Digging deeper, an interview with founder Murugan Pal (former Asera CTO) at TheServerSide quotes him as saying,
Almost all the other companies in this space talk about the same thing--but what are the objectives metrics that they are measuring? Is it integration? Standards compliance? Regression? Negative tests, boundary tests. How can you integrate these tests in multiple dimension? How about IP rights classification? Security threat assessment?
But thinking about this for a few seconds longer, I see some cracks in this foundation. For starters protecting the investment Murugan mentions above. Once SpikeSource's LAMPJ stack becomes known as versions a, b, c, ... j of open source components 1, 2, 3, ... 10, and this info is widely disseminated, why pay the subscription? Certainly some will, but how many, and how much can you charge? And then there's the low or no cost competitors, who "knock off" your package with their own free distribution the day after each new release. I can picture tiny me-too companies shadowing SpikeSource's "products" and getting a free ride off their rigorous processes.
I'm obviously glossing over a whole host other value-add they have in mind. However in general, the basic value proposition of selling access and support to a, "vetted and test set of open source software as a product" seems better suited to software higher either higher up the stack, like Gluecode's portal server, or to a "sell the services" model, like JBoss or Orbeon.