As a lawyer with experience in software licensing, I am often asked to advise on issues arising out of ‘open source’ licences. Over the last few years, it has become clear that the software development community are generally aware of the benefits of open source software, but not always the risks. On the other hand, business leaders are often very conscious of the risks, which can lead to a fear of using open source software at all – missing out on the substantial benefits it can offer. By striking the correct balance, businesses can obtain the benefits that open source software has to offer, without unduly increasing their exposure to risk.
Open source licensing was born out of ethics and politics in the 1970s but has since become a part of the establishment, and is based on a number of criteria establishing the principle that anyone should be free to use, modify, and share open source software. Open source software licences are therefore designed to protect the freedom:
– to run the software for any purpose;
– to study how the software works and adapt it;
– to redistribute copies of the software; and
– to improve the software and allow others to use those improvements.
Whilst ensuring that anyone can use the open source code, the way these criteria are implemented can sometimes be a limiting factor in what can ultimately be done with products containing or derived from such code. Recognising those limitations is important if the software is to be used in a compliant way. When the implications of non-compliance can include costly court battles, it is certainly worth getting it right from the outset.
Open source software has many benefits associated with its use. Ready access to the source code means that open source software is often highly adaptable and customisable. Because it can be adapted to work on new hardware as and when it becomes available, it will not generally become obsolete merely because the hardware for which it was originally designed becomes outdated – as can happen with proprietary software when the developer decides that support is no longer commercially viable. Open source products can also be customised as necessary to further meet the users’ own particular needs, and the software tools needed to do this tend to be freely available online.
Many open source projects are peer-reviewed, which can result in products of equal standard to commercially-produced software. As the source code is made available to the public, bug-fixes and enhancements can readily be made by the end user community and shared with all users.
The use of freely-available tools and pre-written code elements can significantly shorten the development phase for new software, allowing the developer to make resources available to focus on enhancing its product’s functionality or aesthetics, adding value to its commercial offering. The resulting software can therefore often be made at lower cost to the end user whilst still growing profitability for the commercial developer. For those corporate end users that develop software for their own internal use a substantial benefit is the ability to eliminate scale-costs, as open source software doesn’t require additional licences for a greater number of users.
Conversely, open source software products are often made available without any warranties or guarantees, and some instances may infringe upon third party intellectual property rights. This can be a major issue, although there are often legal solutions available.
Lack of knowledge within software development and procurement functions can sometimes mean that businesses will use open source software without full awareness of the consequences, saving up potentially serious issues for later. For example, if a developer wishes to create software containing or derived from code distributed under open source terms, care must be taken as to the precise licence terms upon which the open source code is obtained. Under certain licences, a ‘copyleft’ effect may mean that the distribution of the resulting product may require the developer’s own source code to be made public – often known as ‘contamination’, ‘tainting’, or ‘freeing’. Even where this effect does not occur, businesses may accidentally breach the terms of the open source licence if they are not fully aware of its terms.
Before using open source software products, organisations should conduct a legal review of the relevant licence in conjunction with a technical review of the product and its proposed use to determine:
– how the open source code will interact with any closed source code;
– whether the open source licence requires redistribution of any closed source code that is to interact with the open source code; and therefore
– whether the organisation can comply with the licence terms imposed by the open source licence and still do what it needs to do with the software.
It is still the case that many businesses do not have processes in place to monitor and govern their use of open source software, and clients are increasingly asking us to recommend appropriate safeguards. Just because software is available for free or gratis, doesn’t mean it has no cost or can be used without restriction. We generally recommend that organisations maintain a policy for procuring and using open source software, deciding which applications will be supported by open source software, and identifying the intellectual property or supportability risk associated with using open source software.
The purpose of effective open source software governance should be to establish a practical mechanism which enables an organisation to make sensible decisions on the use of open source software within its operations, provides answers to common open source related questions that arise, and allows the business to reap the significant rewards that open source software can offer, whilst minimising legal risk.
For further information on how you can safeguard your business against open source risks, feel free to get in touch.