Dangers of using open source software in your software applications
The use of open source software (OSS) by businesses in their software applications is becoming increasingly common. If you plan to use OSS as part of your business, it is essential that you check the specific terms of any OSS licence, as you will need to comply with these terms and ensure that they are incorporated or reflected in your own terms and conditions.
What is Open Source Software?
OSS is software which is subject to a licence, which makes the source code available to everyone. Anyone is permitted to see how the source code works and change it, or make it work differently. Closed source/proprietary software is the opposite of OSS and specifically prohibits such rights.
Restrictions on Use
Under the terms of an OSS licence you are generally permitted to access, copy, modify and distribute the underlying source code, provided that you do not place any additional restrictions on access to the source code when passing it on i.e. to your customers. This clearly creates a problem for businesses that have their own software terms and conditions, which usually state the exact opposite.
Types of OSS Licences
There are a number of different OSS licences that are used by the open source community when making software available, and their terms vary considerably.
The GNU General Public Licence (GPL version 3) – includes the restriction that any copies of the OSS (subject to patent licences) must be royalty free.
The BSD – includes a template copyright notice and disclaimer, which must be displayed when using the OSS.
Advantages and Disadvantages of OSS
The obvious advantages of OSS is that:
- It is free;
- It has been extensively tested by a wide user-base and should not therefore contain serious bugs or defects; and
- It is continuously being updated and improved.
However the above advantages have to be weighed against the following disadvantages:
- There is no comprehensive support or maintenance provided for OSS;
- By using it you may have to disclose the source code of your proprietary software;
- The lack of liabilities and indemnities provided in OSS licences.
Liabilities and Indemnities
OSS licences only contain limited warranties about the quality and functionality of the OSS being provided. They often state that the OSS is provided “as is”. In addition no indemnities are given to protect you against claims made by third parties that the OSS breaches their intellectual property rights (i.e. patents or copyrights).
This creates a serious problem for commercial users of OSS, as due to the number of people involved in developing the OSS, it is virtually impossible to verify the source and originality of the OSS. However, your customers will expect you to be liable for and indemnify them against breaches of third party intellectual property rights.
Minimising the Risks
If selling software is not your core business, the risks to your business of using OSS are relatively low. However, if selling software is core to your business, you need to carry out a technical and legal due diligence before using any OSS and maintain a system thereafter to monitor the use of OSS within your organisation.
If you use OSS you should clearly state in your terms and conditions that the OSS, or components, which incorporate OSS, are licenced to customers subject to the terms of the applicable open source licence.
Also when outsourcing any software related services, you should ensure that you include a term in the outsourcing agreement, preventing the supplier from using OSS without your prior consent.