Pitfalls of open source licensing and how to avoid them
By Jason Tee
Have you ever met an open source evangelist? These guys have a mantra of faster-better-cheaper that they chirrup so often that it comes out sounding like a single word. But as anyone who’s familiar with both Linux and Java knows, the term open source software (OSS) leaves plenty of room for interpretation. It’s kind of like how free has become a four letter word in the sales industry, as customers no longer believe it. You get emailed offers all the time for a free twenty dollar gift card to Lowes or Target; but you have to subscribe to four different magazines you’ll never read to get it. In the same way, the use of open source in software development comes with all kinds of fine print that can put an organization in a pickle.
The open source risk
TheServerSide asked Dave Gruber (@davegruber5), the director of product marketing at Black Duck Software Inc., about this problem. He admitted that enterprises often fail to understand what they’re getting into. Open source governance is one of the consulting services his company offers precisely because it can be so complicated to navigate these murky waters. There’s no typical approach to dealing with this issue. According to Gruber, “The strategy we recommend to a specific client depends on which licenses apply to the use cases within their organization.”
Just a few examples where tricky issues arise is when open source code is used:
- Inside the firewall
- Outside the firewall
- In commercial products shipped to consumers
- Embedded in systems as part of a broader supply chain
Each deployment scenario has different requirements and enterprises must map their license styles accordingly. Gruber points out that there’s no shortage of available open source licenses. There are plenty of choices. In the end, it’s not about which licenses you choose so much as understanding how the different components of these licenses are relevant to your organization.
Understanding licensing terms
Is there a risk or downside associated with using a license that doesn’t cover the way you’re actually using open source in your business? If you violate the basic terms, you can get served with a cease and desist order, sued, or otherwise stuck in a long legal battle over your open source. However, Dave says that this “doesn’t become a problem” when an enterprise enters into a licensing agreement with their eyes open and monitors the use of open source throughout their software lifecycle. So, there’s really nothing to fear - unless Google and Oracle decides to sue you over patent infringement with Java usage in Android.
Has open source licensing ever got your company into trouble? Let us know about your good and bad experiences with OSS.
06 Mar 2013