The pitfalls of open-source software

progrram 1
30 Nov 2021

With an increase in access to information, reliance on the collective knowledge of software developers through online forums during the software development process has become a norm. How many times has it happened that a developer is faced with a certain problem, only to find that there exists a solution online, and even more, this solution is available free of charge? It then comes as no surprise that pre-existing solutions or components obtained from various online sources – free of charge – find their way into proprietary software.

Within this paradigm, there lies an inherent risk. Copyright laws over the world recognise software as copyrighted works, either directly, as in the US and South Africa, or as part of a larger species of works such as literary works, as in the UK. All largely distil down to the fundamental position that the owner of a copyrighted work has the exclusive right to do and authorise the reproduction (copying), derivation (modification) and distribution of the copyrighted work. At this point the nature of the mentioned risk may already be apparent, but to put it in plain terms – unless the owner of a software component has given the necessary authorisation, the copying, modification and/or distribution of the software component would in all likelihood constitute copyright infringement. As with any kind of copyright infringement, this opens the door to a claim for damages and even fines or imprisonment in certain countries.

The key here is that the copyright owner holds the exclusive right to authorise this copying, derivation and distribution, and in the context of free open-source software, open-source software licenses are paramount as they define what the copyright owner has indeed authorised and under what Ts & Cs. Just because something is free, does not mean there are no Ts & Cs…

Open-source software licenses are frequently presented as text files in the download (think license.txt) or even merely through a statement reading “by clicking download you hereby accept the terms of License X” (commonly referred to as click-wrap licensing). The reference license text can then be obtained and read to understand the Ts & Cs. These Ts & Cs can include an unlimited range of do’s and don’ts – caveat subscriptor. Luckily, there are standard license types which are used more often than not for this purpose (very few software developers have the time to write their own licenses). Some of these license types may be familiar – Apache, BSD, MIT, CDDL, Eclipse, GNU GPL, GNU LGPL.

Standard licenses can be very straight forward – e.g., fully public domain licenses that merely read along the following lines: “We reserve no legal rights to the software–it is fully in the public domain. An individual or company may do whatever they wish with the source code or any code generated therefrom, including the incorporation of the software, or its output, into commercial software”.

They can also be extremely complex, spanning pages, such as the GNU GPL. As such, the risks presented by incorporating open-source software into proprietary software thereby also varies substantially, the fully public domain license recited above would by example present very little business risk (other than perhaps a lack of support for any component received under such a license). However, a further example is presented below as a warning:

The following is an extract from the GNU GPL v3.0 license text:

“The Program” refers to any copyrightable work licensed under this License.

A “covered work” means either the unmodified Program or a work based on the Program…

To “modify” a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version” of the earlier work or a work “based on” the earlier work.

You may convey a work based on the Program, or the modifications to produce it from the Program… provided that you also meet all of these conditions:

c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy…”

The above example showcases why the GNU GPL is commonly referred to as a “copyleft” license requiring all copyrighted works “based on the Program” to be made freely available as well – and it is clear how this can pose a significant business risk when it comes to proprietary software. Should there be a failure to adhere to this term, this would constitute a breach of the terms of the GNU GPL, which in turn automatically terminates any rights acquired under the license – i.e., rendering any use of the “Program” as infringing use due to the authorisation by the owner being terminated.

It is therefore vital for any developer or company focused on offering proprietary software to understand the risks posed by accessing the collective knowledge of software developers, and to mitigate these risks by doing the necessary due diligence on the open-source software being utilised and the Ts & Cs they come with. At KISCH IP we pride ourselves in being experts in the field of open-source licenses and are available to assist in evaluating and mitigating your risks.

See also:

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)
Dawid Prozesky

Dawid Prozesky is a patent attorney at KISCH IP. He has experience in Metallurgical process simulation and optimization, and in Software development, and has a BA, an LLB and a... Read more about Dawid Prozesky


Intellectual Property Law articles by

Intellectual Property Law articles on GoLegal