Avoid an open source shipwreck
Floating dangerously below the waterline, icebergs represent a constant danger to shipping in the North Atlantic this time of year.
There are icebergs in business, too. Lurking just out of sight, waiting for the unsuspecting.
Linksys used to be on top. In the Internet boom of the late 90s, they led the home network router market. The world was their oyster. But then Linksys hit an iceberg.
An iceberg made of open source software.
Engineers had incorporated some open source code into their routers’ firmware. Whether through distraction, carelessness or something else, the engineers didn’t realize the consequences of their actions.
After being sued by the code’s owner, Linksys was forced to release its proprietary code as open source. That’s what the open source license legally required.
The competition exploded forward after getting access to Linksys’ source code, and Linksys lost its market advantage.
Linksys routers are still a favourite among home network enthusiasts today because of the open source firmware, but that wasn’t enough to sustain Linksys’ success. Although the name brand is still around, the company is no more.
Last week we uncovered a shocking truth: open source is free, but not free from restrictions. That’s because open source software is still protected by copyright, sometimes even patents.
You must follow the requirements of the open source license. That is how you “pay” for the permission to use the software.
Know thy license.
IP Myth: All open source software licenses are the same.
IP Fact: The Open Source Initiative recognizes almost 100 different open source licenses, each with their own restrictions and obligations.
Standardized licenses have greatly simplified the open source software ecosystem. Despite the large number of recognized licenses, about 80% of open code bases use one of the 10 most popular licenses.
You may have heard the names: Apache, MIT, GPL and others. Each is a standardized license with legal terms that must be followed. The license is chosen by the software creator at the time of releasing the original code as open source.
There are significant differences among open source licenses. If you’re planning to work with open source, it’s essential to understand the differences so you can select code bases with license requirements that align with your business goals.
I don’t recommend just sticking your head in the sand.
Permissive vs copyleft licenses.
There are two general categories of open source license.
A “permissive” license has very few requirements for what you must do if you use the open source code in another project or make improvements to it. With this type of license, your new code or improvements might even be possible to keep as a proprietary or closed source code.
A “copyleft” license, on the other hand, has more significant requirements. If you use this kind of code in another project, or make improvements to it, and then distribute it to others, you must also release all of your code as open source. This is the type of license that Linksys ran into.
Generally speaking, permissive licenses let users decide what they want to do, whereas copyleft licenses are more demanding.
Avoid a shipwreck.
IP Myth: No one ever gets caught misusing open source.
IP Fact: Enforcement of open source licenses is on the rise. Understanding and complying with open source licenses is not difficult.
What went wrong at Linksys? Did management not know the code was used? Did they not understand the consequences?
Or did they know the risks, but assume that no one would ever find out? (People also used to assume that a chunk of ice couldn’t take down a steel ship.)
Successful businesses don’t just hope for no icebergs. They have a strategy for managing their use of open source.
A managed approach.
A few basic steps will keep your business in control:
- FIND OUT what open source codes your business is using, and which licenses apply. Software code scanners are available to help.
- ALIGN which open source licenses have requirements that work for your business, and which don’t. Find a website that explains licenses, or seek legal advice.
- ADJUST, if necessary, to remove codes from your work that have licenses that don’t align to your business, and replace them with other codes that do. It may take some work, but it’s a worthwhile investment in your business.
- GATE your open source adoption, so that only code bases with desired licenses are used. Keep a record of the codes and licenses, when adopted and where used.
- IMPLEMENT easy-to-follow rules for developers, and provide awareness training.
A little control and a little education will go a long way to making your use of open source free. Free from worry, that is. And free from unplanned disaster.
Next week, we will change gears to take a look at your business’s brand and how to protect it.
- If you use open source software, you must comply with the license requirements.
- Some open source licenses require you to also release your code as open source.
- A plan for managing your use of open source software can help avoid unpleasant surprises.
*Todd is Chief IP Officer at Scale AI, and a lawyer, patent agent and IP strategist with 25 years’ experience helping startups, SMEs and multinationals protect and commercialize their IP.
Please Note: Concepts discussed here have been simplified to facilitate learning. You should consult a qualified IP lawyer or agent to discuss your unique IP needs. Protecting your IP should not be a do-it-yourself project.
Scale AI is Canada’s AI Supercluster, investing in AI supply chain projects, acceleration and talent development across Canada. Visit us at www.scaleai.ca to see how we can help your business grow.