We’re living at a time of heightened awareness of how each of us needs to help protect others from risk. Collaboration, always important, is taking on new meaning today.

Collaboration is crucial in the effective management of open source software, as well. At the heart of open source management is the legal team. Organizations must have a clear understanding of their legal obligations for using code. Safe usage doesn’t just fall on the shoulders of engineering or security teams; legal counsel’s input is vital.

Digital Transformation and Change Management

I’ve talked about the importance of open source in the age of digital transformation. In today’s changed environment, the role of legal teams is evolving quickly to meet the shifting needs of clients, businesses, and stakeholders. As technology continues to evolve and change forces businesses to revisit strategies, legal teams need to be aware of what’s going on. More than give a cursory review of open source license management, they need to engage with it and understand implications of use—at go-to-market and throughout its use. As business models change, legal practices need to align with emerging trends—and remain on top of technological changes within the open source world.

Thousands of open source licenses exist, each with unique obligations, rights, and terms. In short: they’re complex. Managing them properly—and early—is the best way to avoid violations of license agreements. Failure to do so can lead to litigation and reputation damage.

A comprehensive Software Composition Analysis (SCA) program can help protect intellectual property (IP) and avoid legal risk by maintaining legal policies, reviewing licenses, preparing third-party notices, and helping ensure compliance. This is particularly important during an M&A or other due diligence event.

Legal Trends in Open Source Licensing

Last month, my colleague, Marty Mellican, VP and Associate General Counsel at Flexera, joined forces with Leon Schwartz, Associate at GTC Law Group, to present the webinar “A Year in Legal Review for Open Source Licensing.” (You can view the on-demand version of it here.) It provided a fascinating review of legal trends and best practices related to software development.

As Leon highlighted, lawsuits such as Ubiquiti v. Cambium (in which “Ubiquiti alleged that Cambium used Ubiquiti’s firmware as the starting point for” its software solution called Elevate “in violation of Ubiquiti’s Terms of Use and Firmware License Agreement”) and Artifex Software v. Siemens Product Lifecycle Management Software, Inc. (in which Siemens is alleged to have violated the AGPL/GPL) reflect creative approaches to addressing claims regarding open source licensing. How the cases proceed will be informative. Resulting legal decisions can have major implications—particularly if they’re made by a court that doesn’t truly understand open source software.

Concurrently, as more deployments move to the cloud, they bring new concerns about how and where open source is used—even leading to claims of overreach and commercializing. And some providers are moving to a premium model, where open source software is provided for a fee; the core product is open source, but premium features are available at a cost. Each one of these moves requires thoughtful consideration and planning.

As open source becomes increasingly mainstream, there’s even greater demand for legal counsel to think ahead about how a license will be used. Currently, an ISO standard for open source use, OpenChain, is approaching final approval. When approved, the OpenChain project will become a formal compliance standard, which could possibly simplify open source management.