Corporate Use of Open Source Software: Dispelling the Myths with a Policy

Abstract

Many companies do not understand open source software and choose to avoid it completely instead of creating an informed policy. Avoiding the issue can lead to developers using open source software incorrectly and potentially exposing proprietary company intellectual property through mandated public disclosure. The legal department for every technology company needs to work with the software development group to create a comprehensive Open Source Policy. The policy should ensure that every piece of open source code that is used by the company is reviewed pursuant to a prescribed process. A good policy will require that the requesting developer list the planned use of the open source code and provide the name of the license covering the code, if known. The proposed use of the code is important because stand-alone, or separably compilable, applications will not trigger certain license’s obligations, such as the publication of source code. There are many distinct open source licenses being used today, each with very different terms. With knowledge of the use and the license, the legal department can investigate the license and make a recommendation based on whether it is a ‘viral license’ (requiring publication) or not. Then, together with the technical point of contact, an informed decision can be made about all source code used by the company. Organisations will discover that using open source software in controlled manner can provide actual cost savings without exposing the company to any risk.