Tenable Network Security, the company behind the Nessus open-source project, has updated its business model [PDF] to offer a for-fee subscription to its vulnerability plugin updates for commercial users.
This sounds a bit like Trolltech's early efforts to get commercial users to pay while leaving non-commercial users free to use the software without paying, but it's not. Trolltech's maligned model wasn't open source, as it discriminates against a class of user (the commercial user).
In Tenable's case, the code is free, but the information that flows through it (Up-to-date vulnerability information, for example) is not:
...Tenable's "Direct Feed" will be re-named to the "ProfessionalFeed" and the "Registered Feed" will be discontinued. The ProfessionalFeed will entitle subscribers to the latest vulnerability and patch audits, configuration and content audits and commercial support for their Nessus 3 installation. The ProfessionalFeed will serve as Tenable's commercial subscription and will be required for individuals and organizations that want to use Tenable's Nessus plugins commercially.
It's an interesting model. It's as if Tenable is giving away the car but charging for the gas to fuel it or, rather, the gas that comes from a particular gas station. You can always drill your own oil and set up a gas station to fill the tank, but Tenable is banking that customers will find it easier to do so with them.
Of course, some will cry "Foul!" but I don't think so. Not in this case, anyway. This is Tenable offering a closed service around open code. To me, it seems about the same as offering phone support, except in this case the support is offered in the way of policy updates.
It feels OK to me because there's nothing stopping people from "drilling their own wells." No one is forcing them to fuel up at Tenable's "gas station."
Come on, Pierre, Kris, and friends: What's wrong with this model? What am I missing?