How to avoid open source licensing pitfalls

Open source software can offer users great commercial advantages when care is taken to address intellectual property issues and minimise contractual risks.


Open source software can offer users great commercial advantages when care is taken to address intellectual property issues and minimise contractual risks.

Open source software has long held an important place in fulfiling the IT needs of business and that role continues to grow.

The software often provides great commercial opportunities, but those ready to take advantage of such opportunities should do so with proper consideration of any associated risks.

In October 2005, Google and Sun Microsystems announced an alliance aimed at promoting Sun's Openoffice software. And even government has woken up to the potential of open source, which it now sees as a viable alternative to proprietary software.

However, it is important to appreciate the risks as well as the opportunities that open source presents. The recent creation of specific open source compliance insurance (with cover of up to £6m in damages) is recognition of the existence of such risk and of the need to protect against it.

The risk of third-party intellectual property rights infringement, specifically in relation to copyright material and/or patents, is a noteworthy concern. Such risk is not confined to open source, but is often perceived to be greater in such a case because of the dispersed nature and larger number of contributions to its underlying code.

Open source licences generally do not provide indemnity protection against this risk, although there are exceptions.

Open source licence terms will often impose a requirement that any person who distributes software derived from open source material must license that material on similar open source terms. 

In addition, some open source software licences seek to impose a contractual obligation on the end-user who bundles open source software with their own proprietary software to distribute the source code of both pieces of software on open source terms, thus "infecting" the proprietary software.

The fact that no proprietary software has been mixed with open source software does not necessarily avoid the infection risk problem. Some open source licences are incompatible with one another. In such cases, it is not possible to combine two pieces of open source software without breaching the terms of at least one of the relevant licences.

Another disadvantage of open source software is that it is provided without warranty protection as to its compliance with a particular standard or performance of a particular function.

The user therefore assumes the risk of problems with the performance of the software. Where such material is then made available to third parties (even if that is on open source terms), there is also potentially the risk of claims by those third parties.

Also, some open source licences have been drafted with little or no professional input. The result is licence terms that are often ambiguous and uncertain. For example, licences will often fail to include a governing law clause and will fail to take into account mandatory legal requirements in many jurisdictions, particularly European ones.

The manner in which open source material is produced and distributed also means that it is not possible to address these ambiguities through negotiation. The user is more often faced with the prospect of taking or leaving the terms upon which the software is offered.

These issues may lead some organisations to decide to avoid open source. However, this is likely to be shortsighted and in many cases impractical. The greater flexibility and freedom associated with open source software may be commercially irresistible. However, there are sensible precautions that an organisation can take.

As a consequence of the ease with which open source can be downloaded from the internet, it can be in operation throughout an organisation without any detailed record of where and how.

Therefore, the first step must be to conduct an audit of current and past open source use across the organisation. Priority should be given to open source material that has been packaged or incorporated into any software passed on to or used by others outside the organisation.

The next step is to assess whether the use made of the open source software in any organisation is compatible with the relevant open source licence terms that apply.

If the current use is not compatible or carries with it an unacceptable risk to an organisation's proprietary software, this does not necessarily mean that the purchase of third-party proprietary software is the only alternative. There may be other software available on less onerous open source terms.

Lastly, open source software is not copyright free or public domain software. Make sure your workforce knows the difference.

Matthew Harris is head of intellectual property and IT litigation at law firm Norton Rose


Read more on IT risk management