Open Source Software
Open source software (OSS) is computer software in source code form that is licensed to the general public at no charge under a copyright license that conforms to a set of standard criteria (known as the Open Source Definition). The criteria was developed by the Open Source Initiative (OSI) industry group, a nonprofit organization formed to promote and educate on the commercial use of OSS.
OSS almost always is used subject to special requirements imposed by the publisher. These requirements may be difficult, if not impossible, for a company to comply with and still maintain control and exclusivity in its products. Accordingly, neither company employees, outside contractors or licensed-in software should implement any open source code into, or for use with a product, without first obtaining the advice of legal counsel.
OSS policies can be structured in many different ways depending on how a company intends to use OSS in consideration of its overall business objectives. Some types of policies are designed solely to manage a company’s use of OSS in its internal business, while others are structured to also accommodate the incorporation of OSS in customer-facing products. A company should carefully consider how best to design the OSS policy to meet its risk management objectives without compromising operational flexibility or overly burdening personnel.
Open Source Software Topics
Clearance of Open Source Software
Source Code Basics
Clearance of Open Source Software
The five components of an open source software policy include survey, active management, commitment to remediate, actively plan, and engagement.
The following rules should be taken into consideration if open source software is encountered:
- Determine early and often whether open source code has been downloaded for use in or with the product. Continuously during the product development cycle, determine from the product coders whether any open source code has been downloaded for use in the product. This is especially important if the coding has been outsourced to a coding firm or by joint development with another company.
- Contact your legal team in advance for clearance of any proposed open source code use.
- Cooperate with your legal team to analyze the product with respect to the open source code license to determine whether it requires the product’s source code to be made available to the world without cost.
- If the product source code is required to be made available because of open source code use, consult with to determine whether the open source code can be implemented for the product in a way that avoids this requirement.
- Even if the open source code does not require any onerous conditions, consult with your legal team to determine whether the innocuous conditions imposed by the proposed open source code license have been met.
Source Code Basics
Open source software is essentially community developed software. It is software that is not owned per se by any one entity.
Some types of open source code licenses allow modification and distribution of the open source code as part of a proprietary product. This is only on the onerous condition that the entire source code for that proprietary product be made available to the world without cost. This type of open source code license also requires that the company grant a patent license for certain of its patents that are infringed by the combination of the open source code with the other source code of the product. This applies whether the product is distributed directly to customers or is provided to customers interactively by company owned or controlled servers. Consequently, the use of certain types of open source code can have a devastating effect on a product.
Other types of open source code have conditions that are fairly innocuous, like requiring merely that the original author’s copyright notice and disclaimer of liability be included with the product. But if the use of the open source code fails to meet these innocuous conditions, the open source code is unlicensed to the company with the result that the company has an infringing product in the marketplace.
Other types of open source code have licenses that require that, for some uses, the entire product source code must be made available at no cost to the world. While for other uses of the open source code, that requirement does not apply.
Further types of open source code licenses provide that a product’s source code can become a contribution to the open source code and is then downloadable by each downstream user of the open source code.
The use of open source code in products is routinely investigated in the due diligence process for mergers, acquisitions, and financings. Therefore, using open source code without clearance of counsel in advance may negatively impact the valuation of a company.
The above discussion illustrates that the use of open source code in a product can require complex analysis in an effort to assure that there is no negative impact to the product.
Enforcing the Open Source Code License
The authors of open source code can enforce the above conditions by litigation. Consequently, using open source code in a product can subject a company to potential liability and otherwise avoidable costly circumstances.