Legal risks and compliance measures
Use of open source software has become indispensable in software development. The modular character of today’s software means that nearly all software development projects contain traces of open source code, through the reuse of whole libraries or parts of libraries. But open source software is not necessarily free of third-party rights: license terms may apply for development of the software, as well as for commercial or other use, and those who violate the terms of the license may face considerable legal consequences. Accordingly, license risks must be taken into account and compliance measures taken even in connection with software development.
Open source software: copyleft and permissive licenses
There are a wide range of open source licenses. But companies primarily use well-known standard licenses which are differentiated based on the presence of “copyleft” clauses. Strict copyleft clauses allow use only if the original license is retained, and are designed to exclude proprietary use of open source software. Those who use licenses with strict copyleft clauses are required to publish changes to the original software under the original license. In the worst case, a single copyleft license may “infect” large quantities of privately developed software. Examples of copyleft licenses are the GNU General Public License (GPL) and the open source software license of the European Union (EUPL). Permissive licenses, e.g. the Apache licenses and the BSD licenses, do not contain a copyleft clause and are therefore easier to use for the development of proprietary software and in commercial projects. But some documentation requirements do apply, particularly relating to the copyright notice, the license terms and liability rules. There are also open source licenses with limited copyleft clauses, which allow proprietary use to a certain extent. An example of this type of license is the GNU Lesser General Public License (LGPL).
Open source compliance and software development
Open source compliance is indispensable in software development. In order to conform with legal requirements, it is necessary first of all to examine the open source software used. On this basis, a robust system should be established to manage the use of open source software, consisting of company policies and employee manuals, including key license requirements and recommendations for action. In addition, processes should be implemented for compliance with licensing requirements and training should be conducted in order to educate employees about license risks. Further information about open source compliance can be found in our one-pager Open Source Software: How Companies Can Avoid License Risks .back