Open-source software is an increasingly popular software development and distribution model that may spread further in the face of financial constraints in our current economy. With publicly available source code generally offered without charge, it is tempting to look to open source for potentially significant cost savings in this time of need.
But not so fast. While proponents of open source proclaim the benefits of "free code," it might better be compared to the free puppy offered to a good home. The "puppy" may come at no initial cost, but the ongoing maintenance and undisclosed hidden dangers may create unforeseen hassles in your corporate home.
Open source has complex legal restrictions that can create copyright and patent compliance issues and corporate transaction challenges for companies that rely heavily on customized software or that distribute software to partners or customers.
In 2004, the Federal Reserve, FDIC and other federal financial regulatory agencies outlined various strategic and legal risks of using open-source software in the jointly issued guidance notice "Risk Management of Free and Open Source Software."
Public company disclosure statements also demonstrate open-source issues. In their annual reports, many public companies note their use of open source as a risk factor to their businesses, while others go as far as to highlight their lack of open source as a positive factor. Private companies seeking to be acquired have seen their valuation drop, or have seen acquisitions fail altogether, as a result of open-source software discovered during the due diligence process.
To read more on this topic, see: Wall Street Software Scandal: When Does Open Source Become Proprietary Code and Open Source - Dirty Code, Licenses and Open Source.
Any doubts about the enforceability of open-source software licensing restrictions in practice have been put to rest by recent court decisions. At the same time, the use of open-source software is expanding rapidly, and even commercial software companies often provide open-source licensing options and opportunities.
Open-Source Licenses Are Complex
The Open Source Initiative standards group has approved nearly 70 open-source licenses, each with different terms. These licenses typically fall into one of two categories. The first is described as an attribution-type license, and it generally imposes few obligations beyond requiring that an acknowledgement of the authorship of the software be included in some manner, such as in source code comments and help files.
The second, more common and more demanding type of open-source license is the reciprocal-type license, also known as a "viral" or "copyleft" license. Reciprocal-type open-source license terms can be complex and ambiguous. Generally, any company that uses open source and either modifies or distributes it will need to have a thorough program in place to ensure compliance with the applicable licensing requirements.
Typical features of reciprocal-type licenses include requirements to make source code generally available, prohibitions on using the software for commercial purposes, and?? implied or express patent license grants. These licenses may also lack authorization for the rights to transfer or assign the software.
One example of a reciprocal-type license is the GNU General Public License (GPL). When a company includes GPL-licensed software in its own software, that company must then allow its software to be made available and licensed to all third parties under the same GPL terms. That means competitors can examine--and in some circumstances copy, distribute and develop derivative works of--what could otherwise be proprietary source code.
Know the Risks
Failing to comply with open-source license terms is not merely a breach of contract. Noncompliant use of open-source software also can result in copyright infringement, with increased possibilities for injunctive relief that may force product recalls or expensive alternative software development. It can also lead to enhanced damages and a fixed penalty of up to $150,000 per work infringed, as well as liability for the other party's attorneys' fees.
This is not a hypothetical threat. In 2008, the Federal Circuit Court of Appeals issued a decision that upheld the enforceability of open-source licenses. The court ruled that as a result of the defendant's failure to comply with the notice and attribution requirements in the open-source license for software it had used, the defendant did not have a license and potentially was subject to a preliminary injunction to stop his alleged copyright infringement as well as liability for copyright damages.
Another risk that arises from using open source is that its pedigree often is unknown and always is uncertified. Using open-source software may expose a company to claims that it has infringed the intellectual property rights of others.
Open-source licenses provide no warranties or other guarantees that contributors to the source code did not copy the protected work of others, nor do these licenses provide any indemnification to protect against third-party claims for such infringement.
No one stands behind the software. Again, the threat is not hypothetical; open-source distributors have been sued for patent infringement, and end users can be liable as well. For example, in October, Red Bend Software sued Google for patent infringement with respect to functionality included in Google's Chrome browser.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.