The use of open source software is very common among developers. The concept behind open source is to allow access to many developers and promote collaboration between them.
A recent example is the website for the European Union’s Digital Response to COVID-19, which provides the public access to an ever-growing database of various open source software, platforms, and solutions to assist medical staff, businesses, and citizens dealing with the pandemic. While the ideals of collaboration and mutual enrichment in using open source are admirable, it is important to note that such software does not exist in a legal vacuum and its use is still subject to a limited and binding license.
The length and level of detail of such licenses vary and may run a single sentence to several pages long. In many cases, these licenses truly denote relative freedom of use, as in the case of MIT and OpenBSD. However, in other cases, the licenses include major implications for the intellectual property rights to software incorporating such open source software.
- Use of open source exposes the source code – An example of a particularly limiting license is the GNU General Public License (GPL for short). This is the most notorious of open source licenses. GPL permits the distribution of software using a GPL component, while stipulating that such derivative software be distributed under the same license, i.e., it requires the public release of the new software’s source code. This requirement could be the death knell for a tech company, as the exposure of any part of its source code may cause it to lose its competitive edge. Unfortunately, early-stage developers and startups often neglect to read the licenses or misconstrue the fine print, or they fail to turn to legal advisors to pinpoint the red flags. There are consequences to this, which could require amendments and many development hours at a later stage when the issue arises.
- Exposure to legal proceedings – The immediate implications of misappropriating open source or breaching the terms of the underlying license are infringement claims by the original creator of the open source software. While these are not very common in open source developer circles, there is still potential for exposure from competitors with an interest in exposing the competing source code. Furthermore, companies run the risk of encountering patent and licensing trolls, which are lurking around the corner waiting for startups to gain a reputation (and money) before slapping them with injunctions and demands for settlement payments.
- Company devaluation or difficulties in raising funds from investors – If your company is in the process of raising funds, it is important to note that the issue of open source will come up in the due diligence process. Non-compliance with open source licenses is a due diligence red flag, with investors engaging companies like Black Duck to analyze possible open source exposures. Savvy investors should always make sure their legal due diligence includes detailed breakdowns of the open source components used in the underlying technology. Spotting a GPL as part of a company’s proprietary software could have significant implications in terms of risk assessment and valuation of the target company. To the extent the component is not easily replaced, the investor could also demand extended warranties addressing the matter, as well as increased indemnification protections in case of third-party claims.
In conclusion, even though open source software may be perceived as low-hanging fruit, before taking a bite, always make sure it is not poisonous.