Open source software can offer users great commercial
advantages when care is taken to address intellectual property
issues and minimise contractual risks.
Open source software has long held an important place in
fulfiling the IT needs of business and that role continues to
grow.
The software often provides great commercial opportunities, but
those ready to take advantage of such opportunities should do so
with proper consideration of any associated risks.
In October 2005, Google and Sun Microsystems announced an
alliance aimed at promoting Sun's Openoffice software. And even
government has woken up to the potential of open source, which it
now sees as a viable alternative to proprietary software.
However, it is important to appreciate the risks as well as the
opportunities that open source presents. The recent creation of
specific open source compliance insurance (with cover of up to £6m
in damages) is recognition of the existence of such risk and of the
need to protect against it.
The risk of third-party intellectual property rights
infringement, specifically in relation to copyright material and/or
patents, is a noteworthy concern. Such risk is not confined to open
source, but is often perceived to be greater in such a case because
of the dispersed nature and larger number of contributions to its
underlying code.
Open source licences generally do not provide indemnity
protection against this risk, although there are exceptions.
Open source licence terms will often impose a requirement that
any person who distributes software derived from open source
material must license that material on similar open source
terms.
In addition, some open source software licences seek to impose a
contractual obligation on the end-user who bundles open source
software with their own proprietary software to distribute the
source code of both pieces of software on open source terms, thus
"infecting" the proprietary software.
The fact that no proprietary software has been mixed with open
source software does not necessarily avoid the infection risk
problem. Some open source licences are incompatible with one
another. In such cases, it is not possible to combine two pieces of
open source software without breaching the terms of at least one of
the relevant licences.
Another disadvantage of open source software is that it is
provided without warranty protection as to its compliance with a
particular standard or performance of a particular function.
The user therefore assumes the risk of problems with the
performance of the software. Where such material is then made
available to third parties (even if that is on open source terms),
there is also potentially the risk of claims by those third
parties.
Also, some open source licences have been drafted with little or
no professional input. The result is licence terms that are often
ambiguous and uncertain. For example, licences will often fail to
include a governing law clause and will fail to take into account
mandatory legal requirements in many jurisdictions, particularly
European ones.
The manner in which open source material is produced and
distributed also means that it is not possible to address these
ambiguities through negotiation. The user is more often faced with
the prospect of taking or leaving the terms upon which the software
is offered.
These issues may lead some organisations to decide to avoid open
source. However, this is likely to be shortsighted and in many
cases impractical. The greater flexibility and freedom associated
with open source software may be commercially irresistible.
However, there are sensible precautions that an organisation can
take.
As a consequence of the ease with which open source can be
downloaded from the internet, it can be in operation throughout an
organisation without any detailed record of where and how.
Therefore, the first step must be to conduct an audit of current
and past open source use across the organisation. Priority should
be given to open source material that has been packaged or
incorporated into any software passed on to or used by others
outside the organisation.
The next step is to assess whether the use made of the open
source software in any organisation is compatible with the relevant
open source licence terms that apply.
If the current use is not compatible or carries with it an
unacceptable risk to an organisation's proprietary software, this
does not necessarily mean that the purchase of third-party
proprietary software is the only alternative. There may be other
software available on less onerous open source terms.
Lastly, open source software is not copyright free or public
domain software. Make sure your workforce knows the difference.
Matthew Harris is head of intellectual property and IT
litigation at law firm Norton Rose