In reviewing the top stories of 2007, I came across this article in InformationWeek, outlining the 10 top OSS stories of the year. At number 9 was the story about Medsphere v. Shreeve, which was settled out of court in late October.

The lawsuit started in the summer of 2006 when the company sued the CTO for posting source code to SourceForge, which the CTO maintained was what the company wanted to do all along, pledging to open-source the code base for its medical product, called OpenVista. After the lawsuit settled, Joel West wrote a long statement about his observations while working at Medsphere, and that he was dreading a subpeona during the entire affair. Something he wrote caught my eye:

Even if the lawsuit is over, IMHO this sordid mess leaves the VCs with a permanent black mark. From 2002-2006, they invested $12 million in a company whose strategy was always to release open source, and then they wholeheartedly backed the decision both to fire the officers who released open source and to sue them. Were the investors (Azure Capital, Thomas Weisel, Wasatch) incompetent in not knowing what an “open source company” meant? Did they panic when deployments ran behind schedule?

This reminded me of another case about VCs not getting the point of open source: ArsDigita v. Greenspun.

ArsDigita Corp started its business in the 90’s and pioneered software-as-a-service, giving away its ArsDigita Community System software for free while charging for support and services. They were one of the first companies to do such a thing, and made money doing it, which of course attracted investors. They eventually closed a round of funding with Greylock and General Atlantic Partners, and hired an outside CEO to replace the founder, Philip Greenspun.

Take a look at Philip’s story about ArsDigita: From Start-up to Bust-up, that includes the following quote. Compare and contrast; the VCs together with the CEO were also out of touch, and were, consequently running the company into the ground.

We started aD slowly and carefully. We ran it profitably. We placed small bets. We handled money conservatively (though we tried to give the appearance of wildness and fantastic prosperity to the outside world there is actually nothing extravagant about having a fancy beach retreat for a team of programmers that is excited and working 6 days/week, 12 hours/day). We made sure that we were working as hard as teams at Microsoft and startup companies.

By contrast, Allen, Greylock, and General Atlantic presented us (Common shareholders) with a strategy of “here’s this spreadsheet that shows us going bankrupt in one year unless a big stream of license revenue starts coming in.” And, oh yes, the revenue would be coming from a product that had never been built, purchased by customers to whom we’d never sold anything.

Do these kinds of risks bother venture capitalists? Having a first-time CEO with zero experience in the industry? Staking everything on a to-be-finished software product?….We never signed up for this kind of risk and we don’t have substantial other investments. I put 8 years of my life into ArsDigita Community System. Jin put in 4 years. We would be unhappy to see the company spend through its accumulated profits plus $38 million in capital merely so that three guys in suits could learn a little something about what it is like to run a software products company.

While there are similarities, there are also differences. A number of bloggers weighed in on the Medsphere case, but this one interview with Fred Trotter certainly nailed down the legal implications of the decision:

This is not about whether your CEO approves a release. Medsphere’s lawsuit, if successful, would mean that any FOSS developer would need to have proof that such an approval took place. Suppose you meet your boss in the hallway and he says: “We just decided that we will be releasing X, go ahead and post it to SourceForge”. If the “Medsphere precident” were in place, you would be foolish to actually follow this directive. There would be no proof that the conversation ever took place….Apparently Medsphere holds that only way that you could be certain that you, as a FOSS developer, would not be held liable for a release that you performed for your company would be some form of unambiguous two-way communication, in a format that provided for non-repudiation. That means either a signed paper letter, or a cryptographically signed email from the CEO. (You would need to make sure that you printed the email, in case you lost access to your company email address).

Whereas the ArsDigita case was merely about control of the company, the Medsphere case, if it had continued, would have impacted how all OSS developers release source code to the public Internet.

After ArsDigita settled with Philip, the company closed its doors after seven months. Medsphere is up and running, but looking for a new CTO. Since they took less money from VCs, they might still have a fighting chance to come back after the lawsuit, so let’s keep hoping that it can clean up its act and make good on delivering what it calls “professional open source”.