The Federal court has stated that open source licenses have the right to set certain conditions on the use of copyrighted work. Which means even though an open-source license may not ask for royalty compensation, it is still a copyright license and whatever the conditions set needs to be honored. If this set condition is violated, the license disappears, and you are deemed to be a culprit of copyright infringement.
Basically an open source license is just similar to a commercial license where if you use the open-source components, you will have to honor the set conditions of that license. Many developers in commercial software companies download open-source code info and then incorporate it into their commercial software, without actually honoring the license obligations. In this situation, it establishes that the license obligations must be honored, or it is a clear case of copyright infringement which can lead to losing battles in court and losses to your organization.
Therefore every company which sells commercial software should set an open-source governance policy. What’s that? A governance policy consists of the rules put in place in order to use, track, and maintain compliance with the software. This mainly includes the policies surrounding the OSS(Open Source Software), approvals, and their control.
Companies must comply with the licenses that are attached to the OSS that they use in the proprietary software they distribute. A well-designed governance policy will encourage the use of OSS while simultaneously protecting intellectual property and maintaining license compliance. Companies should have clarity on which open-source licenses have set conditions that are acceptable to the organization and can be actualized. Any licenses which have conditions that are not acceptable should not be approved. At the same time, monitor new proposed additions of open source to the proprietary code base, and take appropriate measure to decide if the proposed addition license is acceptable or not.
The organization should also scan for open source in their current source code base, using either manual methods or we could help you conduct a comprehensive Open Source Audit. For many enterprise organizations, open-source is associated with the GPL license, which accounts for more than 50% of the projects in open source repositories. Although many GPL licensed open source projects to have similar project counterparts that are licensed with licenses like Public, MIT, BSD, CPL, or Apache. Companies should know after the scan what sort of inventory they have, how much more you are going to get, manage them with the policy set in place, audit that and report it in a systematic manner.
This open-source governance policy should be enforced in the organization throughout and a proper review process should be set in place. The policy should identify the license types that are acceptable to the organization, with a structured approval process set in place. Review the checklist and enforce the policy. The goal here should be to make the process clear and easy for developers so they can save time and money by utilizing open-source that complies with the goals of the company. A governance policy is rather useless if the company admins cannot see what is being used.
A structure and well planned open source governance policy will not only help your organization to control and manage the OSS in your code, but it will also give your developers the freedom to use the OSS which will eventually save them time to build better products at the same time increase innovation. Without this in place, OSS can end up being expensive and will take more time if a developer finds out that the OSS they used has a license that is against the company’s policy.
Contact us at firstname.lastname@example.org to help you out with Open Source Governance Policies.