This is the first article in a series to help IT professionals manage open source software legal risk and compliance – including CIOs, IT directors/managers, and in-house counsel.
You probably know that you should give some thought to open source software (OSS). You’re likely to be aware that there are risks (as well as huge benefits) attached to OSS, but you don’t know how to separate what’s important from the hype and misunderstanding.
What do you really need to know, where can you get pragmatic help for your business, and how do you put sensible processes in place?
Some businesses are mainly providers of IT services, and others are mainly users; many are both. These articles will explain some of the reasons why all three types of business need to get on top of OSS compliance. They are not in any order of priority.
Reason 1 – Open Source Software comes with conditions
I recently advised a software supplier business on its open source compliance. I asked for a list of all the OSS that the IT management knew was included in their code base. They sent me a table that did not use the term “open source” – it referred to it as “freeware”.
The term “freeware” has no clear definition, but people often (incorrectly) mean that it is freely supplied, without cost and without legal restrictions. Open source software is often also confused with shareware.
Many IT professionals do not appreciate that whenever OSS is used in their business, there are legal requirements and consequences. This is so whether the business has downloaded it for its own use, or it has been provided by a supplier (probably as part of a larger application).
In my experience IT suppliers often use OSS in their products without thinking about the licensing requirements that apply when they pass the OSS on to their customers, and frequently assume that there are no requirements arising from OSS. A lot of software suppliers have OSS code in their code base without even being aware that it’s there, but that’s another topic … Users of software may think that it’s not their problem if a supplier has provided software that includes OSS.
Many businesses have no clear idea what OSS is being used in their organisation, and don’t know the applicable licensing terms. You may be aware that this is a problem, but your other pressures make it hard to focus on it. The fact is that without careful analysis and management and putting proper processes in place, it’s very hard to manage OSS compliance.
The possible breaches and pitfalls depend on which licences apply. They include failure to include proper notices, failure to provide source code, and your rights in your proprietary code being adversely affected by reciprocal licensing requirements (“copyleft”). The value of your business can also be reduced by failure to manage OSS properly. Future articles will give more information about these issues.
The good news is that it is usually not difficult, with specialist advice, to put things right and to ensure compliance by your business in the future. OSS has great advantages, and with a little care the potential problems can quite easily be confronted and dealt with.
You can read more about how I can help here.
You can get in touch with me using the contact form below – I’m happy to chat through how I can help your business to get to grips with OSS compliance.
[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Organisation’ type=’text’ required=’1’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]