Open Source Software Compliance: The Devil Is Not So Black as He Is Painted

Article excerpt

Table of Contents

I.   Introduction

II.  OSS Licenses: An Overview

     A. Categories of OSS Licenses

        1. Strong Copyleft Licenses

        2. Weak Copyleft Licenses

        3. Non-Copyleft Licenses

     B. Enforcement of OSS Licenses

        1. Community Enforcement

        2. Judicial Enforcement

        3. Quasi-Judicial (Administrative) Enforcement

III. Copyleft Prevention

     A. Internal Preventive Mechanisms

        1. Policies and Training

        2. Recordkeeping, Due Diligence, and Reporting

        3. Open Source Insurance

     B. External Preventive Mechanisms

        1. Due Diligence and Full Disclosure

        2. Warranty and Indemnification

IV. Remedying Violations and Complying with OSS
    Licenses

    A. Remedial Efforts and Other Considerations

       1. Likelihood of Enforcement

       2. Good Faith Efforts to Comply

       3. Rewriting, Contributing, or Internal Use

       4. Purchasing a Commercial License

    B. Compliance

       1. Notice Requirement

       2. Source Code Requirement

          a. Strong Copyleft

          b. Weak Copyleft

VI. Conclusion

I. Introduction

It is no longer the predominant view that open source software (OSS) (1) and proprietary software are mutually exclusive. (2) Many commercial enterprises effectively utilize open source code (3) when developing various software products. This "mixed-source" software model reduces development costs and times, thus improving the return on investment and overall productivity in developing a product. Incorporating virtually free and available-for-all code into proprietary software avoids the unnecessary work of "reinventing the wheel" because developers do not have to develop the code from scratch, which may be both costly and time consuming. (4) While some studies place the percentage of software developers who regularly use open source code in their work at around ninety percent, (5) it is probably safe to assume that the actual number is much closer to a hundred percent: virtually every software developer uses open source in his or her work. (6)

But along with economic benefits and production efficiency come significant legal risks, exacerbated by the wide availability of OSS components. (7) Open source software source code is usually made available under a generally applicable copyright-based license to use, modify and distribute the software. (8) In return, the licensee usually must comply with certain requirements, (9) such as providing required copyright notices and making the source code available to others. (10) While some licenses are permissive and demand very little, others require any work based on, or even containing only parts of an open source code, to be distributed only as OSS. (11) This variation of copyright (12)--with its departure from the traditional right to restrict use of copyrighted material (13)--has been dubbed "copyleft" (14) by the Free Software Foundation (FSF) (15) to emphasize the unique nature of some OSS licenses that do not restrict use of copyrighted material, but rather promote it. (16)

The requirement to make the source code publically available when proprietary software contains copyleft-covered source code prompted some to name such licenses "viral" or "infectious." (17) For a software enterprise developing proprietary programs, such intermixing essentially presents the enterprise with a Hobson's choice: either to comply with the OSS licensing requirements and possibly lose valuable rights to intellectual property--rights in the parts of the software that include proprietary code--or possibly face a copyright infringement lawsuit. (18) Therefore, it is extremely important to know which license covers OSS or specific source code being used in the development of proprietary software, and its legal implication. (19) Most commercial enterprises and software developers recognize the business and legal risks--and associated costs--that the use of OSS code entails. …