Soft­ware deve­lo­p­ment and open source licenses

Legal risks and com­pli­ance measures

Use of open source soft­ware has beco­me indis­pensable in soft­ware deve­lo­p­ment. The modu­lar cha­rac­ter of today’s soft­ware means that near­ly all soft­ware deve­lo­p­ment pro­jects con­tain traces of open source code, through the reu­se of who­le libra­ri­es or parts of libra­ri­es. But open source soft­ware is not neces­s­a­ri­ly free of third-party rights: licen­se terms may app­ly for deve­lo­p­ment of the soft­ware, as well as for com­mer­cial or other use, and tho­se who vio­la­te the terms of the licen­se may face con­sidera­ble legal con­se­quen­ces. Accor­din­gly, licen­se risks must be taken into account and com­pli­ance mea­su­res taken even in con­nec­tion with soft­ware development.

Open source soft­ware: copy­left and per­mis­si­ve licenses

The­re are a wide ran­ge of open source licen­ses. But com­pa­nies pri­ma­ri­ly use well-known stan­dard licen­ses which are dif­fe­ren­tia­ted based on the pre­sence of “copy­left” clau­ses. Strict copy­left clau­ses allow use only if the ori­gi­nal licen­se is retai­ned, and are desi­gned to exclude pro­prie­ta­ry use of open source soft­ware. Tho­se who use licen­ses with strict copy­left clau­ses are requi­red to publish chan­ges to the ori­gi­nal soft­ware under the ori­gi­nal licen­se. In the worst case, a sin­gle copy­left licen­se may “infect” lar­ge quan­ti­ties of pri­va­te­ly deve­lo­ped soft­ware. Examp­les of copy­left licen­ses are the GNU Gene­ral Public Licen­se (GPL) and the open source soft­ware licen­se of the Euro­pean Uni­on (EUPL). Per­mis­si­ve licen­ses, e.g. the Apa­che licen­ses and the BSD licen­ses, do not con­tain a copy­left clau­se and are the­r­e­fo­re easier to use for the deve­lo­p­ment of pro­prie­ta­ry soft­ware and in com­mer­cial pro­jects. But some docu­men­ta­ti­on requi­re­ments do app­ly, par­ti­cu­lar­ly rela­ting to the copy­right noti­ce, the licen­se terms and lia­bi­li­ty rules. The­re are also open source licen­ses with limi­t­ed copy­left clau­ses, which allow pro­prie­ta­ry use to a cer­tain ext­ent. An exam­p­le of this type of licen­se is the GNU Les­ser Gene­ral Public Licen­se (LGPL).

Open source com­pli­ance and soft­ware development

Open source com­pli­ance is indis­pensable in soft­ware deve­lo­p­ment. In order to con­form with legal requi­re­ments, it is neces­sa­ry first of all to exami­ne the open source soft­ware used. On this basis, a robust sys­tem should be estab­lished to mana­ge the use of open source soft­ware, con­sis­ting of com­pa­ny poli­ci­es and employee manu­als, inclu­ding key licen­se requi­re­ments and recom­men­da­ti­ons for action. In addi­ti­on, pro­ces­ses should be imple­men­ted for com­pli­ance with licen­sing requi­re­ments and trai­ning should be con­duc­ted in order to edu­ca­te employees about licen­se risks. Fur­ther infor­ma­ti­on about open source com­pli­ance can be found in our one-pager Open Source Soft­ware: How Com­pa­nies Can Avo­id Licen­se Risks .


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.