9 open source license best practices

9 open source license management rules for startups

Open source software is free like a puppy is free. Make sure you know the hidden costs and pitfalls before you adopt.

9 open source license rules for startups
Image by : 

Beth Cortez-Neavel on Flickr. Public Domain. Modified by Opensource.com

x

Get the newsletter

Join the 85,000 open source advocates who receive our giveaway alerts and article roundups.

Open source software can be a double-edged sword for startups. It can be a startup's lifeblood, because it helps you innovate rapidly without starting from scratch. But, as they say, open source software is free like a puppy is free: The true cost of open source software is obeying open source licenses.

Misuse of open source software can delay or derail investment and corporate exit opportunities. But you can easily comply with open source licenses if you follow these simple rules.

  1. Don't use software without license terms. Some software on the internet doesn't contain licensing notices, but that doesn't mean that it can be used freely. The people posting the software may not have complied with upstream licensing terms. Or the author of the software may not yet have applied a license to the software—open source or otherwise. "No license terms" means no license: You should either avoid using the software or ask the author to apply a permissive license.
  1. Don't violate open source licenses. Open source software use may be difficult for a software owner to track, but that does not mean use and noncompliance go unnoticed. Violating open source licenses can expose a startup to legal liability and public embarrassment, and can even compromise investments or acquisitions. It can also cause potential customers to refuse to buy your products out of fear of downstream liability. Developers have taken great effort to make their software open source—including foregoing licensing fees. Misuse of the software is unfair to those developers and harms the innovation they hoped to facilitate.
  1. Keep track of what software you are using. Someday you will have to provide a list of the open source software you are using. Potential investors and acquirers will ask for the list, and maintaining an up-to-date list will save you considerable time and effort when that request comes. Most open source software downloads include a "license.txt" or "copying.txt" file. Keep a copy of that license and note what software it covers. Most startups track licensed software in a simple spreadsheet.
  1. Understand permissive and copyleft licenses. Open source licenses fall broadly into two types: permissive (BSD, MIT, and Apache) and copyleft (GPL, LGPL, Eclipse Public License, Mozilla Public License, and Common Development and Distribution License). Most companies—and their customers—have no legal concerns over using software under permissive licenses. Complying with copyleft licenses takes more care, however, and may be inconsistent with certain plans for keeping software proprietary.
  1. Comply with notice requirements. Whether permissive or copyleft, all open source licenses have notice requirements. Typically, this means you need to include a copy of the applicable license when distributing open source software. It's generally not sufficient to merely include a link to or short form of the license. It's important to develop a license notice delivery strategy that complies with most open source licenses without confusing or alienating your customers.
  1. Understand which open source licenses work with distributed software. Most open source licenses—other than the Affero GPL—have no conditions for software-as-a-service (SaaS). For distributed elements of SaaS and cloud systems (like JavaScript) or distributed software (including mobile apps and beta tests), you can use software under permissive licenses, but you will need to be especially careful before using software under copyleft licenses. Use GPL software only if it executes 100% in its own process with no linked code—don't believe myths about compliance by dynamically linking to the GPL code or making the customer download the GPL software. Use LGPL software only as a dynamically linked library. And use other copyleft software only if you have not modified the API. Distribution in compliance with the rules of mobile app marketplaces may be incompatible with compliance with certain copyleft licenses (like the GPL or LGPL).
  1. Do not contribute to or release open source software before consulting an attorney. Contributing to and releasing open source software can be a boon for the public, but it may not be the right choice for your business. Once you make a contribution or release, any intellectual property rights you had in the software will be unlikely to form the basis for valuation of your company. Your lawyer can help you understand your choices between degrees of proprietary and open source software and guide this important business decision.
  1. Ensure your employees and third-party developers follow these rules. Whether an open source violation is caused by your employee or a third-party contractor, the resulting legal and publicity issues will fall in your lap. You can avoid these issues through proper training and tracking of open source software.
  1. Plan for the future. Startup business models can change rapidly, and a SaaS model can quickly become a distributed software model. Following the rules for distributed software, regardless of your current model, can provide flexibility for shifting to a distributed software model without having to remove certain open source software and change associated functionalities.

Adopting these rules will help you leverage the benefits of open source software while limiting the risk to your startup's viability for investments and acquisitions. Third parties interested in your startup will want to know how you handle open source software. Make sure that you are prepared and able to provide them with positive and professional answers.

Topics

About the author

Heather Meeker
Heather Meeker - Heather Meeker is a partner in O’Melveny & Myers’ Silicon Valley office. She advises  clients on technology transactions and intellectual property matters.  She is an internationally-known specialist in open source software licensing.  She received the prestigious IP Vanguard Award for private practice from the Intellectual Property Section of the California state bar for 2016.   Best Lawyers named her the IT lawyer of the year for 2018.  The Daily Journal named Meeker to its “Top 100 Women...