Open-source software: Benefits and legal risks
What is open-source software?
To ask the question is almost to answer it. Open source software (OSS) simply describes software code that is distributed on an “open-source” basis, which means in a way that allows others to use, modify, and redistribute the software and provides the underlying source code needed to do so. In that sense, OSS is most easily understood as an alternative or complement to proprietary software.
Analogously, if a piece of software is a batch of grandma’s cookies, grandma’s secret recipe identifying all the ingredients and baking instructions is the source code. Without open-source access to grandma’s recipe, you are certainly free to make your own cookies, but any attempt to replicate grandma’s cookies will likely take significant effort to account for grandma’s experience and care. With open-source access to grandma’s recipe, grandma provides the recipe with the batch of cookies. You may have benefited from the cookies before, but now you are able to use, modify, or distribute the recipe. And if you thought grandma’s recipe was previously unbeatable, imagine how good the cookies will be after you share that recipe with all your most innovative and culinarily talented friends.
This illustrates why so many of today’s companies — around 78% — incorporate OSS into their products. Rather than devote in-house resources to developing software systems from scratch, companies can simply select from among the most secure and well-tested open-source codes to build around and customize.
What’s the catch with OSS?
First, because this software is developed by a community of users, not all of whom develop code as a full-time job, there can be reliability, functionality, and security issues with OSS.
Second, not all OSS licenses are the same. Developers of such software retain the copyrights to the software and can license that software under terms of their choosing. As a result, while some open-source codes are licensed in a manner that allows subsequent users complete freedom to modify or redistribute them, others are governed by licenses that contain strict and potentially problematic conditions. This makes it essential that users understand the conditions and permissions of the OSS licenses applicable to their business.
Common conditions of OSS
Some common conditions of OSS licenses include:
- Disclosing the source code;
- Identifying changes;
- Including a copy of the license text; and
- Including a copyright notice.
The latter three conditions require little explanation. Some licenses require that any modifications be identified; others require a distributor to provide a copy of the text of the license and the associated copyright notice with the software.
Disclosure of source code refers to a condition in some licenses requiring that any distribution of covered code to downstream users include a disclosure of the underlying source code. More expansive licenses also require the distributor to disclose any modified proprietary source code associated with the code. In the context of proprietary software, compelled disclosure of source code can undermine the software’s value or competitive advantage. For example, compelled disclosure can destroy any trade secrets, expose key or complicated code, and reveal security vulnerabilities — making technologists and business owners uneasy.
OSS license types
There are hundreds of OSS licenses, but most fall into one of three categories: 1) pure unrestricted licenses, 2) pass-through licenses, or 3) viral or expansive licenses. The main distinction among these three categories concerns the licensing terms under which downstream users are permitted to distribute verbatim or modified copies of the source code, including the notable condition of compelling source code disclosure.
- Pure unrestricted licenses: Typically contain no substantial restrictions concerning downstream use or distribution of verbatim or modified copies of the source code. (Grandma refuses to sell her cookies for cash but gives you complete and unconditional freedom to use her recipe to do so.)
- Pass-through licenses: Typically require that components of the original source code retain their licensing conditions but allow subsequent users to license modified elements or additions under terms of their choosing. (Grandma refuses to sell her cookies for cash, but allows you to use her recipe to share cookies with others so long as you also provide her recipe with the cookies. However, you may still have wide discretion on how you share cookies resulting from a modified version of her recipe.)
- Viral or expansive licenses: Typically require that all original, modified, or inserted code, and any independent code that is combined with components of the original code — and, in some cases, simply linked to the original code — must be governed by the terms of the original license. (As in the previous example, grandma refuses to sell cookies for cash, but allows you to use her recipe to share cookies with others. This time, however, she also requires you to provide the underlying recipe for any shared batches of cookies stemming from her recipe, including cookies resulting from a modified version of her recipe or an independent recipe sold as part of a batch that includes her cookies.)
FAQ: What if…
I modify the code?
Modification for private use is typically unproblematic. However, and especially in cases where you wish to redistribute the software, some licenses will attach conditions to modification. These conditions can vary widely and include the requirement that all modified software be licensed under the same terms as the original OSS license — including, for example, a requirement to disclose the source code or a prohibition on profiting from the code. Check your conditions.
I distribute the code?
As mentioned above, the distribution of code — verbatim or modified — will typically trigger some number of conditions contained in the license. This could mean anything from a minor inconvenience of providing certain notices to forcing a user to choose between the loss of proprietary software and legal liability for copyright infringement. Check your conditions.
It is not distributed but only made available over a network?
Under some expansive licenses — for example, the GNU Affero General Public License and the Open Software License — making the covered code available to others over a network may represent a distribution and trigger corresponding conditions. This is not the case for most licenses but still worth considering. Check your conditions.
I sell the code commercially?
Nearly all licenses permit commercial use of the underlying code. However, licenses vary widely in the requirements or conditions involved in modifying or distributing the software for commercial purposes. As mentioned above, an expansive license that includes a condition compelling source code disclosure could significantly undermine the value and competitive advantage for a piece of proprietary software. Check your conditions.
In summary, check your conditions.
What does this mean to you?
OSS provides incredible opportunities for businesses and individuals alike. However, any venture into the world of OSS requires caution and, particularly in the case of expansive or pass-through licenses, the assistance of legal counsel with depth of experience in the field.
Liam Reilly is an associate and Wade Kerrigan a partner with Husch Blackwell LLP.
Click here to sign up for the free IB Ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.