Open source software and open source risk management have been widely adopted on the enterprise level since the open source concept’s inception in the 1970s and 80s. In fact, open source has been so widely adopted that many organizations, including yours, may be using it unknowingly. It is not uncommon for organizations of any size to be using open source without any notice, whatsoever.
Take OSS in the mobile arena for example. The data in OpenLogic’s Predictions and Trends Presentation shows that 71% of mobile apps licensed under GPL, Apache, and LGPL (the three most chosen licenses by developers) are not in compliance.
Usage of OSS may be as widespread as it is unknown, but that does not necessarily make its usage ok. This should not be interpreted as a great concern for your organization, but rather recognized as a need for compliance.
What is open source software compliance?
Software compliance is essentially the ability to display that you, or your organization, have met the license terms and requirements of a given software package that were agreed upon at the time of installation. In other words, if you, or your organization, are using more licenses than have been purchased or agreed upon, whether it be unknowingly or in an effort to cut costs, you may be susceptible to legal liability and a court case. It does not necessarily matter if licensed open source software is being physically shipped or not. If you are using it, the open source licenses are legally enforceable and are being enforced. The bottom line is, every organization must be prepared to explain their use of open source software.
It is important to know that open source software is licensed software; the open source licenses are what make the software “open source”. The open source definition, as maintained by the Open Source Initiative, is actually an umbrella idea that encompasses many different licenses. Currently, there are 69 OSI-approved open source licenses, and there are hundreds of other licenses in existence today. A list of the OSI-approved licenses can be found here.
Fortunately, there are convenient solutions available to organizations to ensure that they are in compliance with the open source licenses of their software. Source code scanners such as OpenLogic’s free and open source tool OSS Discovery can find the open source software included in internal applications and installed on corporate workstations and servers. OSS Discovery does not require access to source code, so it's ideal for taking inventory of open source in deployed applications or on servers and desktops.
Compliance could be thought of as something that has been required and expected of companies, or it could be thought of differently. There are advantages of compliance. Companies are increasingly using compliance to differentiate themselves from their competitors from a marketing standpoint.
Regardless of your motives, compliance is a great move for any organization. Take the time to learn more about how your organization is using open source and how you can take steps to begin to comply. I think you will find that the benefits far outweigh the consequences.
Allowed tags: <a> link, <b> bold, <i> italics
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.