At Sonatype, we’ve spent the past 10 years engineering and delivering a variety of tools and services to help the global open source community accelerate the pace of software innovation. During this time, more than 10 million developers and tens of thousands of enterprises have utilized our technologies to help harness all of the good in open source without any of the risk.
From our very beginning we’ve focused on executing a go-to-market strategy which is best described as a hybrid of Free Open Source Software (FOSS) distribution combined with Product Led Growth (PLG) efforts.
In our minds, FOSS distribution is the process of volunteering your time to create a valuable software tool that anyone can use for free. The key word is “valuable” -- not “free”. Simply stated, it doesn't matter if it’s free -- people (especially engineers) will only use FOSS if it’s adding value.
If you succeed in developing a software application that is BOTH “free” and “valuable”, then you have a very good chance of attracting a large and loyal user base. That’s exactly what our founders managed to achieve with Apache Maven, The Central Repository, and Nexus Repository Manager. The challenge of course, is that unless you implement an effective PLG strategy to monetize your FOSS base, your community will only generate modest amounts of revenue.
That’s why we continuously tune and optimize our business model at the intersection of FOSS and PLG. We’re still learning everyday and there is no doubt that we’ve made our share of mistakes along the way. But, it’s also safe to say that we’ve quietly and consistently delivered some terrific FOSS/PLG innovations that are directly responsible for our impressive growth.
Here are 3 key FOSS/PLG lessons that we’ve learned thus far:
1. Pick up a shovel and create something that people want to use for free.
We define FOSS distribution as the process of “picking up a shovel” and doing the hard work necessary to create a valuable piece of open source software that lots of people would actually want to use for free. Remember, when it comes to FOSS, it’s easy to build free software that no one wants to use. It’s quite hard to build free software that people (especially engineers) actually want to use because it makes their day-to-day jobs easier.
This lesson was ingrained in our founder, Brian Fox, many years ago when he was a young developer working for a large enterprise. At that time, Brian and his fellow software engineers would frequently experience pain and frustration every time they had to perform a new build or release. He wanted the pain to stop. He knew there had to be a better way. So, Brian picked up a shovel and became a core contributor to Apache Maven. Maven went on to become one of the most successful open source software projects ever created for one simple reason: it automated manual processes and tedious tasks that every developer hated doing. In other words, Maven was both “free” and “valuable” -- and therefore, millions of developers actually wanted to use it. This was a lesson that Brian would always remember -- and it continues to underpin all of our FOSS/PLG initiatives to this day.
2. Find a community that you truly care about. Create valuable products to serve them.
We’re a company of software engineers. We believe deeply in the power of open source software innovation. We build tools for our fellow software developers so they can automatically and precisely distinguish between healthy and defective third-party libraries. We do this for three simple reasons:
1) Most developers consume an enormous amount of open source in their day-to-day jobs,
2) application security is growing more important by the day, and
3) we know how much developers hate doing tedious research associated with traditional security and manual governance processes.
We ourselves are members of the developer tribe. Our community is a reflection of us. They are curious by nature and they have an insatiable appetite to innovate and solve problems. They’re natively drawn to FOSS and they’re always willing to try different tools. But, if those tools do not add real value -- they will get tossed aside for something else that does. Thus, we have remained steadfast in our commitment to creating valuable software products in service of the community that we care so much about.
In return for this commitment, we’ve been rewarded by engineers and organizations from around the world who continue to depend on our FOSS offerings, and increasingly call upon us to provide paid commercial offerings as their use of open source continues to grow and their need for enterprise-grade governance becomes a higher priority.
3. Be helpful. Be credible. Earn the Right to Sell.
By serving our community with applications that are both free and valuable, we were able to attract a large and loyal FOSS user base. That’s the good news. But, by itself, our community was not enough to build a scalable business. We needed to earn the right to have conversations with the community about selling them paid products. In other words, we needed to create an effective PLG strategy that would enable us to monetize our FOSS user base.
To do this, we invested in creating a collection of commercial product offerings. Each of these offerings uniquely extends and enhances the value of our FOSS platform. Further, we created a dedicated “growth team” focused on engineering and optimizing a variety of PLG services to give our FOSS users a simple and elegant way to sample our premium products. Today, our PLG offerings range from a free 14 day trial of our professional product, to an on-demand security service that identifies OSS vulnerabilities lurking within applications, to free plugins that surface OSS hygiene metrics within popular tools like GitHub.
Simply stated, our genuine and consistent efforts to serve the global developer community led to broad scale adoption of our FOSS offering -- which in turn afforded us the credibility to introduce premium paid products via PLG experiences. Today, as open source governance requirements continue to mature, our FOSS community is now engaging us to learn more about the value of our paid products.
The result is that 55% our new bookings last year and 60% of our current open pipeline originate from our large and loyal FOSS community.
Moving Forward at Scale:
While we’re admittedly different from other companies that follow the pure-play PLG play book -- we absolutely have the benefit of the top three traits that define a successful product-led growth company.
First, we have optimal market conditions whereby the marginal cost of serving new users is very low, our existing FOSS community members have growing influence with respect to how purchasing decisions are made, and existing manual solutions for open source governance are cumbersome and despised by millions of developers around the world.
Second, not only do we have a long and well-respected history within the open source developer community, but we’ve consistently proven our ability to deliver FOSS applications which aren't just free -- but are actually considered valuable by real world users that represent the community.
Third, users of our products realize significant and ongoing value quickly and easily with very little support. Additionally, both our FOSS and premium products integrate easily with all popular tools present in the modern software development lifecycle. Finally, in a world where 80% of every application built consists of open source components and third-party libraries, the value of our platform is very easy to understand by rank and file developers, CISOs, and CEOs alike.
Moving forward, as we scale our business further we will continue to embrace our unique go-to-market model defined by a hybrid FOSS/PLG motion. In doing this, we will stay true to the three simple lesson documented above:
- Always be willing to pick up a shovel and create free software that people actually want to use.
- Always aim to serve a community of people that you truly care about.
- Always be helpful and earn credibility before you try and sell software to someone.
