But until those 18 months are over nobody knows exactly what that code been doing, and nobody could fix potential flaws of build on top of that idea, which I feel is a big part of what is so great about the open source world.Innovation can now come from anywhere and be paid for. Someone might read the source for a web browser and come up with a great new compression scheme to lessen network traffic. This outsider would then code up his method, contact the hybrid-source vendor and license his source to them, to be sold as a closed-source patch on the software. Of course, his patch will also be open sourced after 18 months.
What if there is a security flaw, who will fix it ? the original programmer (if he is still around) or the hybrid-source vendor (if they got the skills for it)
What if this security flaw is fixed by the original programmer after say 6 months, what source will then be opened after 18 months, the original or also the patch which was added 6 months later ?