IT/IP Law: Has Your Business Contemplated the Risks of Using Open Source Software (OSS)?

Open Source Software (“OSS”) is an area of computer science with a rather rich history. OSS has been a part of the computer landscape for a long time however, its use has of late become increasingly more popular amongst South African businesses. It is, of course, one of the most appealing phenomena in the software industry. Although its notion is old, the decision of whether to use Proprietary Software (“PS”) or OSS should not be taken lightly as such decision may influence business finances and performance. However, often organisations fail to consider the risks and constraints associated with using OSS.

OSS is a pioneering approach to software. ‘Open source’ refers to the idea that software is best written in an open collaborative process where the resultant product is freely obtainable to others top use, improve and distribute without breaking licensing agreements. Effectively users have access to the source code of the OSS allowing them to view and modify the inner workings. This means that the source code related to OSS is shared publicly making it freely accessible to all to use and modify unlike that of PS. Don’t be fooled by the notion that ‘free’ software is software of a lower quality. Utilising the skills of many different developers all with the aim of improving an existing application has, in the past, proven to present software of a very high quality and standard.

So if this sort of software is of such high quality and standard what is stopping all organisations from using and implementing OSS? What are the risks associated with using open source software? Organisations that wish to make use of OSS should analyse both the advantages in addition to the risks associated therein before making the decision to migrate to OSS. Although initial licensing costs are a highlight of OSS, a comprehensive return on investment model ought to be used to give a more accurate view of the costs associated with the process of moving from one software package to OSS (migration). Besides the high costs frequently involved in migrating to OSS, two unique risks associated with the use of OSS are the risk of license restriction and infringement.

Copyright legislation all over the world recognises computer software as a copyrighted work either directly (as is the case in South Africa and the USA) or indirectly as part of works such as literary works (as is the case in the UK). The general rule followed amongst most copyright legislation is that the owner of a copyrighted work has the exclusive right to do and authorise the reproduction, derivation and distribution of the work. Thus, there tends to be an inherent infringement risk associated with the use of OSS. This makes copying, modification and/or distribution of OSS risky as it may constitute copyright infringement and consequently opens the door for a copyright owner to potentially claim for damages, fines and/or imprisonment in certain countries. Subsequently, it is vital that an organisation consult the OSS license as this will define the scope of the copyright in the work and explain what terms and conditions are connected with its use. Even though the code is free to use it will have terms and conditions attached to such use.

OSS licenses may be presented in text files (license.txt) during the download of the software or may be presented via a click-wrap agreement by a statement such as “by clicking download you hereby accept the terms of this license”. Once reviewed, one will notice that OSS licenses may include a range of various terms and conditions. Fortunately, most software developers do not have the time to write their own licenses and use standard license types (such as GPL, Apache, Eclipse…). These sorts of standard licenses are generally rather straight forward. However, there are also certain instances where such license agreements can be complex.

It is thus vital for any organisation wanting to migrate OSS to read the license agreement associated with such OSS prior to implementing same. These licenses may restrict and impose certain terms and conditions on a company, for example, an organisation may have a duty to open its proprietary software source code to others.

As can be seen from the above OSS doesn’t come free from terms and conditions. It is therefore extremely important that organisations offering proprietary software and software developers understand the risks posed by accessing the collective knowledge of software developers. It is advised that all organisations offering proprietary software and software developers know the license restrictions applicable to the OSS they are using and modifying in order to ensure that no open source code gets into any proprietary development project for software that may some day be commercialised.  For more assistance on the topic of open source and/or proprietary software (and the licenses associated with such), IT law and/or intellectual property law as well as any assistance required in evaluating and mitigating your risks herein kindly contact De Klerk and Van Gend IT&IP law  department.

Written by Claire Gibson-Pienaar

Claire Gibson-Pienaar is an Associate in the IT/IP law department,  assisting Gerrie van Gaalen. Contact her at cgibson@dkvg.co.za or Gerrie van Gaalen at gvgaalen@dkvg.co.za

This article is for general information purposes and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact us At DKVG Attorneys for specific and detailed advice.