Technology Transfer and Practices Under Control#

Technology transfer is part of our research and will give feedback to our research. Theoretical analysis will be omitted here. In practice, (but I still want to limit the scope to system and software security), real impact of our research is one of the strong criteria to get our papers accepted and our proposals funded. At the same time, any ways of technology transfer (technology transfer does not mean we have to own a start-up) will show us if our research is better enough to solve real problems. Besides some practical experiences, administrations and enterprises want technology transfer as well due to many reasons. I think involving the technology transfer to be one part of our research is a good idea, but we have to be careful.

Practices Under Control#

Please refer to https://news.sciencenet.cn/htmlnews/2022/8/484481.shtm (relationship between basic research, applied research and technology transfer), https://zhuanlan.zhihu.com/p/427863776 (some pitfalls from the view of an investor), and https://research.rutgers.edu/sites/default/files/2020-09/faculty_startup_guide_sep2019.pdf (start-up guidelines), and especially this https://otl.stanford.edu/industry/stanford-start-ups/faculty-best-practices-start-ups (start-up guidelines).

OpenToy and Its Commercialization#

Suppose I have open-sourced a tool named OpenToy to support some security analysis. When I am writing this article, OpenToy is not very mature. I want to make this as an example and see how we can commercialize it. In the following, I will list the ways of commercialization and compare them. Hopefully, we can see a more and more mature OpenToy to be transferred.

Who to use and who to pay?#

Think about your users and customers as the first step.

Users have time but do not have money to pay, while customers do not have time but have money to pay. It is not always true that an open source tool has many users and many customers. Sometimes, either or. Usually, the tool has very limited users and customers.

Potential users for OpenToy: yourself, other researchers, freelancer hackers. They are interested in the functionality that OpenToy provides. They will not pay, but will accept to reference your tool.

Potential customers: security analysts in a company that wants to make money. It is not trivial to distinguish these security analysts to other users. I guess they won't pay either unless you have evidences that they've made a lot of money with OpenToy (but I don't think making a lot of money is possible.) and they even won't let you know they use your tool for a while otherwise they have to pay. Should I think them better? No. I should learn to push them to pay.

How to make money?#

If there are many users and customers, you can have advertisements in the software, ask them to donate, sell license to enable all features after one month trial, give advises to how to use this tool, and provide advanced services to paid customers.

If not, things become simple. You have to use your tool to do something, advertise the tool to attracts more users and customers. Doing the bug bounty might be a good idea to start.

More sophisticated skills to succeed in commercialization#

TBD