Open source compliance is not just for software companies. More and more business-critical tools take the form of mobile applications, downloadable software and web interfaces – from email and customer-relationship management to data analytics. These products may utilize open source components to varying degrees, even if offered as a proprietary offering.
What is Software?
Software is merely a compilation of instructions directing some sequence or action. These instructions are first written in some human-readable form, usually a programming language, known as source code. The source code is then translated into machine-readable object code allowing a device, such as a computer, to understand and process the specified instructions.
The human-readable source code is treated as any other particular tangible expression of an idea, obtaining copyright protection when written, created or compiled. These underlying software elements may be licensed like other intellectual property, typically seen in the form of a copyright license agreement.
Open Source and IP Rights
Software source code that is licensed on a free or an open source basis is simply that which allows licensees to use, modify, enhance, and share the software, and provides access to the source code needed to do so. While open source software is often made publicly available at no cost, free refers not to the cost, but to these freedoms licensees are granted.
Copyrights are retained by the developer and while termed free and open, OSS licenses can contain strict requirements and conditions on a licensee’s use, modification and distribution. As set forth by the Free Software Foundation, an early participant in the OSS movement and steward of the “free software” definition, “‘free software’ is a matter of liberty, not price. To understand the concept, you should think of ‘free’ as in ‘free speech,’ not as in ‘free beer.’”
Open source software is often a starting point for project development as it can be quicker and more cost effective than creating something from scratch or customizing existing software.
Types of OSS Licenses
While the specific freedoms may vary, OSS licenses are generally categorized as (1) permissive licenses or (2) restrictive (also known as reciprocal, viral or copyleft) licenses.
Permissive licenses (like the Apache 2.0, BSD, MIT) provide licensees with the right to freely modify, adapt and combine the OSS code with proprietary code to create derivative works that do not contain major restrictions on such modifications or how resulting works can be subsequently licensed.
On the other hand, restrictive licenses (like the GPL, AGPL, LGPL) go further in imposing requirements for licensees to in turn re-license their specific developments under the original license (and as a condition, also make the modified source code available). While the provisions vary, most restrictive OSS license terms will to some extent apply not only to the original source code and software, but to any derivative works based on it. To the extent OSS licensed in a restrictive manner is used alongside proprietary projects for which source code is meant to be closed or not available to the public, owners must be careful not to unintentionally have their own software be made subject to licensing under the open source license terms.
Practical OSS Tips:
- Understand and plan intellectual property strategies – how intellectual property rights will be monetized and/or benefit the organization, customers, other stakeholders.
- Create guidelines for using (and track any use of) open source software/components – be mindful of license terms that affect the ability to protect or enforce intellectual property or disrupt intellectual property strategies (e.g. patent licenses).
- Audit license terms when considering licensing or acquiring rights to business-critical software with intellectual property strategies in mind.
- When encountering open source software with overly restrictive terms, check for alternatives with similar functionality that may be available under a proprietary license.
Any organization or business that deals with open source must be mindful of the risks and compliance requirements.