Thursday, October 18, 2012

Open Source Software risks

Open-source software (OSS) is software that is available in source code form. OSS is frequently developed in a collaborative manner, but could be developed by anyone that wants to share the software they developed in source code form. As with any software, the key to the rights a party will have is the specific license grant that is applicable to the software. There are a variety of different types of license grants, but usual ones for open source software will permit users to study, change, improve and distribute the software. The most common, referred to as the General Public License or GPL, grants the recipients of the software the right to free distribution under the condition that further developments and applications are put under the same license.

The first risk is comes from the conditions of the license grant. For example if you used General Public License program in developing a product that you wanted to license, your license to your customer has to be under the terms of the original license. The terms have to be GPL terms. If it were provided to you for free, you would need to license it to your customers for free. If you had the right to change, improve and distribute the software, you would need to provide those same rights to your customer not just on the original OSS code, but for the entire application that contains the OSS code.

When you use OSS code or license software or buy equipment that that uses OSS code, the fact that it is Open Source Code does not protect you against claims that the OSS code may be infringing upon a third party’s intellectual property rights, patents or copyrights. This means you could potentially be sued for infringement or you could have your use of stopped by injunction because it was infringing. If the equipment you buy needs the software program to operate, if you were stopped from using the code it would make your equipment useless.

To protect against these risks the first step is to first require the supplier to disclose whether any third party code (including open source code is used. When open source code is used, you want to understand the source of that code and a copy of the license it was licensed under to review. The source of the code can help identify the potential risk. The license will tell you what rights or limitations you will have with what you can do with that code. For example I was negotiating the purchase of a product that had open source code that was both on a General Public License and was by our evaluation from a risky source. Rather than include that code as part of our code, which would made our code subject to a GPL license, we kept the code separate and had customers, license the GPL code directly. The last way to protect against the risks if to make it clear exactly what the Supplier’s responsibility will be in the event there is an infringement claim against the open source code such as making sure that there is an Intellectual Property Indemnity provision in the agreement where they have the responsibility to license the right to use, make the item non-infringing. Many times a supplier may want the option to provide a refund of the price, or worse a refund of the depreciated value of the item in the event of a claim. Always consider what the impact of not being able to use the software or equipment would be if you could no longer use it.