MENU

Open Source: licensing pitfalls may outweigh benefits

Open Source: licensing pitfalls may outweigh benefits

Feature articles |
By Julien Happich



The use of open-source software in product development can produce substantial savings, an intellectual property attorney told attendees at the Embedded Systems Conference in Boston last week, but beware of pitfalls. Using such software typically involves agreeing to a pre-defined license that not be ignored. Without careful consideration of the licenses involved, using OSS (open-source software) can yield legal conflict and cost developers their project’s intellectual property.

In his presentation Legal and Practical Concerns with Software Development, attorney Richard A. Leach of Brooks Kushman P.C., told attendees that use of open-source software saves up to $60 billion a year in development costs. Further, he noted, there is a massive amount of such software available. Leach indicated that billions of open-source software files are located in more than 7500 repositories worldwide.

Software is automatically protected under copyright law, Leach noted, and as such it must be purchased or licensed from its creator individually by anyone seeking to use it or develop derivative works based on it. Open-source software, however, has been made available for users and developers under what is called the “copyleft” principle. In copyleft, Leach said, the owner grants a license to the world at large and users simply agree to comply with that license in order to use the software. Leach added that some 2,000 different open-source licenses are in use, although 75% of the software uses one of five main licenses: MIT License, GNU General Public License (GPL) 2.0, Apache License 2.0, GNU GPL 3.0, and BSD License.

A common provision of such licenses, however, is that any software that derives from the open-source software must also be made publically available under the same copyleft provisions. Some of these licenses can be incompatible with one another, so that by combining code blocks with different licenses a developer would create a situation where conforming to one license violates the terms of the other license.


Some licenses may conflict with a businesses’ objectives by forbidding commercialization of derivative products. And some licenses, Leach noted, are “viral” in nature in that not only is the specific software built on the open-source component to be made open source under the license, so is all other integrated software that becomes part of the product. Further, such a viral license not only “infects” the developing company’s proprietary product software, forcing it to be open source, the license can force application software created by the product’s user to also become open source under the viral license.

Leach recommended that companies seeking to obtain the benefits of open-source software take a three-step approach to protecting themselves and their development investment.

  • First, develop an open-source software strategy and put together a company policy specifying which open-source licenses are acceptable for development projects.
  • Second, educate the developers on the licensing issues surrounding open-source software and on the company’s policy.
  • Third, ensure that product software complies with the relevant open-source licenses, and in particular any requirements for notifications regarding the open-source licenses involved.

Leach further recommends that companies identify a “point person” to serve as a central point of contact for all issues and questions regarding the open-source strategy, and that development teams make certain they know if any other third-party software they are using itself uses open-source software.

While the need for care in using open-source software may be discouraging to development teams, however, Leach pointed out that the potential benefits are considerable. He further noted that software and services from vendors like Rogue Wave Software, Black Duck, and Antelink can help ease the developer’s task of complying with their company’s open-source strategy.

About the author:

Rich Quinnell covers industrial control for EE Times.

 

Related articles:

Open source code may unite IoT

Software defined networks snare open source spotlight

Open source to flood IT in 2015

 

ARM moves to LLVM open source for future compilers

 

 

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News

Share:

Linked Articles
10s