So-called “open source” software has become increasingly popular among mainstream corporate information technology departments. Typically developed by unrelated groups of individual programmers, open source software is distributed free of many of the copyright restrictions that come with traditional software. A spate of recent lawsuits concerning the open source Linux operating system serve as a reminder, however, that open source software has the potential to make a software user liable for unknowable breaches of others’ intellectual property (IP) rights. Prudent software users should investigate what types of software the company information technology department is using and then decide, if open source software is being employed, whether the risks of using such software outweigh its benefits.
In contrast with typical commercial software that is usually developed by or at the direction of a single, identifiable entity, open source software is typically the result of a collaboration among many unrelated software developers. Fostering this collaboration is some form of an open source license (often called a “general public license,” or GPL), which requires one who modifies and distributes the code to share the modifications at little or no cost with others, and to make the modified “source code” -- the development-level code -- freely available to third parties, reserving no copyright or trade secret rights.
The open source development process relies, from an IP rights perspective, on a major unverifiable premise: that each of the sometimes thousands of participating developers will honor the intellectual property rights of others when contributing to the code or its related documentation. As a result, there exists the clear potential for a single developer to infect the open source software with proprietary code belonging to another. Even close inspection of the final product cannot ensure that the distributed versions of the code are free from corrupted contributions.
The licenses that typically accompany open-source software reflect this uncertainty: they come with no warranty as to the integrity of the code. Open source licenses thus “shift” the risk of IP liability from the authors of the software to the users of the software. This contrasts sharply with many licenses for software used as part of corporate computer networks, which often promise to indemnify the licensee in the event of suits alleging that the use of the software infringes another’s IP rights.
Because of these inherent risks, corporate users in particular should tread carefully when using open-source software. First, find out whether the company is using open-source software on or in connection with its computer systems. Next, review the terms of any associated licenses. This will define where the potential liability exists. Finally, consider whether the benefits of continuing to use the open source software outweigh the risks of IP liability. While a thorough “due diligence” review of the software may help expose problems with its development, it probably won’t disclose IP issues that have yet to be asserted. In the end, it may be less expensive to pay more for commercial software, if only to purchase the benefit of the indemnification that typically runs with the license.