Open Source Software: Key Steps to Avoid IP and Licensing Risks

June 27, 2012
Open source software has its advantages, but business leaders must be aware of the potential legal pitfalls.

You have heard of open source software (OSS), right?  A few years ago, to everyone but IT nerds, OSS was just some strange and vaguely scary concept of so-called "free" software written by hippie types in a van.

Most businesses are now more familiar with it, or at least aware of it.  Many still don't trust it, having little perception of its nature and benefits. OSS also has its risks, to be sure, but they can be managed.

There are several unique elements to its copyright and intellectual property aspects of OSS that potential users should consider.   

Many companies are likely more familiar with the traditional software model, and a decision to pursue OSS options brings new intellectual property-related rights and responsibilities -- particularly when it comes to copyrights.

The foremost risk to users of OSS stems from noncompliance with its license terms, which are far from uniform. 

OSS vs. Proprietary Software

The primary difference between OSS and proprietary software is in the availability of the "source code" -- the programming-language instructions that define what a piece of software does.

The traditional model for software development is for a company to write the source code, then sell a usage license to the resulting software package.  Customers can use the software, but the source code that runs the software always remains the private, secret property of the software company.

OSS began as a kind of social movement away from the restrictive licensing business model of traditional proprietary software.  The basic idea was that the quality of software could be improved by being publicly accessible and developed, adapted, improved, and distributed as "freely" as possible. 

Rather than have a team of five or six programmers develop software, the open-source model can have hundreds or thousands of programmers updating and modifying the source code.  It's not as chaotic as it sounds, and the resulting software is often more stable because of the higher volume of quality control checks that is part of the process.  Six overworked people might miss a flaw, but thousands of eyes on the source code will find it.

Literally any business function today has software options both in the proprietary software world and OSS -- accounting, inventory control, personnel, shipping, customer service, etc.

These are the primary differences between OSS and traditional software:

  • OSS is always made available in source code format, unlike proprietary software, whose source code is always a closely guarded secret and never made public.
  • Users of OSS are always free to modify the software themselves to suit customized needs. 
  • OSS is the product of the ongoing collaborative efforts of hundreds, if not thousands, of developers rather than just a handful of programmers who work for the software company. 
  • OSS is distributed at no charge or at nominal cost, very much unlike traditional proprietary software.
  • Open source software is thus both freely available and can be modified to suit unique needs. OSS licensees can also redistribute it -- but only under certain conditions set forth in the license agreement that will be described more fully below. 

Compliance with these license terms is key to avoiding problems with using OSS.  Users are well advised to always have their OSS licenses carefully reviewed by qualified professionals.

Managing OSS Licensing Risks

Under a traditional license, the software vendor grants the licensee (customer) the right to use certain copyrights, such as the rights to make copies and distribute them. 

OSS licenses also rely on copyright law, but the developer grants the licensee the right to modification, use and distribution subject to certain conditions. 

Generally, the licensee is required to see that any redistribution of the software is done on the same terms it was given. That usually means distribution in complete form, with source code, and without restrictions. 

Say a firm adopts an OSS software package for inventory control and hires a development firm to customize it to the needs of the oil and gas industry. Now that this inventory control software has been customized into a perfect fit with the oil & gas industry, the temptation would be to treat the customized software as proprietary and license it to others within the oil & gas industry. 

However, that would violate the terms granted in the original OSS software. That software and source code were distributed freely, therefore the modified version can only be distributed that way as well.

Such license conditions are often referred to as "copyleft" provisions and are intended to ensure that the nature and benefits of OSS are perpetuated downstream. 

Thus, the licensee's choice to use OSS carries the obligation to continue the governing principles of openness and sharing inherent in the concept of OSS. 

The failure to abide by OSS license terms subjects the user to potential liability for copyright infringement. That exposes the user to the possibilities of license termination and a court injunction forbidding the continued use of the software, as well as liability both for damages for its wrongful use and for attorneys' fees. 

OSS and Proprietary Software

Care must also be taken when incorporating OSS software elements into proprietary software.

Bringing OSS elements into an otherwise proprietary software platform might trigger certain license terms known as "viral" provisions.  In strongest form, such provisions could require the user to distribute its modifications, including its own source code, to its downstream users or customers.  Other OSS licenses are more permissive on this issue.

Regardless, if a company is considering adding OSS-derived code to a proprietary software package, it would be well advised to seek out professional help to remain in compliance with all licensing requirements.

What can the user enterprise do to minimize the downside risk of using OSS?

First, it is absolutely critical for the user to be aware of all instances of OSS use within the enterprise, and to know what the specific license terms are for each OSS product used. 
Second, a review and approval process must be in place to ensure that engineers and product teams do not adopt OSS without management knowing about it in advance. 
Third, operational mechanisms must be in place to provide for verifying the satisfaction of the conditions of all OSS licenses. 


The OSS industry provides a valuable initiative for software compliance through the Linux Foundation's Open Compliance Program. It includes a self-assessment checklist, software tools for detecting open source content in software deliverables, and a directory of companies that utilize OSS. 

Open Source Software is a growing force within the business and manufacturing world.  It offers access to stable, low-cost software that can not only help manage a wide variety of business functions, but can also be customized to suit unique needs at a relatively low cost.

OSS software is not "free" however. It carries with it certain obligations and responsibilities and companies should be fully aware of the licensing terms for OSS software and have processes in place to govern and monitor its use within the enterprise.

Dale R. Kurth is Counsel at Partridge IP Law, a Chicago-based IP law firm (www.partridgeiplaw.com).  He has a wide variety of experience in IP, including software licensing and infringement of copyrights, patents, and trademarks.  Dale can be reached at [email protected].

Popular Sponsored Recommendations

Discover how cloud-based PLM with Teamcenter X drives innovation and collaboration

May 4, 2023
Manufacturers face challenges to stay competitive in a rapidly changing world. Discover how PLM software enables manufacturers to harmonize their teams with a single software ...

Navigate Complex Cybersecurity Requirements With Purpose-Built Technology Solutions

Dec. 6, 2023
The CMMC represents a critical mandate from the U.S. DOD. Aerospace & Defense manufacturers that handle controlled unclassified information (CUI) must comply with CMMC requirements...

See how 3M Enabled B2B Buyers with Trustworthy Self-Service Buying Experiences

Sept. 11, 2023
This one-pager explores the importance of enabling B2B buyers with self-service purchasing experiences that engender trust and provides insights into the steps businesses can ...

See how 3M Enabled B2B Buyers with Trustworthy Self-Service Buying Experiences

Sept. 11, 2023
This one-pager explores the importance of enabling B2B buyers with self-service purchasing experiences that engender trust and provides insights into the steps businesses can ...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!