Open Source Compliance Legal
You`re in luck, because today open source licenses are standardized and easy to use. You can copy and paste an existing license directly into your project. Following the case of Jacobsen v. Katzer, Artifex Software Inc. v. Hancom Inc. focused in the United States District Court for the Northern District of California on violations of free software licenses, including breach of contract and copyright infringement. Artifex is the exclusive licensor of the Ghostscript software product under the GNU General Public License version 3. Hancom is a South Korean software company that has used Ghostscript in sold software. If your company plans to be involved in an M&A transaction at some point, whether as a seller or buyer, you should involve your company`s general counsel or seek outside legal advice, as it can be difficult to understand the terms of the license and identify conflicts between different licenses. It`s important to get it right the first time, especially if you`re building packaged or embedded software, as the licensing terms of the software shipped are often more explicit and harder to mitigate later. Patents: Does your company file a patent application whose open source would constitute a public disclosure for your project? Unfortunately, you may be asked to wait (or perhaps the company will reconsider the wisdom of the request).
If you expect contributions to your project from employees of companies with large patent portfolios, your legal team may want you to use a license with explicit patent grant from contributors (such as Apache 2.0 or GPLv3) or an additional contribution agreement (see above). First, create an up-to-date and accurate software bill of materials (SBOM) of all open source components of your software, versions used, and associated licenses. Compile the license texts associated with these components so that you can identify components that are not compatible with the distribution and licensing requirements of your software, or that are not compatible with licenses that may be used by other components of your software. It is important to ensure that the obligations of all licenses have been met, as even the most permissive open source licenses always include an attribution requirement. More traditional organizations are also taking note and making open source software a priority and using the software to gain a strategic advantage in their operations. I work with a wide range of clients, from small startups to large global companies. And the specific nature of license compliance challenges varies by company size. For my smallest and first-time clients, a common challenge is finding the right starting point to develop a license compliance program.
If the company has only a handful of developers and no in-house consultants, it may lack the breadth or expertise to create and implement license compliance policies. The TODO Group has collected best practices from leading companies involved in open source development and has published a guide to help companies successfully implement and operate an open source program desktop. Finally, your project may have dependencies with licensing requirements that you were not aware of. Your project`s community or your employer`s policies may also require your project to use certain open source licenses. We`ll cover these situations below. The OpenChain program includes training and reference materials to help organizations build their compliance programs. This hardware is designed to support the OpenChain specification and general open source compliance activities. It is freely available to all parties for any licensed use case in the public domain.
In Alice Corporation v. CLS Bank, the Software Freedom Law Center (SFLC), has filed a brief with the U.S. Court of Appeals to support longstanding precedents that restrict patent rights for computer programs. [3] [Non-primary source required] The open source community has an interest in limiting the scope of patent law so that the development of free software is not hindered. The SFLC advocated machine or process testing, which limits the patenting of software processes to computers intended for specific purposes. The Court`s decision was consistent with the ideas set out in the SFLC`s factum. Of course, staffing an open source license compliance program can vary greatly depending on the size of the company. A large organization might have an open source committee or open source program office (OSPO) to manage compliance decisions staffed by one or more lawyers and technical managers (and sometimes even a dedicated compliance officer). In contrast, a small startup with a handful of engineers could delegate compliance to a single developer working with an external consultant with open source expertise. In the latter case, the two would collaborate on the development of compliance policies, and the developer would be responsible for managing day-to-day operations. SCO has claimed and still alleges that its employees used GPL-licensed code without proper permission, so the terms of the license were not legally binding. For the code to be licensed under the GPL, the copyright holder must precede the code with a GPL notice, and SCO has not added the notices.
In September 2007, they filed a lawsuit against Monsoon Multimedia, Inc., alleging that Monsoon violated the GNU General Public License (GPL) by embedding BusyBox code in products without releasing the source code. In October 2007, a press release from the SFC announced that the parties had reached a financial settlement and that Monsoon had agreed to comply with the GPL. 22. In September 2009, the Paris Court of Appeal ruled that Edu4 had violated the terms of the GNU GPL version 2 by distributing binary copies of the VNC remote desktop access software and denying users access to the corresponding source code. Olivier Hugot, an attorney at the Free Software Foundation France, said: “Beyond the developer community, in the broader legal and commercial context, compliance with open source licenses is relatively common in the context of financing (debt or equity financing) and M&A transactions, during an IPO and at other critical moments for a project or company.