Companies are increasingly realising the potential of being ‘ahead of the curve’ on the use of open source software (OSS). In conjunction with thorough risk-assessment to ensure compliance with the licence requirements, a strategic investment in open source as part of a company’s overall IP management can reap real rewards, says Ivan Waide, IP & Technology Partner at A&L Goodbody in Belfast.
What is “open source software”?
Open source software differs from traditional forms of proprietary software because it is typically available free of royalties or fees, subject to licences indicating the terms under which it can be used, modified and commercially exploited. Open source software originated in the US universities in the early 1970s and since then its use has continued to grow. The Open Source Initiative (OSI) was established in 1998 in order to promote the use of open source software, and was responsible for developing the Open Source Definition comprising certain core criteria to determine whether a licence for software is open source. Today it is believed that open source projects currently available are comprised of over 100 billion lines of code. Indeed, many organisations are increasingly using cost effective “off the shelf” open source solutions for many aspects of their IT infrastructure, as a more cost effective alternative to reinventing the wheel by developing their own bespoke solutions.
Understanding the Legal Issues
Any use of third party intellectual property requires a licence, and the terms of that licence determines the scope of use and any related obligations. Today, there are many hundreds of different OSS licences is use, varying significantly in length, clarity and scope, and ranging from permissive licences to more restrictive types.
Any organisation using open source software should therefore be mindful not only of the potential cost savings and other benefits it can provide, but also the need to conduct a thorough risk assessment to ensure compliance with the underlying licence requirements.
Managing the Risks
Any organisation using or proposing to use OSS should manage its use as part of the organisation’s overall corporate governance procedures. Indeed, good IP housekeeping involves identifying your company's proprietary and licensed-in IP, and part of that will include understanding what OSS is being used for which purposes and on what licence terms, and keeping track of this in a database of OSS being used.
If you are a technology supplier, understanding how you are using OSS and what licence terms apply, will help you ensure compliance with these terms, and ultimately manage reputational risk, for example by avoiding a situation where the actual OSS being licensed to a customer is different from that customer's expectations, or where the terms on which you're licensing to your customer are inconsistent with the terms of the OSS licence. A further interesting point arises in relation to IP infringement indemnity cover. A supplier often finds itself being asked to provide a blanket IP infringement indemnity to a customer (including in relation to open source elements that the supplier is making available to the customer, and in respect of which the supplier is not getting any similar indemnity from the open source publisher). Although insurance for IP infringement claims is becoming increasingly available, a supplier will generally resist giving such an indemnity in respect of the open source elements (or where it does agree to give such an indemnity, it is likely to seek to pass through to the customer the associated insurance costs).
If you are a customer procuring a solution that incorporates open source, you'll want to understand the particular licensing and maintenance requirements that are applicable, and cross-check that with the approach the supplier is taking in the contract. For example, a supplier will be better placed to warrant the compatibility of OSS with its customer's operating environment if it is required by customer to have in place an appropriate support agreement with the original open source developer.
And if you’re looking to sell a business that uses open source software, a potential purchaser will typically want to ask about open source software use as part of its due diligence process, and so understanding fully what OSS is being used will make this sale process much more efficient. It also helps determine (both from a purchaser and seller perspective) what purchaser protections are appropriate in the sale documentation (including for example what disclosures should be made against particular warranties the purchaser may be requesting, and what IP indemnities may be appropriate).