Does your company develop software that gives you an edge over your competitors? Is the source code for your software a closely guarded secret that adds to your bottom line? Would you be reluctant to publish your source code on the internet? If the answer to any of these questions is yes, then you should know how open source software can negatively impact your business.
Open source software can be defined as any software where the source code is licensed along with the actual functioning program. The source code for a program is the collection of human readable statements that are written and edited by a software developer. Because the source code for open source software is publicly available, a software developer can easily customize the open source software to meet his or her needs. Furthermore, unlike with traditional closed source software, a software developer can easily incorporate one or more open source software components into a larger proprietary codebase. Indeed, websites such as SourceForge.net make it exceedingly easy for developers to access and download open source software components from the internet for free. And because such open source components present a ready-made solution for a given programming task, a software developer can be tempted to utilize the open source component rather than write a new software component from scratch.
The use of such open source software components is fraught with danger, however, because the software comes with certain strings attached. Specifically, each and every open source component comes with its own licensing agreement that specifies how the open source component may be used. Some licenses have fairly benign terms such as requiring attribution for the original author of the open source software. Other licenses, however, have terms that can be draconian and can negatively affect an organization’s ability to maintain its own proprietary software as a trade secret.
One of the most famous (or infamous) of the open source licenses is the GNU General Public License (“GPL”) developed by the Free Software Foundation of Boston, Massachusetts. The guiding philosophy behind the Free Software Foundation is that no software — including proprietary software developed by a business organization — should have an owner. As such, the GPL license was crafted with certain provisions that purport to convert others’ proprietary software into open source software, thus destroying the confidential nature of the proprietary software. The GPL does this by utilizing the concept of a “derivative work” under United States copyright law and conditioning the use of GPL software on acceptance of the GPL license for all derivative works, including proprietary software utilized as part of the derivative work. The practical effect of the GPL is that, under certain conditions, a company’s entire proprietary codebase can instantly be converted to open source software by the inclusion of a single GPL component in the codebase. This feature of the GPL has been likened to an open source “virus” in that a single use of a GPL component in a company’s software product can convert the entire product to open source and force the company to reveal its source code to the public.
The dangers of open source software were illustrated in late 2008 when the Free Software Foundation sued Cisco Systems, Inc. for violations of the GPL. Cisco had allegedly incorporated several GPL open source components into the software used to run its Linksys® brand of routers. Cisco refused to release its source code to the public, however, as required by the GPL. Accordingly, after attempting to negotiate with Cisco over a period of years, the Free Software Foundation filed a copyright infringement suit in the Southern District of New York on December 11, 2008. In its complaint, the Free Software Foundation demanded an injunction against Cisco’s continued use of the GPL software as well as a disgorgement of all profits derived from use of the software. After several months of negotiations, the parties eventually settled their differences in May of 2009. Cisco agreed to pay an undisclosed sum to the Free Software Foundation and also agreed to publish certain source code for the software it had bundled with its Linksys® routers.
In conclusion, companies must be aware that open source software is not “free” and that use of open source software can expose a company to liability for copyright infringement. Because it is so easy for software developers to download open source software and incorporate it into a company’s product line, it would be wise to have controls in place to prevent such unauthorized activities by company employees. It would also be advisable to conduct periodic audits on existing company software to determine if any open source software is being used by the company and, if so, whether the company is complying with the terms of the applicable open source licenses. Because each open source license can be customized by the author of the corresponding open source software, it is wise for a company’s legal counsel to examine each open source license to assess compliance and the risk of liability associated with the license.
Dana Hustins is an associate in the Intellectual Property Section of Smith, Gambrell & Russell, LLP. Prior to obtaining his law degree, Mr. Hustins worked as a software developer for several large companies, including IBM and EDS Corporations.