Infographic: Understand Your Open Source Software Licenses
• Up to 95% of code bases have undisclosed open source code from multiple sources
• 25+ million repositories on GitHub
• 400,000+ projects on SourceForge
• 100,000+ of packages, modules & gems in language repositories like PyPl, CPAN, Rubygems.org, etc.
Open source licensing should be easier to deal with now that open source has become the de facto way we build software applications. But if you’re like most enterprises, every time you add a new open source language, or even a library to your tech stack, you’ll most likely be hit with yet another legal roadblock in the form of legal reviews by your organization.
The problem lies in the fundamental dichotomy about open source: it’s free to use but not necessarily risk-free to redistribute. Depending on the license, the way you’ve incorporated the open source code into your code base, and how the final product will be used, you could be:
- Obligated to reveal your codebase, or
Cue the lawyers.
Unfortunately, open source licenses come in all shapes and sizes, with more being added all the time. The following table offers a simplified view of the current landscape from the point of view of a developer creating a commercial product:
- The above recommendations are guidelines, not legal advice – use your own judgement.
- In some cases, certain licenses can be incompatible with others (eg., Eclipse and GPL)
- Open source licenses do get revised. Newer versions may be more or less restrictive than their predecessors. User beware.
At the end of the day, it may still be worth paying a lawyer to get involved. Open source litigation is on the rise, and you don’t want to be on the receiving end of a lawsuit. Your only other recourse is to purchase litigation insurance, most commonly known as “indemnification” from a commercial open source vendor.
The ActiveState Platform provides indemnification provisions as an option for Enterprise Tier customers worried about delays in the software development process caused by legal reviews. The intent of the legal coverage for indemnification means that the lawyers no longer need get involved in your open source decisions, allowing you to get to market sooner.
- For more information on the indemnification provided by the ActiveState Platform, read our License Indemnification datasheet
- To get more details about the different license types, read our License to Code whitepaper.