Hidden Legal Risk of Open Source Software

As much as half the code used in all software is comprised of open source software (OSS). Open source components are, by definition, free and available for anyone to use; but there are limitations, including licensing obligations with which software developers must comply. Depending on the component, penalties for failure to comply can be severe.

Development practices have outpaced internal processes to manage legal obligations; and most companies are, therefore, out of compliance. This disconnect is clear when a company building a software product is required to produce an independently verified disclosure of all the open source and commercial code it uses — a common request during mergers and acquisitions, and in working with original equipment manufacturers (OEMs) and large enterprise companies. Organizations are very surprised to see a difference of 20 times or more between what they think they are using and what they really are using; and they are typically out of compliance with each of those previously unknown components.

By taking the lead, legal teams can reduce risk for their organizations. Even if there weren’t the power of copyright standing behind the open source licenses we use, the open source development ecosystem would depend on users to respect the philosophy of the licenses, and give back where possible as well. As more companies start to understand their true dependency on open source, we should expect more financial and technical support for compliance.