Cloudera, the data management and machine learning company, has filed for an initial public offering on the NYSE.
While the company has lost more than $130 million per year since 2015, the future risks faced by Cloudera could cause alarm for potential investors or anyone looking at open-source software as a viable business model.
The “risk factors” section of an S-1 is often a lot of boilerplate, and something to point to and say “we warned you” in the event something goes wrong with the business and investors are looking to sue. Many of the potential business risks outlined in Cloudera’s filing concern the open-source software that supports its main platform, offering a nice look at the many exposures that type of business faces. The term “open source” is used 195 times in the S-1 filing, and Cloudera implies that its main value lies in the ability to create open-source software and cobble it into a data-analytics platform.
“Our platform integrates 26 distinct open source projects, 18 of which were created by our engineers. We combine those curated open source projects with our robust proprietary software to form an enterprise‑grade platform,” the company writes.
Here are the reasons why investing in an open-source based company is risky, according to such a company.
Open source makes it easier to form other competing companies
“It may be relatively easy for new and existing competitors with greater resources than we have to compete with us. …Competition with use of the open source projects that we utilize can materialize without the same degree of overhead and lead time required by us, particularly if the customers do not value the differentiation of our proprietary components.”
If open-source software changes, its current revenue stream will no longer be viable
“We do not control many aspects of the development of the open source technology in our platform. … Given the disparate inputs from various developers, we cannot control entirely how an open source project develops and matures.”
It could be sued for inadvertently using stolen open-source code
“We may be exposed to increased risk of being the subject of intellectual property infringement claims as a result of acquisitions and our incorporation of open source software into our platform, as, among other things, we have a lower level of visibility into the development process with respect to such technology or the care taken to safeguard against infringement risks.”
Part of that lawsuit would likely expose its proprietary code
“By the terms of certain open source licenses, we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, if we combine our proprietary software with open source software in a certain manner.”
Open-source software could be released that makes its platform redundant
“Some competitors make open source software available for free download and use or may position competing open source software as a loss leader.”
Open-source licenses give no warranties or promise technical support…
“Usage of open source software can lead to greater risks than use of third‑party commercial software, as open source licensors generally do not provide warranties, support, indemnity or assurance of title or controls on origin of the software.”
…and the code can be vulnerable to cyberattacks
“Further, some open source projects have known vulnerabilities and architectural instabilities and are provided on an “as‑is” basis.”
Open-source developers might stop updating their code
“If the open source data management committers and contributors fail to adequately further develop and enhance open source technologies … then we would have to rely on other parties, or we would need to expend additional resources, to develop and enhance our platform.”
If open-source software breaks, Cloudera might not have the expertise to fix it
“Our solutions depend upon the successful operation of open source software in conjunction with our solutions, any undetected errors or defects in this open source software could prevent the deployment or impair the functionality of our solutions.”
If open source licenses change, they might not be compatible with other licenses
“Our software development and licensing model could be negatively impacted if the Apache License, Version 2.0 is not enforceable or is modified so as to become incompatible with other open source licenses.”
An open-source license company effectively controls their business
“Because our business relies on the Apache Software Foundation, our business could be harmed by the decisions made by the ASF.”
Using so much open-source software could look risky and people would not want to buy it
“Our use of open source software in our solutions could negatively affect our ability to sell our platform and subject us to possible litigation. … We, our customers, and the ASF, face a higher risk of being the subject of intellectual property infringement claims.”