When Open Source Goes Closed: Commercialisation, AI, and the Future of Software Dependence

Open source software has been a cornerstone of modern development for two decades. It’s fast to adopt, battle-tested by communities, and, most importantly, free. But lately, “free” has started to come with fine print.
From infrastructure tools to developer libraries, many open source projects are turning commercial. For developers, software buyers, and architects alike, this raises difficult questions: Can we still rely on open source? What happens when our dependencies change terms? And could AI eventually free us from all of this?
The Shift: Open Source Is Growing Up and Charging Rent
In recent years, open source projects have increasingly adopted more restrictive licences or introduced paid options. Notable examples include:
- HashiCorp’s Terraform, now under the Business Source License (BSL)
- Redis, shifting to dual source-available/commercial licensing
- AutoMapper and MediatR, mainstays in .NET development, introducing licences to support sustainability
Why? Maintaining open source software, especially popular ones, has real costs. Support tickets, feature requests, bug reports, and security updates can consume thousands of hours. Most maintainers aren’t compensated for this unless they commercialise, get funding, or sell services.
The result: a growing number of open source tools that either go closed, introduce commercial models, or become abandoned altogether.
What’s at Risk for Engineering Teams and Decision-Makers
The impact of this trend isn’t theoretical. When a widely used dependency shifts its licence, organisations can find themselves in difficult territory:
- Compliance risk: You may unknowingly violate a new licence’s terms
- Unexpected cost: A once-free component now adds a line item to your budget
- Reduced flexibility: Forking or modifying may no longer be legally or practically viable
- Delivery impact: Removing or replacing a core dependency can stall projects
So how do you choose open source tools wisely, and prepare for the possibility of change?
How to Choose (and Use) Open Source Safely
Here are key criteria to guide the selection of open source components:
1. Evaluate Maintenance and Activity
- Look for projects with active commits, recent releases, and responsive maintainers.
- Check GitHub issues and pull requests to assess health.
2. Prefer Foundation-Backed or Commercially-Supported Projects
- Tools backed by neutral foundations (e.g. CNCF) are less likely to go closed.
- Commercial support may provide predictability, even if not free.
3. Review the Licence Carefully
- Not all “open source” licences offer the same freedoms. Stick to OSI-approved licences when possible.
- Be wary of “source-available” or custom licences masquerading as open.
4. Test for Replaceability
- Consider how easily the tool can be swapped out.
- Choose libraries with clean boundaries, clear interfaces, and minimal coupling.
5. Document Every External Dependency
- Keep a register of open source libraries, their licences, and your usage model (dev-only vs production).
- Include it in security, compliance, and procurement reviews.
What to Do If a Dependency Goes Commercial
If a key tool changes its licensing model mid-project, you have options:
1. Migrate to an Alternative
- Evaluate forks or community-led continuations (e.g. OpenTofu as a Terraform alternative)
- Switch to functionally similar tools if long-term compatibility is at risk
2. Buy a Commercial Licence
- If the licence is fair and the tool is core to your product, paying may be the path of least resistance
- This also brings support, SLAs, and legal clarity—benefits not always present in free tools
3. Isolate and Refactor
- Minimise exposure by isolating the dependency in your architecture
- Abstract it away to give your team flexibility to switch later
Understanding Commercial Licences: What They Mean
Not all commercialised licences are created equal. Here are common types:
Licence Type | Description | Risk Level | Good Fit For |
---|---|---|---|
Business Source (BSL) | Source available, becomes open after X years | Medium | Non-core tools with stable release cycles |
Elastic/SSPL | Source available, but not open—restrictions on use | High | Internal use only; avoid for SaaS or redistribution |
Dual Licensing | Free for some use, commercial for production or scale | Variable | Startups or teams with low-scale deployment |
Fully Commercial | Closed source, pay-to-use | Low risk (with contract) | Strategic infrastructure with full support |
Choosing to pay can be strategic, especially when uptime, compliance, and longevity matter. But that decision must be made consciously, not by accident when terms change.
The AI Alternative: Build Without the Baggage
This is where AI enters the equation.
Generative AI tools like GitHub Copilot, Cursor, Claude, OpenAI Codex, and others can generate production-grade code, integrate common patterns, and replace lightweight dependencies.
Instead of importing a library for logging, parsing, or HTTP retries, what if you just asked your AI assistant to write it for you?
Benefits include:
- No licence risk or hidden terms
- Fully in-house ownership and control
- Custom fit for your architecture and domain
- Easier long-term maintenance when designed with your context in mind
AI won’t (yet) replace sophisticated or deeply integrated tools, but for a growing number of common use cases, it removes the need to depend on third parties at all.
The Future: More Tools, More Choices, Less Dependency
We’re entering an era where software teams must be intentional about the tools they use, and ready to pivot when circumstances change.
- Audit dependencies regularly
- Understand licence terms deeply
- Build internal capability to reduce risk
- Use AI to minimise reliance on external libraries where it makes sense
Being free from dependency is the most robust option. AI can help get you closer to that ideal, if adopted with care and oversight.
In Summary: Open Source Isn’t Dead, But the Rules Are Changing
- Open source going commercial is no longer rare, it’s a trend
- Choosing well and preparing for change is essential
- Sometimes it makes sense to pay; sometimes it makes sense to walk away
- AI opens a new path: building what you need, on your terms
The best strategy isn’t open vs closed, it’s control. And today, AI gives you more control than ever before.
Control your own destiny
Talk Think Do is an industry-leading cloud application development company, offering application innovation services that support clients from project discovery to post go-live support. Our expertise extends to developing software for various operating systems, ensuring seamless integration and performance across different platforms.
During the discovery phase, we work alongside clients to fully define and clarify the goals of the project, to ensure that they receive an application that meets all of their unique business requirements. We can advise on whether you might benefit from owning the source code of your application, helping to minimise risks in delivery and ensure that every decision is made with your best interests at heart. This source code is crucial for creating and managing computer programs that drive cloud-native applications. Book a consultation today to discuss how our application innovation service could help you.

Get access to our monthly
roundup of news and insights
You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.
See our Latest Insights
Implementing RAG AI Search on On-Premise Files with our AI Search Accelerator
As demand for AI‑powered tools like Microsoft Copilot grows, many organisations are asking the same question: “How can we harness the power of generative AI without moving our sensitive data to the cloud?” In this guide, we’ll explain why Retrieval‑Augmented Generation (RAG) is so effective for on‑premise data and walk through a practical approach using…
Using AI to Strengthen ISO 27001 Compliance
Preparing for our ISO 27001:2022 recertification, and a transition from the 2013 standard, was no small task. As a custom software company handling sensitive client data, we hold ourselves to high standards around security and compliance. But this year, we approached the challenge differently. We built and deployed a custom AI Copilot agent to help…
Who Owns AI-Written Code? What CTOs, Developers, and Procurement Teams Need to Know
Generative AI is transforming how software is written. Tools like GitHub Copilot, Claude, Cursor, and OpenAI Codex are now capable of suggesting full functions, refactoring legacy modules, and scaffolding new features, in seconds. But as this machine-authored code finds its way into production, a critical question arises:Who owns it and who’s responsible if something goes…
Legacy systems are costing your business growth.
Get your free guide to adopting cloud software to drive business growth.