Pitfalls of open source licensing and how to avoid them

Not all open-source licenses are created equal, and if an organization doesn't pay enough attention to the fine print, they may be looking at a cease and desist letter. Here we provide some advice for organizations looking to ensure that they are in full compliance with their open source licenses.

Have you ever met an open source evangelist? These guys have a mantra of faster-better-cheaper that they chirrup so often that it comes out sounding like a single word. But as anyone who’s familiar with both Linux and Java knows, the term open source software (OSS) leaves plenty of room for interpretation. It’s kind of like how free has become a four letter word in the sales industry, as customers no longer believe it. You get emailed offers all the time for a free twenty dollar gift card to Lowes or Target; but you have to subscribe to four different magazines you’ll never read to get it. In the same way, the use of open source in software development comes with all kinds of fine print that can put an organization in a pickle.

The open source risk

TheServerSide asked Dave Gruber (@davegruber5), the director of product marketing at Black Duck Software Inc., about this problem. He admitted that enterprises often fail to understand what they’re getting into. Open source governance is one of the consulting services his company offers precisely because it can be so complicated to navigate these murky waters. There’s no typical approach to dealing with this issue. According to Gruber, “The strategy we recommend to a specific client depends on which licenses apply to the use cases within their organization.”

The strategy we recommend depends on which licenses apply.

Dave Gruber,  Black Duck Software

Just a few examples where tricky issues arise is when open source code is used:

  • Inside the firewall
  • Outside the firewall
  • In commercial products shipped to consumers
  • Embedded in systems as part of a broader supply chain

Each deployment scenario has different requirements and enterprises must map their license styles accordingly. Gruber points out that there’s no shortage of available open source licenses. There are plenty of choices. In the end, it’s not about which licenses you choose so much as understanding how the different components of these licenses are relevant to your organization.

Understanding licensing terms

Part of the freedom of open source development is in the ability of authors to create whatever license terms they like. For example, the terms and conditions might stipulate that a particular piece of code may not be used in a specific application or environment. The developer of that code might not want it used in medical devices because of liability issues. But the terms don’t have to make sense, either. There’s nothing to stop the creator of a brilliant piece of open source code from dictating that you can’t use it unless you adopt a long-haired orange cat and name it after their dear departed grandma. In fact, terms of use that are opaque or that don’t seem relevant are often simply ignored.

Is there a risk or downside associated with using a license that doesn’t cover the way you’re actually using open source in your business? If you violate the basic terms, you can get served with a cease and desist order, sued, or otherwise stuck in a long legal battle over your open source. However, Dave says that this “doesn’t become a problem” when an enterprise enters into a licensing agreement with their eyes open and monitors the use of open source throughout their software lifecycle. So, there’s really nothing to fear - unless Google and Oracle decides to sue you over patent infringement with Java usage in Android.

Has open source licensing ever got your company into trouble? Let us know about your good and bad experiences with OSS.

Dig Deeper on Java application deployment

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.