Open-Source Consulting

The shortcut: Don't sell "open source consulting" as a generic service. Sell one productized audit — like "AGPL risk scan for Series A SaaS startups" — at a flat $2,500. Niche down hard. Generalists lose to law firms; specialists win because nobody else does this work.

Industry: Software & Tech | Investment level: Small — $3,000-$10,000 | Time to launch: 6-10 weeks (one productized audit defined + FOSSA or ORT trial set up + first 2 referral clients gate the launch) Best for: A senior engineer or maintainer who already reads license texts for fun, has shipped to production with GPL/AGPL/Apache/MIT dependencies, and can talk to a CTO without flinching. What you'll likely make: $1,500-$3,000 month 3, $4,000-$7,000 month 6, $7,000-$12,000 month 12. Math is in Section 4.

Market Opportunity

Walk into any engineering team's licensing review — even a careful one — and you'll find it somewhere in the dependency tree: an AGPL library buried three levels deep, pulled in by something that was pulled in by something else, and nobody on the team can tell you what it means for their hosted product. That gap is the business.

The market sits in a strange seam. Big enterprises hire white-shoe firms (Morrison & Foerster, Wilson Sonsini) at $700/hour or boutique vendors like FOSSA and Tidelift on enterprise contracts. The bottom of the market — Series A and B startups, indie SaaS companies, the YC batch from 18 months ago — has nobody. They can't afford a law firm and don't need a SaaS subscription. They need one person to run a scan, write a 6-page report, and tell them whether the AGPL library their backend engineer pulled in last quarter is going to wreck their acquisition diligence.

The trap is selling yourself as "an open source consultant." That phrase means nothing to a CTO. The pitch that lands is one specific deliverable: "I run a license audit on your codebase and hand you a remediation plan in 5 business days for $2,500." Productize first. Branch later.

Two tailwinds make right now better than two years ago. First, US Executive Order 14028 (2021) made Software Bill of Materials (SBOM) deliverables mandatory for federal contractors and pulled SBOM language into enterprise procurement contracts. Most companies being asked for SPDX or CycloneDX output don't know what either is. Second, AI/ML stacks have made license soup dramatically worse. A modern Python ML project pulls 80+ transitive dependencies with mixed Apache, MIT, GPL, BSD, and the occasional custom academic license. An audit on one of those codebases usually surfaces 3-5 license conflicts nobody on the team knew about.

Start with this idea — free signup, no card required.