Technology, the law and you: Open-source software

Open-source software
Stephen Sauer

The software that companies use for the basics says a lot about them – there are stodgy Microsoft shops with creaky legacy apps from the Windows XP/IE6 days, feather-light Google Apps startups with everything in a browser, and so on.

Fully free and open-source software (FOSS) companies – with their LibreOffices and Hadoops and ClamAVs – give off a distinct whiff of technological savvy. After all, they’re skillful enough to not have to pay software licensing costs.

PART I OF THIS SERIES:Technology, the law & you: BYOD

But “free as in beer” isn’t really the point – huge numbers of corporate open-source users opt for paid commercial versions of open-source projects, for simplicity and support. And then there are all those various licenses that protect the openness of the software – GPL, Apache, Eclipse. But the good news is that, with very few exceptions, there aren’t many legal issues for the average company to worry about.

The licensing issues that cause such upheaval among the developers and corporate backers of open-source software – one recent dispute between Canonical and free software advocates led indirectly to the acrimonious departure of the head of a popular Linux distribution – generally aren’t applicable to the end-user.

Avi Freedman is the founder of Kentik (formerly CloudHelix), a large-scale network management startup that recently exited stealth mode. He said that while Kentik carefully manages its own use of open-source code in the development of its core SaaS network visibility offering, companies that aren’t developing their own saleable services don’t have to worry.

“As an end-user, there’s nothing I’ve seen that would be an issue, even with the most restrictive GPL versions,” he told Network World. “The bigger issue is if you become a service provider, but then also want to sell a software stack – so for a company that uses open-source components to iterate on, you have to be very careful about licenses.”

Heather Meeker is an attorney and partner at O’Melveney and Myers, and an expert on intellectual property, software copyrights and open-source licensing strategy. She told Network World that even in highly regulated industries like healthcare and finance, open-source licenses generally aren’t an issue for users.

“Even assuming disclosure of source code could violate the law or cause security problems, most open-source software licenses do not require any disclosure of source code unless one is distributing the software,” Meeker said. “Use of the software usually has no requirements.”

There is, however, a notable exception - The Affero GPL is designed to broaden the applicability of the standard GPL to companies that are using AGPL-licensed software to distribute a service, even if they’re not distributing the software itself. That’s important, since it could be interpreted to mean that companies using AGPL-licensed cloud products have to be treated as developers under the license and forced to disclose their code.

“It’s a little vague as to what the scope of that disclosure requirement is,” said Bill Weinberg, Black Duck Software's senior director of strategy.

The AGPL isn’t a concern for most companies, though Weinberg said that vendors doing dual licensing – i.e., there’s both a proprietary and an open version of the product, a la – are starting to use it to push customers toward the commercial option.

“Its use has grown, I would not say organically, so much as it’s grown as part of a poison-pill regime,” he said. “If you want to encourage people to buy your commercial goods, as opposed to just using your open-source version, then you make the open-source license onerous to as many people as possible.”

Needless to say, this has made the AGPL unpopular with large sectors of the open-source community, who see it as a way for vendors to reap the rewards of the open model without having to offer a meaningful free version of their product.

As such, it’s pretty much the only legal pitfall we can think of for open-source end-users, who otherwise don’t have much to worry about where the law is concerned.

Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022