Last week VQ attended the very interesting seminar “Free and Open Source Software: Business Potential vs. Legal Obligations” arranged by Black Duck Software and Delphi, with presentations by Peter Vescuso, EVP of Marketing & Business Development, Black Duck, and Johan Hübner, Partner, Delphi. During the seminar we learned about market trends, licensing, business impacts and governance and compliance issues relating to the use of Free and Open Source Software (“FOSS”). The presentation slides from the seminar are available here.
At the seminar, some astonishing statistics were presented, revealing that in average enterprises uses 29% open source software, but that amongst “best-in-class companies” as much as 80-90% open source software is used. Currently there are over 650,000 open source projects are going on worldwide. Mark Driver, Gartner, describes the open source trend as increasing and even inescapable:”Open source is ubiquitous, it’s unavoidable….having a policy against open source is impractical and places you at a competitive disadvantage”. Open source is also the foundation for most global game changers or, as put by American entrepreneur Marc Andreessen, “Software is Eating the World”. Major game changers like Amazon, that completely changed the book business, and LinkedIn, that changed HR recruitments, are all based on open source. Other famous examples of game changers based on open source are Google, Facebook, Skype, Groupon, Android, and even Apple. With over 650,000 ongoing FOSS projects, it is exciting to wait for the next game changer to appear. Many of these projects can be found on ohloh, a free, public directory and community for FOSS projects, connecting project source code repositories with analyzes of the code’s history and ongoing updates.
The rationale for using FOSS can be originated from Joy’s Law, coined by Sun Microsystems co-founder Bill Joy: “No matter who you are, most of the smartest people work for someone else.” By sharing your code you can to some extent get the smartest people to work for you and decrease development costs and lead times, improve the quality of the code, develop add-ons, make your code more widely spread and receive goodwill. The famous quote by Richard Stallman that “If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs.” is something of a manifesto for the FOSS community.
There are however issues to be aware of for enterprises using FOSS. According to a recent Gartner analysis “50% of companies will face challenges due to lack of FOSS policy and management”. It is important to understand that technical decision made by a developer from a pure functional or technological point of view may have both legal and technical management implications. Without an implemented FOSS policy and without keeping track of all used code, you may end up with hundreds of different codes being used in your mission critical software, making it a fright to maintain and to secure compliance with all different licensing conditions. It may also have a substantial impact in a merger and acquisition situation, with potential acquirers being sensitive to uncertainty and regarding open source as such a risk, that it may lead to lost deals, delayed deals or reduced price. Other legal implications may arise from open source issues in the supply chain, as recently happened for Westinghouse, which used components in its produced HDTVs with embedded code under a license they were not aware of and thus did not comply with.
Traditional copyright licensing models focus on the restriction on the user and the usage of the software, whereas the open license models (Free software or Open Source Code) must allow for free redistribution, derived works, no discrimination of fields or endeavor, technology-neutrality etc. All ten critera for open source-licenses and the four freedoms for free software are listed in the presentation from the seminar. An important aspect regarding the licensing, is that open license is not the same as “for free”. If you comply with the licensing criteria you may charge for your software. There is also the possibility to use dual licensing – both an open license and a more traditional license, which includes warranties, support and maintenance.
The most commonly used license is the GNU GPL, but other more permissive licenses like BSD, Mozilla and Apache are catching up. There are two main issues regarding licensing. The first is the copyleft issue for derivatives works: if a software contains parts or the whole of a work licensed under GNU GPL, the entire software must be distributed under GNU GPL. The second is the compatibility issue: the combination of code (software or libraries) or joint distribution of several softwares licensed under different licenses may pose problems.
The main issue, and the next battle, predicted at the seminar, was however the cloud. When using your software as a SaaS (Software as a Service) in the cloud, you have the possibility to circumvent the basic open source ideas by not distributing the code. The main focus will therefore, predictably, be on service and function, and the next battle will be on access to APIs and interoperability between software and services.
As a summary of the interesting, informative and useful seminar, Peter Vescuso and Johan Hübner, concluded that open source software is changing the world and has become an ubiquitous and essential element of software strategy. But any FOSS project requires both legal and technical evaluation, with an understanding of both the legal obligations and the code, community. Realizing the full benefits and ensuring compliance requires policy, process and technology
- Increasing Technical Innovation while Managing Risk & Legal Obligations Presentation Slides
- Contact Peter Vescuso
- Contact Johan Hübner
- Black Duck Open Source Governance and Compliance Whitepapers