The Pitfalls of Open-Source Software

With an increase in access to information, reliance on the collective knowledge of software developers through online forums during the software development process has become a norm. How many times has it happened that a developer is faced with a certain problem, only to find that there exists a solution online, and even better, this solution is available free of charge? It then comes as no surprise that pre-existing solutions or components obtained from various online sources - free of charge - find their way into proprietary software.

Within this paradigm, there lies an inherent risk. Copyright laws over the world recognise software as copyrighted works, either directly, as in the US and South Africa, or as part of a larger species of works such as literary works, as in the UK. All boil down to the fundamental principle that the owner of a copyrighted work has the exclusive right to do and authorise the reproduction (copying), derivation (modification) and distribution of the copyrighted work. At this point the nature of the mentioned risk may already be apparent, but unless the owner of a software component has given the necessary authorisation, the copying, modification and/or distribution of the software component would in all likelihood constitute copyright infringement. As with any kind of copyright infringement, this opens the door to a claim for damages and even fines or imprisonment in certain countries.

The key here is that the copyright owner holds the exclusive right to authorise the copying, derivation and distribution. In the context of free open-source software, open-source software licenses are paramount as they define what the copyright owner has authorised and under what Ts & Cs. Just because something is free, does not mean there are no Ts & Cs.

Open-source software licenses are frequently presented as text files in the download (think license.txt) or even merely through a statement reading “by clicking download you hereby accept the terms of License X” (commonly referred to as click-wrap licensing). The reference license text can then be obtained and read to understand the Ts & Cs. These Ts & Cs can include an unlimited range of dos and don’ts - caveat subscriptor. Luckily, there are standard license types which are used more often than not for this purpose (very few software developers have the time to write their own licenses). Some of these license types may be familiar - Apache, BSD, MIT, CDDL, Eclipse, GNU GPL, GNU LGPL.

Standard licenses can be very straight forward – e.g., fully public domain licenses that merely read along the following lines: “We reserve no legal rights to the software-it is fully in the public domain. An individual or company may do whatever they wish with the source code or any code generated therefrom, including the incorporation of the software, or its output, into commercial software”.

They can also be extremely complex, spanning pages, such as the GNU GPL. As such, the risks presented by incorporating open-source software into proprietary software also varies substantially, the fully public domain license recited above would by example present very little business risk (other than perhaps a lack of support for any component received under such a license). However, a further example is presented below as a warning:

The following is an extract from the GNU GPL v3.0 license text:

“The Program” refers to any copyrightable work licensed under this License.

A “covered work” means either the unmodified Program or a work based on the Program…

To “modify” a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version” of the earlier work or a work “based on” the earlier work.

You may convey a work based on the Program, or the modifications to produce it from the Program… provided that you also meet all of these conditions:

c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy…”

This example showcases why the GNU GPL is commonly referred to as a “copyleft” license requiring all copyrighted works “based on the Program” to be made freely available as well – and it is clear how this can pose a significant business risk when it comes to proprietary software. Should there be a failure to adhere to this term, this would constitute a breach of the terms of the GNU GPL, which in turn automatically terminates any rights acquired under the license – i.e., rendering any use of the “Program” as infringing use due to the authorisation by the owner being terminated.

It is vital for any developer or company focussed on offering proprietary software to understand the risks posed by accessing the collective knowledge of software developers and to mitigate these risks by doing the necessary due diligence on the open-source software being utilised and the Ts & Cs they come with.At KISCH IP we pride ourselves in being experts in the field of open-source licenses and are available to assist in evaluating and mitigating your risks.