Skip the navigation

Closing Open-Source Gaps by Developing a Policy

By Mark Radcliffe
November 27, 2006 12:00 PM ET

Open-source software is becoming ubiquitous, but companies need to be aware that its use must be carefully managed. Problems can arise because many open-source licenses require that users who incorporate open-source code in their software must make their code available for free (at reproduction cost), permit modifications of the software and permit redistribution without charging a fee.

These obligations could dramatically decrease the value of commercial software that incorporates open source. And the scope of these obligations is unclear. For example, basic license terms in the General Public License (GPL), the most commonly used open-source license, such as derivative work and collective work, are not well defined for software. Another major concern is that the GPL terminates immediately upon any breach of its terms rather than the more common contract approach of providing a period to solve any such breach.

Failure to address these issues can be expensive. A company that uses software without a license is in violation of copyright law and could be liable for significant damages. Similarly, automatic termination means that a company that incorporates open-source software in a consumer product risks millions of dollars in damages if it makes an error in incorporating open-source software.

The use of open-source software is further complicated because the Open Source Initiative has approved over 50 licenses as meeting the Open Source Definition. Many of these licenses are not compatible. For example, a software module licensed under GPL can't be distributed with modules licensed under the Mozilla Public License.

Despite these uncertainties, Fortune 500 companies such as IBM, Google Inc., Wells Fargo & Co., DaimlerChrysler AG and ETrade Financial Corp. use open-source software. Major companies such as IBM, Oracle Corp., Sun Microsystems Inc., Sony Corp. and Hewlett-Packard Co. have incorporated open-source software in their products, and some companies have shifted from a commercial to an open-source model for major products, such as Sun for its Solaris operating system and CA Inc. for it Postgres database software. Even the U.S. Department of Defense, in a recent strategic report on its IT needs, advocated the use of open-source software. However, the uncontrolled use of open-source software can lead to serious problems. Consider that IBM reduced the purchase price for Think Dynamics Inc. by 30% due to uncertainties arising from the use of open source.

Given these uncertainties, software developers and users need to manage the use of open-source software. It is no longer possible to simply prohibit its use. Rather, companies should avoid these problems by adopting an open-source use policy, which should address the following issues:

  • Use of open-source components in products for third parties.
  • Use of open source for internal purposes.
  • Approved usage models.
  • Implementation of policy by industry experts or outsourced teams.
  • Permitted/forbidden open-source licenses.
  • Rules for contribution by employees to open-source projects.
  • Use of commercial products (Black Duck/Palmida) to audit use of open-source code.
Our Commenting Policies