While open
source software offers significant benefits, managing the technological
and legal risks involved may be as important as any other obstacle
faced by the software developer in managing its business.
The term "open
source software" refers to software that is licensed under
an alternative business and legal framework to what is commonly
known as the proprietary model. Unlike the proprietary model,
where the development and know-how of software is closely guarded
by the software developer, the open source model is based on the
principle that the development and improvement of software should
be open to all who use the software. Proponents of open source
software argue that allowing the widespread improvement of software
results in better and more reliable software. Reflecting this
principle, open source software licenses provide that all users
of the software are allowed to redistribute copies of the software
without paying a fee or royalty, that all users of the software
be given a copy of or otherwise have access to the software's
source code and that all users of the software have the right
to modify the software.
Open source
software's key benefit to software developers is that it provides
a low cost alternative to in-house development or fee-based licensing
of the same software. The cost savings to developers are realized
not only in initially obtaining the software, but may also lie
in the ability to create upgrades, enhancements and fixes to the
software. Many developers also prefer open source software over
proprietary software because the architecture of open source software
may be more transparent.
Significant
Risks
If
not managed properly, the risks of using open source software
can be significant. Perhaps the most significant risk is what
is commonly referred to as the "viral effect." In order
to effectuate the community-based principle of software development,
many open source licenses require users of open source software
to allow others to build upon such user's improvements to the
open source software. The most common provision to this effect
is the relicense term, which provides that modifications to open
source software can only be distributed under the same terms as
applicable to the open source software. In other words, the developer
of the modified software must provide subsequent users of such
software with the right to redistribute the same without paying
a fee or royalty, must allow for the further modification of the
software and must provide the source code to such modified software.
The term "viral effect" comes from the fact that many
relicense terms cover not only actual modifications of open source
software, but also broadly cover any software that is a derivative
of or is based on open source software. In the situation, for
example, where a software developer incorporates an open source
library into a software application that was otherwise developed
by that developer, under some licenses the entire software application
would be deemed a derivative of the open source software and subject
to the open source terms.
For a software
developer who does not intend to further distribute software based
on open source software, then the relicense term may be of little
consequence. For a software developer who uses open source software
in the development of software that it intends to distribute on
a proprietary basis, the application of the relicense term can
have devastating effects. Such developer may be prohibited from
distributing its software on a proprietary basis and may be subject
to infringement damages to the open source software provider.
Some open
source software licenses automatically terminate if the user brings
a patent infringement claim attempting to restrict in any way
others' use of the open source software. The software developer
that owns one or more patents may find itself faced with having
to choose between the value of enforcing its patents against the
costs of losing the open source license and removing open source
software from its software products.
Open source
software licenses also generally do not provide warranties and
indemnities as to the functionality of the software, or as to
the origin and ownership of the software. Users of open source
software often must independently test and verify the software,
which may significantly reduce any cost savings from using the
open source software in the first instance. Open source software
may also contain, inadvertently or intentionally, portions of
other developers' proprietary code that were inappropriately incorporated
into the open source code. If faced with an infringement claim
from the owner of the proprietary code, the user of open source
software will often be on its own in defending and paying any
liabilities resulting from such infringement.
Practical
Steps to Manage the Risks
The
single most important step that any software development company
can take in managing the risks associated with open source software
is to control its intake. Management must act as vigilant gatekeepers.
Many problems faced by software developers in this area stem from
the ill-considered or inadvertent intake of open source software.
This is often caused by members of the development team believing
that the use of open source software, like public domain software,
does not subject the user to terms and conditions. As a result,
these members use open source software without alerting the proper
decision makers. It is critical for software developers to develop
a clearly defined policy for the use of open source software.
This policy should have an appropriate escalation mechanism so
that the risks are considered at the proper management levels.
For example, software developers might consider requiring that
all intake of open source software be cleared by project managers,
and, where key terms such as a relicense term are present, by
executive management and legal counsel. Once established, all
employees and contractors with responsibility for software development
should be educated on this policy.
Open source
software may also be included in software that the company believes
it is licensing on a proprietary basis from a third party. Such
third party may itself unknowingly have included open source software
in its software product. Some of the more typical ownership and
noninfringement warranties contained in proprietary software licenses
do not directly address the use of open source software. Particularly
in situations where such third party software will be used to
develop key products, developers should consult with legal counsel
for a warranty specifically covering the use of open source software.
This type of warranty serves both as a means of requiring disclosure
from the third party provider as well as a means of recovering
for damages that may result from the undisclosed inclusion of
open source software. Where the software is to be included in
key products, however, the ability to recover damages from a third
party may be an inadequate remedy either because of the limited
wherewithal of the third party or common damage limiters in license
agreements. For these situations, the developer should consider
testing and auditing the software to detect any open source code.
Software auditing products are now available to facilitate this
process.
Once the software
developer identifies open source software that it would like to
use, the applicable open source license should be reviewed in
light of the intended use in order to access the risks. One of
the most important considerations is the potential viral effect
of such use. Different open source licenses have different relicense
terms that vary in degree in terms of infecting other software.
The General Public Use License, perhaps the most common of all
open source licenses, broadly applies the relicense term to all
software "based on" the GPL open source software. There
is little consensus or meaningful judicial interpretation as to
what "based on" means. The relicense term in other licenses
more narrowly covers only actual code modifications of the open
source software. Where there is a viral effect concern, developers
may consider strategic methods of using the open source software
to avoid problems. For example, if the relevant relicense term
applies only to actual modifications, the developer might consider
other development methodologies, such as linking to open source
software, that can achieve the same result as actually modifying
code. The developer may also consider developing modifications
of the open source software in modules so that they can easily
be detected and deleted in the event problems subsequently arise.
The use of
open source software should be carefully documented. Careful documentation
may serve as useful evidence if a dispute later arises as to the
extent of the use of the open source software in proprietary software
products. Producing detailed documentation early in the investment
or acquisition process may also help alleviate concerns that the
potential investor or acquiror has regarding the company's intellectual
property.
For more
information, contact Tom Le at the law firm of Stradling Yocca
Carlson & Rauth, 660 Newport Center Drive, Newport Beach,
California, 92660, (949) 725-4000, www.sycr.com.
Stradling Yocca Carlson & Rauth specializes in helping clients
protect and commercialize their proprietary technology and intellectual
property rights. The firm has extensive experience in negotiating
and drafting domestic and international licensing agreements that
govern publishing, distribution and marketing rights, OEM and
other distribution and manufacturing agreements, and agreements
for the acquisition and development of intellectual property through
joint ventures and strategic partnerships.
