OpenLogic recently conducted a survey to determine whether companies have a full understanding of the activities that constitute distribution per the terms of common open source licenses. Highlights of the survey include:
- 67% of the respondents who said their companies don't distribute open source, also stated that they participated in activities - such as giving software to customers or partners, providing downloads of mobile apps , or giving software to outsourcers - that constitute distribution under open source licenses.
- Only 22% of companies were using any tools (open source, internal or 3rd party) or services to determine if they were using open source, despite that 84% of the companies were using open source software.
- 50% of Software developer respondents reported that their companies distribute open source, while only 14.3% of legal staff reported that their companies distribute open source.
Bottom line, many of these companies may be distributing open source without realizing it, thereby risking violation of copyleft clauses of the GPL and other open source licenses.
Distribution is a critical factor, since it triggers additional obligations in open source licenses and therefore additional compliance requirements. Clearly there is a disconnect here. Companies often don't fully realize that their activities constitute distribution under open source licenses.
There are several reasons for this disconnect:
- Companies often don't fully understand what constitutes distribution.
- Information about open source usage is not effectively shared throughout the organization
- Companies don't have tools or processes in place to find and track where open source is used
The good news is that there are clear steps that organizations can and should take to ensure they are complying with open source licenses.
- Develop and open source policy. OpenLogic provides a free policy builder and Wazi provides advice on open source policies.
- Educate technical and legal staff on open source licensing and your open source policy. FOSSBazaar is a community that helps educate companies on open source compliance issues.
- Consider scanning tools to help find where open source is used. There are several free, open source tools available including Fossology , OSS Discovery and BinaryAnalysis.
- Develop processes and systems for tracking the use of open source. The Software Freedon Law Center publishes A Practical Guide to GPL Compliance.
The survey was conducted in June 2010 by OpenLogic and had a total of 82 respondents including members of developer, architect and legal and compliance teams. Respondents came from a mix of small, medium and large companies: 35% were from companies with more than 1,000 employees; 29% had between 50 and 1,000 employees and 29% had fewer than 50 employees.
You can access a full set of survey results here.