Open Source Compliance
Use of open source software has become widespread in the software industry, with conventional software engineers and program providers being affected just as much as manufacturers of embedded systems. But even if extensive rights of use are granted for programs that can be accessed without a license fee – such as Linux, Apache and Eclipse – this does not mean that users have no obligations to fulfill. Especially when the products being marketed contain components of open source software, that's when license obligations become critical – and failure to comply with them virtually always results in copyright infringement. We can help you, no matter whether you need assistance with open source licenses of your own, or advice on how to market products in compliance with the licenses already in place.
Open Source License Compliance
The use of open source components in your own software requires a thorough examination of the copyright and license requirements. In this area we offer the following services and collaborate with a specialized technical service provider (Tjaldur Software Governance Solutions):
- Examination of the source code regarding licensing information in order to analyze the license requirements and the license compatibility
- Analysis of the source code that is implemented in the binary code of your own product
- Examination of third party components in the object code in order to find out if it contains open source software components
- Verification of the open source licenses of the implemented open source components with respect to the software versions actually in use
- Examination of the license compatibility of the open source licenses used and creation of checklists for the compliance with the license requirements when distributing the software.
- Necessity of licensing your own developments under an open source license.
- Creation of a company-wide open source compliance Policy.
- Audits to verify the open source compliance of processes and products.
In practice it may be observed that many software products contain numerous open source components - mainly libraries -, that are subject to different license requirements, or that single software packages themselves combine code from different open source licenses. For appropriate license compliance the software has to be analyzed to ensure that all license requirements are observed. The emphasis here is on examining the license compatibility and answering the question of whether someone's own developments are subject to the copyleft principle due to the specific software architecture and if those developments have to be released as open source. In this area we have many years of experience in rendering opinions and in rendering advice, especially regarding Linux, Eclipse and Java solutions.
The GNU General Public License (GPL) is the most common license for free software, and it has already been the subject of numerous cases that have ended up in court. Using GPL software, especially if it is combined with developments of your own or with programs subject to other open source licenses, requires that, first of all, you thoroughly analyze your software in light of the so-called "copyleft principle". "Copyleft" is the obligation to impose the license terms of the GPL already in place on the recipient when you distribute software that derives from a GPL program. This can call for an investigation into complex issues, such as exactly which components have to be licensed under the GPL and which do not. With our long-standing experience we can provide a reliable legal assessment.
The GPL has already been enforced in a number of court cases here in Germany. Anyone who provides a development of their own as open source software may demand compliance with the license terms or prohibit further use of the software. Ensuring compliance with open source licenses can often be done without filing legal action, especially in cases involving an accidental license violation, but we can assert your rights as the author of a work in court as well. Users may also be interested in knowing if competitors are complying with open source licenses, in order to ensure that a provider who follows the rules is not put at a competitive disadvantage.
Using open source licenses for new developments may be an instrument for ensuring competitiveness – but exactly which open source license to choose is fundamental to the business model envisaged. In practice various license models have emerged, ranging from a parallel license covering both proprietary software and open source software (known as “Dual Licensing”) to allowing free use of just parts of the new development. We can help you by analyzing the various possibilities available under licensing law.
We are a recognized partner of the OpenChain project, which established an international standard for Open Source License Compliance (ISO/IEC 5230:2020). Here we participated in the development of the specification, which is influenced by our many years of experience.