vantage, we've developed a deep appreciation for the benefits of software hygiene and open source governance. Five years ago, we envisioned a future in which applications would be manufactured in much the same way that physical goods are -- and we imagined a series of open and proprietary innovations that would eventually automate and scale the entire SDLC (or DevOps pipeline, as it is now known). We carefully examined the teachings of W. Edwards Deming and internalized the critical importance of building quality into products by more effectively managing suppliers, sourcing parts, and tracking the precise location of every component assembled into production applications. Staying true to this vision, we architected the Nexus platform to meet the demands of a DevOps-native world. Today, the Nexus platform is superior to alternative solutions for three simple reasons: (1) it creates open source value early in the SDLC, (2) it provides precise and contextual open source controls everywhere across the SDLC, and (3) it is remarkably scalable which enables organizations to go faster and further with open source innovation. As a result, more than 1,300 organizations including industry leaders like Liberty Mutual, Intuit, and Tyro Payments are successfully automating their software supply chains and harnessing all of the good that open source has to offer -- but none of the bad.
In conclusion, we applaud Battery Ventures for creating the BOSS index. It empirically represents the state of open source affairs. It also reminds us of the creative path that open source innovators must travel in order to maximize success. As for Sonatype, we’ve come a long way over the past decade, and today we’re one of the fastest growing technology companies in America. While we’re proud of our accomplishments, we are no where near finished innovating. Equipped with a strong balance sheet and backed by world-class investors including Accel, NEA, HWVP, and Goldman Sachs — we will continue to invest aggressively in R&D as we passionately pursue our vision of automating the modern software supply chain.