Open Source Licence Licensing Principles

Home Risk & Audit Software

by | January 27, 2017

There are numerous Open Source Software (OSS) licences available today. These licences generally fall into one of two categories, Permissive licences which allow the software to be reused in any project as long as obligations of the licences are met or Copyleft Licences which require derivative works of the software to be licensed on the same terms.

There are a number of Copyleft licences but the primary Copyleft licence is the GNU General Public License (GPL).  The GPL has various versions and editions such as GPLv2, GPLv3, LGP and AGPL. The aim of Copyleft licensing is to provide a framework that allows ongoing sharing of a published work with clear permissions that grant and defend its users’ freedoms. These freedoms are:

The freedom to run the program, for any purpose.
The freedom to study how the program works, and modify it.
The freedom to redistribute copies.
The freedom to distribute copies of modified versions to others.

Copyleft is a strategy to leverage copyright law to ensure these freedoms are maintained even in derivative works. Copyleft enables licensors to achieve legal protection for free sharing. So Copyleft enables licensors to defend, uphold and propagate software freedom.Open Source Software Compliance

Open Source Software is being broadly adopted in organisations via many routes such as internally developed code (many companies are creating their own apps), reused/third party code from sites such as Github and Nuget, and outsourced code. The rate of adoption of OSS is being driven by technology benefits and business’ processes for managing business risk lags behind.

Organisations that are risk averse and/or regulated industries such as finance and health will have Open Source policies in place to manage licence compliance of Open Source Software

However many organisations particularly from a business level perspective either are oblivious to the licence compliance risks of OSS or decide the cost of managing the OSS is disproportionate to actual risk therefore deem OSS compliance management as an unnecessary or low priority investment. It is quite common to hear the statement “well who will enforce compliance”

There are two organisations today that lead efforts globally to ensure compliance with the GPL family of licences, they are the Free Software Foundation (FSF) and Software Freedom Conservancy The FSF began copyleft enforcement in the 1980s, and The Software Freedom Conservancy has enforced the GPL for many of its member projects since its founding nearly a decade ago. An example case would be the suit against Cisco more details of which can be found here.

The FSF holds the copyright of many GNU packages and although they can only enforce the licences on works to which they hold the copyright they can and do assist with enforcement elsewhere. In the world of proprietary software copyright holders seek monetary damages when their licence is violated for example the work undertaken by the Business Software Alliance . Whereas the goal of the Free Software Foundation is a desire for violators to become compliant and repair any harm to the free software community.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!