• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Open Source Software: Managing the Risks for the Software Developer

Posted on: Wednesday, 10 August 2005, 03:01 CDT

Once considered a novel concept, the use of open source software by software developers is now a pervasive practice. In fact, many in the investment and software development communities would argue that a software developer, particularly an early stage company, is not operating as efficiently as it should if it does not at least seriously consider open source alternatives in its development practices. At the same time, many in the same communities likely can recount instances where the use of open source software significantly jeopardized a potential financing or acquisition, or at least had a negative impact on the value of the target company. While open source software offers significant benefits, managing the technological and legal risks involved may be as important as any other obstacle faced by the software developer in managing its business.

The term "open source software" refers to software that is licensed under an alternative business and legal framework to what is commonly known as the proprietary model. Unlike the proprietary model, where the development and know-how of software is closely guarded by the software developer, the open source model is based on the principle that the development and improvement of software should be open to all who use the software. Proponents of open source software argue that allowing the widespread improvement of software results in better and more reliable software. Reflecting this principle, open source software licenses provide that all users of the software are allowed to redistribute copies of the software without paying a fee or royalty, that all users of the software be given a copy of or otherwise have access to the software's source code and that all users of the software have the right to modify the software.

Open source software's key benefit to software developers is that it provides a low cost alternative to in-house development or fee- based licensing of the same software. The cost savings to developers are realized not only in initially obtaining the software, but may also lie in the ability to create upgrades, enhancements and fixes to the software. Many developers also prefer open source software over proprietary software because the architecture of open source software may be more transparent.

Significant Risks

If not managed properly, the risks of using open source software can be significant. Perhaps the most significant risk is what is commonly referred to as the "viral effect." In order to effectuate the community-based principle of software development, many open source licenses require users of open source software to allow others to build upon such user's improvements to the open source software. The most common provision to this effect is the relicense term, which provides that modifications to open source software can only be distributed under the same terms as applicable to the open source software. In other words, the developer of the modified software must provide subsequent users of such software with the right to redistribute the same without paying a fee or royalty, must allow for the further modification of the software and must provide the source code to such modified software. The term "viral effect" comes from the fact that many relicense terms cover not only actual modifications of open source software, but also broadly cover any software that is a derivative of or is based on open source software. In the situation, for example, where a software developer incorporates an open source library into a software application that was otherwise developed by that developer, under some licenses the entire software application would be deemed a derivative of the open source software and subject to the open source terms.

For a software developer who does not intend to further distribute software based on open source software, the relicense term may be of little consequence. For a software developer who uses open source software in the development of software that it intends to distribute on a proprietary basis, the application of the relicense term can have devastating effects. Such developer may be prohibited from distributing its software on a proprietary basis and may be subject to infringement damages to the open source software provider.

Some open source software licenses automatically terminate if the user brings a patent infringement claim attempting to restrict in any way others' use of the open source software. The software developer that owns one or more patents may find itself faced with having to choose between the value of enforcing its patents against the costs of losing the open source license and removing open source software from its software products.

Open source software licenses also generally do not provide warranties and indemnities as to the functionality of the software, or as to the origin and ownership of the software. Users of open source software often must independently test and verify the software, which may significantly reduce any cost savings from using the open source software in the first instance. Open source software may also contain, inadvertently or intentionally, portions of other developers' proprietary code that were inappropriately incorporated into the open source code. If faced with an infringement claim from the owner of the proprietary code, the user of open source software will often be on its own in defending and paying any liabilities resulting from such infringement.

Practical Steps to Manage the Risks

The single most important step that any software development company can take in managing the risks associated with open source software is to control its intake. Management must act as vigilant gatekeepers. Many problems faced by software developers in this area stem from the ill-considered or inadvertent intake of open source software. This is often caused by members of the development team believing that the use of open source software, like public domain software, does not subject the user to terms and conditions. As a result, these members use open source software without alerting the proper decision makers. It is critical for software developers to develop a clearly defined policy for the use of open source software. This policy should have an appropriate escalation mechanism so that the risks are considered at the proper management levels. For example, software developers might consider requiring that all intake of open source software be cleared by project managers, and, where key terms such as a relicense term are present, by executive management and legal counsel. Once established, all employees and contractors with responsibility for software development should be educated on this policy.

Open source software may also be included in software that the company believes it is licensing on a proprietary basis from a third party. Such third party may itself unknowingly have included open source software in its software product. Some of the more typical ownership and noninfringement warranties contained in proprietary software licenses do not directly address the use of open source software. Particularly in situations where such third party software will be used to develop key products, developers should consult with legal counsel for a warranty specifically covering the use of open source software. This type of warranty serves both as a means of requiring disclosure from the third party provider as well as a means of recovering for damages that may result from the undisclosed inclusion of open source software. Where the software is to be included in key products, however, the ability to recover damages from a third party may be an inadequate remedy either because of the limited where-withal of the third party or common damage limitations in license agreements. For these situations, the developer should consider testing and auditing the software to detect any open source code. Software auditing products are now available to facilitate this process.

Once the software developer identifies open source software that it would like to use, the applicable open source license should be reviewed in light of the intended use in order to access the risks. One of the most important considerations is the potential viral effect of such use. Different open source licenses have different relicense terms that vary in degree in terms of infecting other software. The General Public Use License, perhaps the most common of all open source licenses, broadly applies the relicense term to all software "based on" the GPL open source software. There is little consensus or meaningful judicial interpretation as to what "based on" means. The relicense term in other licenses more narrowly covers only actual code modifications of the open source software. Where there is a viral effect concern, developers may consider strategic methods of using the open source software to avoid problems. For example, if the relevant relicense term applies only to actual modifications, the developer might consider other development methodologies, such as linking to open source software, that can achieve the same result as actually modifying code. The developer may also consider developing modifications of the open source software in modules so that they can easily be detected and deleted in the event problems subsequently arise.

The use of open source software should be carefully \documented. Careful documentation may serve as useful evidence if a dispute later arises as to the extent of the use of the open source software in proprietary software products. Producing detailed documentation early in the investment or acquisition process may also help alleviate concerns that the potential investor or acquirer has regarding the company's intellectual property. This may prove critical in a highly competitive investment market.

Software developers should also test the open source software carefully before use. The fact that a multitude of developers participated in the development of an open source application may make it more prone to errors and vulnerabilities. Software developers may in some cases also obtain the software from a provider that will, for a fee, warrant and indemnify for functionality and infringement issues.

Open source software may very well be the wave of the future in software development. For the software developer, the key lies in using open source software in a deliberate and strategic manner.

Tom D. Le

By Tom D. Le, Attorney, Stradling Yocca Carlson & Rauth

Tom Le is a corporate attorney in the Newport Beach office of Stradling Yocca Carlson & Rauth. His practice specializes in representing software and technology companies in corporate matters, including technology development, licensing and strategic arrangements, venture capital financings and mergers and acquisitions. Tom was previously an associate with Morrison & Foerster LLP and Vice President and Corporate Counsel with Fidelity National Financial, Inc. and Fidelity National Information Solutions, Inc. Tom received his J.D. from the University of California at Berkeley School of Law (Boalt Hall) in 1996 and his B.S., magna cum laude.from the University of California at Irvine in 1993. He can be reached at (949) 725-4000 for additional information. Stradling Yocca Carlson & Rauth paid for this space and is solely responsible for its contents.

Copyright CBJ, L. P. Jul 11-Jul 17, 2005

Source: Orange County Business Journal

More News in this Category