Open source software: to be celebrated or cursed?
The use of Open Source Software (OSS) has become widespread. The latest statistics show that 78% of companies run OSS, and a number of mainstream software and hardware products are based on the OSS model – for example Android, Skype, Firefox, Amazon Kindle, Tivo and BT Home Hub.
OSS refers to software where the source code is freely available for use or alteration by the public. Open source software is typically improved as a public collaboration and made freely accessible. Depending on the type of OSS license used, any modifications made to the software by a user may require free release to the public (known as copyleft).
The benefits of OSS are obvious (free software that has been widely tested and improved by an extensive user-base). However the risks should not be underestimated. Support packages and warranty protection are not available with OSS, which can lead to issues. In addition, companies involved in the production of software should be cautious around the use of OSS in their proprietary code; as such company could be compelled to grant public access to source code of software it had envisioned would be proprietary. This is shown in a number of high profile cases involving Amazon, BT and Skype, whereby value source code was required to be released to the public due to the use of OSS.
Despite OSS being used by over three quarters of companies worldwide, recent research shows that 55% of these companies do not have in place a policy or plan for the use of OSS. All organisations using or distributing OSS (and especially those software development companies distributing OSS) should have in place an OSS plan in order to asses any risks posed by the use or distribution of OSS. Organisations should consider putting together a strategy statement (which deals with the overall OSS approach of the organisation and any compliance obligations) and a policy statement (which can be integrated into contracts of employment, if required). Such steps are likely to help prevent enforcement action and issues arising on a future IPO or sale.