Intellectual property basics for startups: open source software

What is open source software?

Open source software is software subject to rights spelled out in the license that accompanies the software. Many consider open source software equivalent to public domain software; open source software is not in the public domain. A public domain program is one under which the author has deliberately surrendered proprietary rights, including all copyrights. Since all proprietary rights to public domain software have been relinquished, no license (ie, permission to use) is required for its use.  Thus, programmers may use public domain software as they see fit, without restrictions imposed by the copyright holder.

In fact, some of the licenses accompanying open source software come with very undesirable consequences, making the use of open source software more risky than traditional commercial software. For example, most licenses do not include any indemnification for third-party infringement claims, which is customary in commercial software licenses.

Other licenses are known as ''viral'' or ''copyleft'' licenses, which means that ''derivative works'' or modifications of the open source software must be distributed under the same open source license. One of the most commonly used open source licenses, the GNU General Public License version 2, contains these viral terms. The consequences of such licenses are potentially severe, because the source code must be distributed with the product and the licensee has the right to modify and redistribute the software at no charge. Thus, a company could lose rights to its proprietary code, could be forced to disclose its trade secrets, and might even lose the right to the exclusive use of its own underlying code since that code must be disclosed in source code publicly.

What are the benefits of using open source software?

Open source software is available for free. Also, some tout open source software as being ''better'' because particularly in the case of software projects that have a large and established community following, the software is arguably more secure and more bug-free because there is a large number of individual developers that are making improvements to the software. In some cases, a feature or functionality may be available with the use of the open source software rather than through a commercial third-party solution for a license fee.

Open source software sounds too good to be true; are there any downsides to using open source software?

The risk of intellectual property infringement is greater with open source software because it is developed without the usual controls present in the commercial software development process. Thus, if a programmer downloads an open source program to which a previous user has added infringing code, the programmer would unknowingly be exposed to liability for infringement, potentially resulting in an injunction or legal damages. 

The procurement process of some companies require that extensive documentation of all open source software use. If your company provides a product that includes open source software, you may have to undergo a more rigorous qualification process to be an authorized vendor to these companies.

Since open source software is free, does my company need to keep track of what open source software we are using?

In order to assess the risk of using open source software, it is important for a company to record its use of open source software, both in its internal development as well as when it engages outside developers, whether they are individuals or third-party companies.

Additionally, each open source license has requirements which must be met in order for a programmer to use the licensed software. Some licenses have more requirements than others. Failure to pay close attention to these requirements and to fulfill them all may result in the voiding of the license. Use of the licensed software under these circumstances would constitute copyright infringement. For example, many companies have been sued for using the Busybox software, but not providing a copy of the source code with it (or a promise to provide it) as required under the GPLv2.

Further, it is customary in nearly all financings and acquisitions that the investors and acquirers will ask about a company's use of open source software. In fact, some large technology companies have very extensive diligence processes that are focused solely on the use of open source. A company's failure to adequately respond to those diligence requests, or if diligence reveals non-compliance with open source licenses or extensive use of ''viral'' licenses, could create concerns for a prospective investor or acquirer. If concerns are significant, it could tank a deal.

In order to avoid the legal risks inherent in the use of open source software, companies should consider implementing an open source policy in order to maintain a record of open source software use and to ensure compliance with the applicable open source licenses. Such a record is essential when responding to due diligence requests in a financing or acquisition or when a prospective customer requires product documentation from its vendors.

Where do I find some of the more commonly used open source licenses?

For a list of the licenses that have been approved by the Open Source Initiative, please check the list of approved licenses at

Download PDF