The legal implications of using open-source in your custom software application
In my previous article about the ownership of bespoke software, I casually mentioned one of the more complicated aspects—third-party code. In this article, I’m going to dig into that a bit more.
Firstly, let’s straighten out what we mean when we talk about open source software and how it differs from closed source. An example of closed source software is Microsoft Windows itself. When you pay Microsoft for a copy of Windows to install on your computer, you’re buying a licence to use it on some number of devices. You don’t, and won’t, get the source code to Windows itself. That makes it almost impossible for you to create your own version of the operating system, or fix a bug, or change something you don’t like. Compare this to Linux, which is an open source operating system, 1. it’s free, and 2. you have access to the source code to build and change it to suit your needs.
That sounds pretty great, and it is, but there’s more to it. Open source does not mean it’s free (as in price), although it often is. Open source means the source code is available, but it has specific licensing conditions attached. Here is where it gets murky for you, the business owner. It is likely that your developers have used open source software in your application with the intention of saving effort. They aimed to get your application to you faster and at a lower cost. They may also have inadvertently built a time-bomb into your application. Which, if you took my earlier advice and made sure you own your source code, you now own the time-bomb.
What is this bomb? Well, let’s say your developers used some code they found on the internet to implement user logins. Now, since they didn’t write that user login code they, nor you, do not have the copyright to it. There has to be an explicit licence which states that the author allows its use in a commercial project. If there isn’t, that author could later come looking for you for copyright infringement.
You might think it is unlikely that you’ll get caught. However, there have been plenty of cases where software was decompiled, proving that the source code wasn’t original. Further, if you ever plan to sell your company expect that the buyers will want to audit the system as part of their due diligence. It could significantly affect the valuation of your company and what the buyers are willing to pay.
Do a dependency licence audit
Do you know if all the software in your application is correctly licensed and whether you’re adhering to those licence conditions? If not, get in touch with your developers and ask them to list the licences of all the dependencies used in your application. Where there is no licence specified you’ll need to decide what to do. You can try to contact the author for permission or replace it with another solution with clear licence terms.
You should also agree on a whitelist of licences with your developers. They can use this to make an appropriate choice when they’re looking for ways to help you.
Using open source can be a big win for you, and your developers, but you need to make sure you’re not leaving yourself open to legal issues later. Don’t know where to start? I’d be happy to have a 15-minute free call to give you some guidance. Book your call here.