BitWarden business model: open source / non-free shared source

I’ve posted a question on StackOverflow reg. open source business models (whether it’s based on the effort to set up the hosting infrastructure, or on technical protection, …), and used BitWarden as an example. The question is not yet fully answered, so I though I’d ask here, or link to the question respectively. If noone else, the BitWarden guys would be able to answer the question.

Let me know if, for any reasons, I should provide the question in detail here in this thread.

Hi there stsc, in simple terms our business model is based on providing paid Teams and Enterprise plans for companies, along with the paid premium and family plans for individuals. Hope that helps!

1 Like

Hi, that I understand – my question goes a bit more into details:

Even the sources under the non-cost-free Bitwarden license are available. Could a company with enough resources run the fully-blown BitWarden server + clients without paying for a license (thus obviously violating the BitWarden license terms)?

i.e. there are no technical protections, and the business model is based

  • on trusting users/companies not to ignore the BitWarden license for the non-cost-free modules Sso and CommCore?
  • or on the maybe disproportionate effort to run the BitWarden service (especially for smaller companies or single users), and to rather pay BitWarden to do that?

Or are there technical protections against using CommCore and Sso without obtaining a license from BitWarden?

(Still there would be a grey zone, where a developer reads and understands Sso and CommCore and then rewrites them, thus having the full-blown BitWarden without violating the license.)

I’m trying to get some understanding of FOSS business models and licenses, related to my work and out of curiosity.

Hi @stsc!

The short version is that anything is possible when it comes to software/code re-use, licensing, etc. (half of the code running the internet is probably somewhere on a website that has overflowing stacks :wink:)

The catch comes at the time of support, upgrades, compatibility, and in the case that some entity is really successful at using unlicensed code - large lawsuits (i.e. Apple / Samsung.)

Overall these social and legal constructs keep those large-scale malicious attempts at bay, and without measurable impact on the business model.

Hopefully that helps!


Thanks, and yes, that helps!