Software is eating the biotechnology world. Managers in the traditional biotechnology sector may not be familiar with open source software and related compliance issues, but these issues are bound to come up as they develop technology solutions to the problems of biotechnology.
Many computer programmers like to incorporate code from open source software into software products because there is no point in reinventing the wheel for standard, simple or common software functionalities.
Open source software is software code that is typically free, well-vetted, and commonly used. The source code of open source software (e.g., the human-readable component of software) is made available with a license, provided by the copyright holder, to freely modify and use the software. However, use of open source software comes with strings attached. Some licenses are permissive, meaning that a user is merely required to attribute the underlying software back to the copyright holder. However, other licenses have a “copyleft” requirement for the user of the software to also make the corresponding source code available under the same licensing terms. Violation of the terms of an open source license may open the door to undesirable litigation and bad publicity.
One difficulty in managing open source software may come from combining code under an open source license with proprietary code (e.g., code that is for use under a commercial license). Specifically, the line between what software is covered under which license may be muddied when proprietary and open source code is combined. This may be compounded when the open source code includes a copyleft restriction. A company many not wish for their proprietary source code to be made available for others to incorporate into a competing software product.
Beyond the risk of proprietary software disclosure, these risks may be further compounded with respect to regulated medical devices. The U.S. Food and Drug Administration (FDA) provides an assurance of safety and effectiveness for medical devices through regulation. Typically, software is used as machine-readable code and not source code. Also, at least for safety reasons, software products in a medical device may be designed to be difficult to reverse engineer and modify. However, certain open source licenses may require that source code and installation information is made available so that users may modify the open source software product in a medical device and install the modified open source software product. Use of a software product incorporating such open source license requirements in a medical device may increase the risk that the medical device is disapproved by regulatory bodies due to being tamper-prone or otherwise unsafe.
The numerous benefits of utilizing open source software includes the use and integration of sophisticated software products under an open source license. Examples of these software products include the Broad Institute’s GATK or Google’s DeepVariant for genomic analysis. Many of these software products are provided under permissive licenses that allow for free use, even for proprietary purposes, so long as there is proper attribution to the copyright holder. However, despite being free for use in a proprietary software product, these software products should still be tracked and documented for compliance. Also, although certain versions of such software products may have permissive licenses, future versions of such products may come with more onerous strings attached, such as a stronger copyleft license.
Furthermore, the release of open source software should also be monitored, especially if there is a chance of reuse. For example, releasing a software product to the open source community crowdsources improvements to the product. This may produce a better product than that which was originally released. This strategy may be utilized in less competitive or precompetitive business environments that favor wide adoption and software product improvement over black boxing a proprietary software product. However, an open source software product, including an improved open source software product, cannot be used without being subject to the terms of the associated open source license. This applies even to the original copyright holder of the original software product, who is bound by the terms of the license under which the product was originally released.
Accordingly, the adoption of open source software, whether for use or release, should be properly monitored and documented for compliance. As software products become larger and more valuable, this documentation may become more important to keep and more difficult to comply with. Lack of transparency into the pipeline of software development may lead to violation of open source licenses and open the door to costly and undesirable litigation. These pitfalls should be properly anticipated and adequately dealt with using the proper counsel and tools to balance the benefits of open source software use with the attendant risks.
Paul Liu is an experienced open source and intellectual property attorney at the international law firm of Duane Morris LLP. He also holds an appointment as adjunct professor of law at the Thomas Jefferson School of Law in San Diego, California. Liu previously managed global open source software compliance at Illumina, a leading S&P 500 biotechnology company. He can be reached at firstname.lastname@example.org