Open source software helps companies move fast and launch great products. But its use often implicates someone else’s intellectual property (IP), and the potential risks are sometimes overlooked.
Let’s begin by establishing some context with a hypothetical example involving “Edge Innovations,” an early stage tech company that has seen rapid growth thanks to its pioneering software solutions. As part of its development process, Edge Innovations frequently incorporates open source software to speed up development and reduce costs. However, the excitement of a successful product launch quickly turns into concern when the company receives a notice alleging that it has failed to comply with the licensing requirements of a piece of open source software embedded in their flagship product. The company’s leadership team is now faced with a potential claim for copyright infringement, not to mention the risk to their reputation with customers and partners. And a failure to effectively manage the use of open source software in a supply chain can put downstream customers at risk as well.
This predicament serves as a stark reminder of the complexities and risks associated with integrating open source software into commercial products. Let’s explore how businesses can embrace the benefits of open source software while mitigating risks and ensuring that innovations stand on solid legal ground.
Understanding Open Source Licenses
At the heart of the open source movement is a simple yet important principle: sharing software openly to foster innovation and collaboration. However, “open source” doesn’t mean “without rules.” In fact, open source software comes with licenses that specify how the software can be used, modified, and distributed. For companies like Edge Innovations, navigating these licenses is crucial to leveraging open source software (OSS) without infringing on others’ IP rights.
Types of Open Source Licenses
When it comes to OSS, licenses serve as the rulebook for how software can be used, modified, and shared.
For businesses, the failure to comply with OSS license requirements can lead to legal liability for copyright infringement and/or breach of contract. Beyond legal repercussions, there’s a risk to a company’s reputation and relationships with its customers and the open source community—a vital resource for innovation and support.
Best Practices for License Management
Compliance begins with understanding the specific obligations under each license type used within your software. This might include obligations to distribute licenses terms, disclose source code, attribute original authors, or apply the same license to linked works. Here are some best practices for effective license management:
1. Conduct an OSS Audit
2. Establish an OSS Policy
3. Document
4. Educate Your Team
5. Contribute Back to the OSS Community
By understanding open source licenses and embedding compliance into your development process, companies can enjoy the benefits of OSS while safeguarding their IP and maintaining healthy relationships with the open source community.
Handling Compliance Challenges
Navigating OSS compliance requires not just an understanding of the rules but also a readiness to address challenges that may arise. As discussed above, prevention is the first line of defense against compliance challenges. However, even with the best intentions and diligent practices, companies can find themselves facing allegations of non-compliance.
The allegations must be taken seriously and resolved swiftly to avoid escalation. In Jacobsen v. Katzer, 535 F.3d 1373 (Fed. Cir. 2008), the Federal Circuit Court of Appeals held that a violation of the Artistic open source software license may give rise to a federal claim of copyright infringement. And in Versata Software, Inc. v. Ameriprise Fin.,Inc., 2014 WL 950065, at *4-*5 (W.D. Tex. Mar. 11, 2014). (N.D. Cal. 2009), the district court held that a violation of the GPL license gives rise to a claim of breach of contract. More recently, in Software Freedom Conservancy, Inc. v. Vizio, Inc., the Software Freedom Conservancy asserts that, as a third-party beneficiary of open source software licenses, it has the right to police open source license compliance in the courts, i.e., file lawsuits for violations of open source software licenses over software it does not own. That case is currently pending in the Superior Court of the State of California (Case No. 30-02021-01226723).
These cases underscore the legal and reputational risks that companies face when they fail to comply with open source licenses. They also highlight the importance of having robust compliance practices in place, such as regularly reviewing the company’s use of open source components and ensuring that all license obligations are met.
As these cases illustrate, even companies with sophisticated legal and compliance teams can face challenges when it comes to open source license compliance. This underscores the importance of having a structured response plan in place to address potential compliance issues.
Upon receiving allegations of non-compliance, a structured response plan is vital:
1. Internal Review
2. Consult Legal Experts
3. Open Communication
Once a compliance challenge has been identified, the next step is to restore compliance and learn from the experience. Restoring compliance may involve technical adjustments, such as modifying the software to remove or replace the contentious OSS component, or legal actions, like negotiating license terms.
Each compliance challenge also offers a learning opportunity. Conducting a post-issue review to identify what went wrong and how similar issues can be prevented in the future is crucial. This might involve tightening the OSS audit process, improving legal consultations during the software development lifecycle, or enhancing training programs for developers regarding OSS compliance.
Contributing to Open Source Projects While Protecting IP
Engaging with OSS projects is not only about leveraging community-driven innovations but also about contributing back. Companies that actively participate in the open source community can enhance their technological capabilities, foster goodwill, and potentially generate new business opportunities or attract talent. However, navigating the process of contributing to OSS projects while ensuring the protection of proprietary IP requires careful planning and strategic action.
Benefits of Contributing to Open Source
Protecting Proprietary IP in Open Source Contributions
Before any contribution is made, it’s essential for a company to fully understand the licensing requirements of the OSS project in question. This understanding ensures that contributions do not inadvertently affect the company’s proprietary IP or obligate the company in ways that weren’t intended.
Moreover, establishing clear contributor agreements for employees is a critical step. Such agreements delineate the boundaries of what is being shared, ensuring that proprietary code or IP is not mistakenly included in contributions. This clarity is crucial in maintaining the integrity of a company’s IP while allowing it to contribute meaningfully to the OSS community.
Another important practice is the strict separation of proprietary projects and open source contributions within the company. This involves meticulous oversight to prevent the inclusion of proprietary code in open source contributions. Such separation not only protects the company’s IP but also respects the open nature of OSS projects.
Finally, the role of legal and compliance review cannot be overstated. Before significant contributions—such as substantial code submissions or the creation of new features—are made to OSS projects, they should be vetted by the company’s legal team or external counsel. This review process ensures that contributions comply with OSS project licenses and do not compromise the company’s proprietary IP.
These practices form a comprehensive approach that allows companies to contribute to OSS projects effectively while protecting their proprietary interests. Through careful planning and adherence to these principles, companies can engage with the open source community in a way that promotes innovation and collaboration without risking their valuable IP.
Summary
Embracing open source software offers companies a pathway to innovation and market agility but necessitates a careful balance between community engagement and intellectual property protection. The consequences of non-compliance can be significant, but with diligent practices and a proactive approach, companies can successfully navigate the open source landscape and realize the full potential of community-driven innovation.
Brooks Kushman has a robust team of attorneys and agents that lead the firm’s open source practice. Each attorney has extensive experience in the field with industry knowledge that extends far beyond the technology itself. We work to understand the unique needs of each client’s supply chain.
John LeRoy
Executive Committee Member
Michigan
Fanqi Meng
Electrical & Software Patent Prosecution
Michigan
Isaac Slutsky
Co-Chair Patent Prosecution | Electrical/Software Patent Prosecution & Open Source Software Compliance
Michigan
Rachel Smith
Electrical/Software Patent Prosecution & Open Source Software Compliance
Michigan