Foundations play a significant role in the software industry, particularly in open source projects, though their success rates vary. A standout example of foundation-led success is Let’s Encrypt and the Internet Security Research Group (ISRG). Let’s Encrypt has issued over a billion certificates, securing more than 360 million websites, which is a remarkable achievement for a nonprofit. The key to its success lies in solving a crucial problem: improving internet security by simplifying the process of obtaining certificates. Instead of competing with commercial certificate authorities, Let’s Encrypt collaborated with them to focus on its mission.
ISRG’s approach revolves around staying in its lane and concentrating on engineering infrastructure problems, especially those related to internet security, automation, efficiency, and scalability. This approach has yielded remarkable results, and it extends to new projects like Prosimmo and Divvi Up. The secret to their success is their dedication to solving specific issues efficiently.
While foundation-led projects can be successful, they are not the only path to success. In the world of certificate authorities, both nonprofit organizations like Let’s Encrypt and commercial entities like Comodo and Digicert thrive. In other software domains, companies like HashiCorp, MongoDB, and Elastic are immensely popular without relying on foundations. Introducing a foundation doesn’t guarantee success; the technology’s suitability for the task is a crucial factor. Kubernetes succeeded because it offered the right cloud computing abstraction, while OpenStack failed to gain the same traction due to its focus on VMs.
ISRG is now addressing memory safety issues, primarily tied to software written in C and C++. The emergence of Rust as a solution to memory safety problems aligns with their mission. While success is never guaranteed, solving a pressing issue with a clear technological solution increases the likelihood of achieving it. Whether a nonprofit foundation or a for-profit company, success often hinges on solving customer problems while considering technology choices.
In summary, Let’s Encrypt and ISRG’s approach to addressing internet security issues efficiently and collaboratively has led to their remarkable success, and a similar strategy may yield positive results in other software projects.
