Open-source software (OSS) has become ubiquitous as corporations recognize its cost and efficiency advantages. According to analyst firm International Data Corp. (IDC), OSS makes up 30 percent or more of the computer code at Global 2000 organizations, and the percentage is expected to grow.
But in many companies, legal protections haven’t kept pace. A major concern for in-house counsel is understanding how to properly license OSS so the terms selected provide their companies with necessary use and distribution rights while also protecting their intellectual property assets. A 2011 Gartner survey revealed that more than half of the 500 companies polled have failed to adopt effective policies for evaluating and governing OSS.
OSS is the name given to computer software that is distributed along with its source code. The code, lines of instruction that programmers write to make computers do their work, can be modified by anyone with the programming skills to create new software. OSS is available in a variety of forms from operating systems to applications and programming tools.
OSS differs from proprietary commercial or closed-source software, such as Microsoft Word and Excel, in which users pay for software but don’t see and cannot easily modify the source code. Companies not wishing to be tied indefinitely to a single vendor can instead use OSS such as Linux/GNU code, for example. OSS also speeds the development time for new software. It follows that using OSS can save significant expense.
Matt Jacobs, corporate counsel of Black Duck Software, an OSS consulting firm, compares software developers’ use of OSS to “lawyers who never would start a contract draft from scratch and always borrow parts and pieces from other places. Why reinvent the wheel?” But, he notes, “A big difference is that OSS parts and pieces are covered by copyright. Failure to pay attention to that can be costly.”
In general, OSS licenses differ in how source code can be changed, embedded or incorporated with other source code and, most significantly, the terms on which OSS may be redistributed. This is a critical distinction if a company wants to license or sell software it developed using OSS.
Some OSS licenses incorporate the concept of copyleft, a play on the word copyright. Copyleft makes a program available to others to modify and then requires all modified versions of the program to be freely available as well.
For example, OSS licensed under one of the general public license (GPL) models is incorporated into a company’s proprietary software, and the combined software is licensed or otherwise redistributed. But the GPL may specify that software based on the OSS may not be distributed as a proprietary product. In that situation, other companies may freely use the new software.
“Many companies do not realize that their proprietary software can include OSS and be covered under a GPL license,” says James Kunick, chair of the IP and technology practice at Much Shelist.
The law surrounding OSS agreements and copyleft is still evolving, Kunick says. The 2006 7th Circuit opinion in Wallace v. Int’l Bus. Machs. Corp. and the 2008 Federal Circuit decision in Jacobsen v. Katzer state that copyleft agreements may be effective in ensuring that copies and modifications to OSS remain open source.
Jacobsen also supports the proposition that an open-source licensing agreement may have conditions and covenants that both limit its scope and provide a copyright holder with an actionable claim for infringement if the licensee acts outside the scope of the license, Kunick says.
Another consideration for companies using OSS is the potential impact its use may have on the value of the company if it is being acquired.
“Using software with embedded open- source components may have an adverse effect on a company’s valuation since there is a higher risk of liability for violating the terms of the OSS license for such open-source components,” Kunick says.
Jacobs says searching for potential open-source liabilities is becoming commonplace when companies consider mergers and acquisitions.
“We regularly see targets in the M&A context being caught off guard by the fact that OSS scanning has become a regular part of many serial acquirers’ IP due diligence,” he says. “Some potential targets are catching on and are coming to us proactively in the weeks before a potential acquisition so that they have time to remediate any open-source issues detected in their code base.”
One source of information for in-house counsel seeking to implement or improve an OSS policy is Open Source Initiative (OSI), a non-profit corporation that promotes OSS and has established commonly used licensing terms.
“We promote ease of adoption for open-source software, encourage people to create and use it, help lower legal and other barriers, and sometimes debunk myths about OSS,” says OSI Board Member Karl Fogel.
OSI has approved more than 65 diff- erent OSS core model license agreements, although just 20 licenses govern 97 percent of all projects, Jacobs says. Because license terms can vary significantly, Fogel says, OSI tried to prevent “license proliferation.”
“Reducing the number of different open-source licenses people have to understand makes it easier for everyone to adopt and mix-and-match OSS,” he says.
Because a company may be using OSS governed by a variety of license terms, Kunick recommends performing an IP and/or IT audit to determine a company’s rights with respect to OSS and under which license models software is permitted to be used. He also recommends designating an OSS review officer or committee. Companies should carefully review and follow the terms of all open-source licenses to avoid IP infringement and breach-of-contract claims, along with the subsequent forfeiture of rights to a company’s proprietary software.