In August 2023, HashiCorp changed the license on Terraform, the most widely used infrastructure-as-code tool in the world, from the Mozilla Public License to the Business Source License. The BSL prohibits competitors from building commercial products on top of the code. HashiCorp framed this as protecting its ability to invest in the product. The community called it what it was: a company pulling up the ladder.
The backlash was swift. Within weeks, a coalition of companies and contributors forked Terraform under the old license and created OpenTofu, now stewarded by the Linux Foundation. HashiCorp’s CEO defended the move in a blog post that used the word “sustainable” eleven times without once explaining who had been sustaining the thing all along.
The answer, of course, is everyone else.
The Setup
Terraform launched in 2014. By the time HashiCorp went public in 2021, the tool had tens of thousands of contributors and was embedded in the infrastructure of companies across every major industry. The community had written providers, plugins, modules, and documentation. Stack Overflow answers. Conference talks. Internal training programs. None of that labor showed up on HashiCorp’s balance sheet, but all of it showed up in its valuation.
This is not unique to HashiCorp. The Linux Foundation estimates that recreating the open source software in a typical Linux distribution from scratch would cost billions of dollars. A study from Harvard Business School put the supply-side value of open source software at roughly $4.15 billion, while the demand-side value, what it would cost companies to rebuild what they get for free, exceeded $8 trillion. That gap between what is given and what is captured is where modern enterprise software fortunes are made.
HashiCorp’s particular genius was in building a business model around open source without ever fully committing to it. The core tools were free and permissively licensed. The enterprise offering, HashiCorp Cloud Platform, was where the money lived. This is sometimes called open core, and it has produced some of the most valuable software companies of the past decade. Elastic, Confluent, MongoDB: all variations on the same structure. Open source became the most profitable business model in enterprise tech precisely because giving away the tool is the cheapest possible distribution strategy, and communities do the evangelism for free.
What Happened
HashiCorp’s problem, as the company described it, was that cloud providers, Amazon Web Services chief among them, were offering Terraform-based services without contributing meaningfully back to the project. AWS offers Terraform support through its own tooling. It does not pay HashiCorp for this. HashiCorp was, by its own account, subsidizing a competitor’s product roadmap.
This is a real grievance. Amazon has a long history of taking open source projects and wrapping them in managed services that outcompete the original vendor. Elastic sued AWS over exactly this dynamic in 2021, citing the commercialization of Elasticsearch without proportional contribution. MongoDB changed its license in 2018 for the same reason. The license HashiCorp chose for Terraform, the BSL, was directly inspired by MariaDB’s approach to the same problem.
The grievance is legitimate. The solution was self-serving.
Because the actual threat to HashiCorp’s revenue was not AWS. It was every small consultancy, every DevOps startup, every platform team at a competing cloud vendor that had built commercial offerings on top of Terraform. The BSL drew the line at competitors, but HashiCorp got to decide who counted as a competitor. That is enormous power to unilaterally claim over infrastructure that thousands of organizations had built their operations around.
The community’s response, the OpenTofu fork, was unusually well-organized. Gruntwork, Spacelift, Harness, and others moved quickly, in part because they had spent years depending on a piece of infrastructure they did not control. The Linux Foundation’s involvement gave the fork immediate institutional credibility. Within six months, OpenTofu had a stable release and a growing contributor base. HashiCorp had successfully demonstrated that you can fork a community.
IBM acquired HashiCorp in April 2024 for $6.4 billion.
Why It Matters
The Terraform episode is useful precisely because it makes visible a transaction that usually stays hidden. When a company builds on open source, it is drawing on a commons that it did not fund and does not formally acknowledge. When that company raises venture capital or files for an IPO, the valuation reflects the product, the distribution, the community trust, the ecosystem. It does not subtract the cost of the labor that built all of that for free.
This is not a moral argument against building businesses on open source. The model has produced enormous value, including for users who get sophisticated software at no cost. The argument is narrower: the people doing the subsidizing, the individual maintainers writing code on nights and weekends, deserve to understand the transaction they are party to.
Most of them do not. The open source community runs on a norm of contribution for its own sake, and that norm is exploited routinely. The xz Utils incident in early 2024 made this visible from a different angle: a critical piece of infrastructure that millions of systems depended on was maintained by a single person, Lasse Collin, who was effectively social-engineered by a sophisticated actor who spent two years building trust in the project. The exploit was caught. The fragility it exposed was not a bug in the software. It was a bug in the economics.
Open source software runs the world and almost nobody pays for it, and the people who benefit most have the least incentive to change that.
What We Can Learn
HashiCorp made a rational business decision and paid a reputational price that will take years to fully settle. OpenTofu’s existence means the company now competes against the open version of its own flagship product. IBM, which spent $6.4 billion on that dynamic, is presumably delighted.
The lesson for founders is specific: if your go-to-market strategy depends on community contributions, your community is a stakeholder, not an audience. License changes, pricing shifts, and acquisition announcements land differently when the people affected have been writing your documentation and answering support questions for a decade. HashiCorp’s error was not the BSL itself. It was the assumption that community goodwill was indefinitely durable.
For the maintainers, the calculus is harder. The structural incentive to give labor away without compensation is baked into how open source culture works, and individual maintainers have limited leverage against it. GitHub Sponsors, Open Collective, and Tidelift have created mechanisms for direct support, but adoption remains thin relative to the scale of extraction. The Terraform fork succeeded because it had corporate backers with financial stakes. Most open source projects do not.
The deeper question the HashiCorp episode raises is whether the open core model is stable long-term or whether it is inherently adversarial, a slow accumulation of community trust that the company eventually monetizes and the community eventually resents. The evidence so far suggests it can work for a long time, right up until it cannot. As with pricing decisions made too late, the terms of the relationship are much harder to renegotiate once everyone has already settled into them.
HashiCorp built something genuinely valuable and then tried to retain the benefits of an open community while limiting its obligations to that community. The community noticed. IBM now owns the wreckage of that miscalculation. And OpenTofu keeps shipping.
