Leveraging Open Source Code in Your Software
A Guide to Managing Legal Risks
Open source code offers pre-written, readily available libraries that accelerate development cycles and enhance functionality.
However, for companies, incorporating open source code can be a double-edged sword. Popular open source licenses like GNU, MIT, and Apache may have vastly different terms. Some 'copyleft' licenses (also known as viral licenses) may even place restrictive conditions on software built using code or libraries covered by these licenses that require them to also be released under the same license.
While open source code fuels progress, neglecting proper management can expose you to substantial legal, reputational and financial risks.
The Peril of Unmanaged Open Source
The core problem here lies in developers unknowingly integrating open source libraries without fully grasping the associated licenses.
This isn't just a hypothetical situation. It is a real problem with real consequences.
Linksys, a manufacturer of networking equipment, included BusyBox in their routers. BusyBox is a software suite that provides essential tools for embedded systems like routers, typically operating on a stripped-down version of the Linux operating system. These tools allow for functions like configuration, network management, and basic file manipulation.
When software developers at Linksys included BusyBox in their routers, they unknowingly (or perhaps willfully) violated the terms of the GNU General Public License (GPL) under which BusyBox is distributed.
The GPL is a copyleft or viral open-source license, meaning that any software that incorporates GPL licensed code must itself be open-source and adhere to the GPL's terms.
Linksys failed to comply with the GPL in two key ways.
They did not provide the complete source code for their router firmware, which included modifications to the BusyBox code.
They restricted users from modifying the router firmware, which directly contradicted the GPL's guarantee of user freedoms.
This violation resulted in negative publicity for Linksys and created challenges for developers in the router enthusiast community who wanted to modify and improve the firmware on their Linksys routers. However, things could have been much worse. It is not inconceivable that a court could have imposed penalties on the company and forced it to release its entire router software under the GNU GPL.
The open source opportunity: A responsible approach
The good news is that open source doesn't have to be a liability.
A vast array of open-source libraries exist under permissive licenses like MIT, Apache, or BSD. These licenses grant companies much greater flexibility in incorporating the code into their projects, often with minimal requirements like including a copy of the license and attributing copyrights.
To navigate the open-source landscape safely and reap its benefits, companies should establish a well-defined Intellectual Property (IP) Rights Plan. This plan serves as a roadmap for developers, ensuring they:
Identify all open source libraries: Developers must keep a clear record of every open-source library used in a project. Conduct an audit of the libraries already being used.
Understand license terms: Educating developers on the various open-source license structures (GPL vs. permissive licenses) empowers them to make informed decisions.
Standardization: Develop a company-wide policy outlining the process for incorporating and managing open-source code. This policy should include preferred license types and clear guidelines for compliance.
Ensure compliance: The plan should outline procedures for complying with the specific terms of each license used. This may involve including license copies, attributions, or adhering to specific distribution requirements.
Automation: Consider utilizing automated tools to scan codebases for open-source libraries and identify potential license conflicts. These tools can streamline the management and compliance process.
Open source, open for business
By implementing a well-structured IP Rights Plan, companies can leverage the power of open-source code with confidence.
Understanding and adhering to license terms fosters responsible use, mitigates legal risks, and unlocks the true potential of open source collaboration. Remember, a little planning goes a long way in ensuring your innovative projects leverage the best of open source, while safeguarding your company's intellectual property.