Frequently Asked Questions - Open Source Software in Business Use:

(See the glossary if open source is new to you.)

 

Open source - Why would we want to use it? / What benefits does it bring to the company?

Open source is used to accelerate and improve product development and lower the level of costs: rationalizing product development. End user companies use open source as an easy and cheap way to attain software, that is to lower costs and rationalize operations.

Depending on the situation, aforementioned objectives become materialized in different ways. However, the main idea behind open source is that when something is already invented it is not worthwhile to do it again if it is already openly available.

 

Where can open source software be found / Who makes it? Why is it made?

In addition to search engines, internet repositories are in practice the best way to find open source software. The largest and most well-known source code repository hosting service at the moment is GitHub. Also, technology-specific software project and package management tools like Maven (for Java) and npm (JavaScript) are often used in conjunction with public package indexes such as the npm registry and Maven Central Repository. In terms of creators, open source software vary from software made by large-scale enterprises to projects run by foundations and all the way to tool programs developed by a single programmer for their own needs. Often open source software projects start when there is no ready-made adequate software for a certain purpose available.

The motivation of open source developers can come from the need to solve a problem of one’s own, to gain reputation or to contribute to public good as well as from making development more efficient by an open method, from business opportunities and many other reasons.

 

What is open source? Is this a new thing?

Open source refers to software which is published under a so-called open source license. Such licenses allow copying, modifying and redistributing of the software without much restrictions. The Open Source Initiative (OSI) maintains the Open Source Definition. While the label “open source” was created in 1998, the use of open/free software as such is an older phenomenon. For example, the GNU project of the Free Software Foundation is now over 30 years old.

 

What are some well-known open source projects? Where are they used?

The best-known and most significant open source software are, for example, numerous different distributions of the Linux operating system (sometimes referred to as GNU/Linux), Apache web server software, the MySQL database and the Firefox internet browser. Millions of web sites around the globe store their information in a MySQL database and operate on Apache web servers which are installed on different kinds of Linux-based systems.

 

Can we download open source software from the Internet? How?

Yes, you can. Part of the idea and definition of the open source is the free distribution of software. This is why open source software can usually be downloaded from the Internet, depending from, for example, who has made the modified version.

Well-known and high-quality open source software and projects are often the ones most used by other people. Popular projects get more feedback and contributions, more people get interested about them, their continuity is more secure, service provision models start to form around them, etc.

 

What kind of conditions apply to open source software? What are licenses?

Open source software is always licensed under some license, that is to say, a set of terms and conditions which govern the modification, copying, use and redistribution of the software. Usually, these license clauses are the only conditions which regulate the use of the software.

Because programs are often developed or built on or from existing software components, open source software is often covered by more than one license. Unfortunately, licensing of open source projects is not always well-administered or communicated. Reviewing the licensing of open source packages is the main task Validos engages in on behalf of its member companies.

Open source licenses contain different types of license clauses. However, open source licenses that comply with the Open Source Definition always offer the following liberties:

  • freedom to use the software for any purpose,
  • freedom to make copies of the software and distribute those (for a fee or without a fee),
  • freedom to modify software and redistribute modified versions, and
  • freedom to distribute open source software with other software.

In relation to redistribution there are often clauses which require that when redistributing, the original license conditions must be adhered to.

 

Can we modify open source software?

Yes, you can. This is possibly the single most important quality of open source software.

 

Can we distribute open source software to our clients?

Yes. Open source does not set any limitations to that. However, you should check from your client contracts any possible limitations and responsibilities and how the licenses of the software in question fit into your business operations.

 

Will our software products transform into open source when we use open source software?

No, they wont. The use of open source software inside a company never leads to such a result. If, instead of mere use, you mean distribution to your customers, see next answer.

 

Will our software products transform into open source when we distribute open source software with our product?

No, they will not without your own decision (but read this answer through). If your company distributes software under a proprietary license, distributing open source software along with your own code should be planned carefully and carried out with special caution. Some licenses include so-called copyleft clauses which require that, when distributed, any modifications and additions made to the licensed software must be licensed under the same conditions as the original program.

It is a common misunderstanding that copyleft licenses, particularly the GNU GPL licenses, would somehow automatically “infect” or attach to commercial software in instances where software under the copyleft license is included in or distributed with the commercial software. The GPL licenses, or any other copyleft licenses for that matter, do not include any such mechanism. Instead, they contain an obligation requiring that in certain situations, the licensee must apply the copyleft license to the whole distribution comprised of both the licensee’s own code and the original code under the copyleft license. So, instead of an actual “viral effect”, what can happen in certain situations, in particular if you fail to license your own code under the copyleft license, is that you may be considered to be in violation of the copyleft license, which can lead to, among other things, the termination of your rights under that license, and consequently, a copyright infringement. If the infringement has been deliberate, also penal sanctions may be applicable in some jurisdictions, including Finland.

Licensing your product with GPL, or with any other conditions, is your own decision and GPL, or any other license that we know of, does not "infect" your product automatically(*). However, distributing proprietary software together with software under GPL to your clients is not always possible and must in any case be planned very carefully to minimize the risks. It should be pointed out, however, that there are vast amounts of useful open source programs and components that are licensed under more permissive terms and can be distributed without these kinds of restrictions.

(*) We are not aware of any cases (globally) where GPL or any similar license would have been deemed to automatically attach to or "infect" proprietary software. In the rare cases that have proceeded to court, the claims have been geared towards forcing the licensee to either comply with the license or cease to distribute the infringing software. Of course, this does not exclude the possibility that some court could take another, arguably incorrect stance.

 

Can we charge for our product when it includes open source software?

Many open source licenses enable combining open source code with proprietary software without any effect to your revenue model. No open source license prevents you from using the software for business purposes, but licenses that include so-called copyleft clauses may in practice prevent a revenue model based on proprietary software licensing.

Including open source into your product must be planned carefully especially when any of the open source software parts have been licensed under a copyleft license.

 

Can we offer services to our clients over the Internet if we use open source software? How about if we also use our own proprietary products in combination with open source software? What does SaaS mean?

"Software as a Service" (SaaS) refers to a situation in which an application is centrally hosted, for example, by way of a program run on a web server of the service provider and accessed by the user over Internet via a web browser or other client software. Think of the Google search engine, for example: a customer uses the user interface with her Internet browser but the actual data processing is done on Google servers with software and hardware that are completely out of the user's control.

From the viewpoint of nearly all open source licenses, license obligations are mostly triggered only by distribution, and providing a software service over a network is largely comparable to internal use by an organization. The service provider controls the software and the customers, merely having access to the user interface, do not run or control the program themselves. This kind of use is generally not restricted by open source licenses. There are exceptions, however, perhaps the most well-known being the Affero GPL license which extends the scope of the copyleft obligation to cover service provisioning as well in addition to distribution.

 

Can we use open source software commercially?

Open source code can be used in business. The Open Source Definition states that the license "must not restrict anyone from making use of the program in a specific field of endeavor", including in business use. However, there are also software programs downloadable from the Internet under terms that restrict commercial use in different ways: this kind of software is not “open source” within the meaning of the said definition. In any case, you should acquaint yourself well with the licensing of any software before taking it into use.

 

What risks does the use of open source software entail?

The risks in using open source software are largely the same as with any other software. They can relate to, for example, the functioning of the software, security vulnerabilities, availability of support, compatibility of files and formats or to legal issues. Just like with proprietary software, the significance of the risks vary from project to project - some are better, some are worse.

One particular risk is related to the open source community. If a company infringes the licenses or antagonizes the community in some other way, members of the community may react against the company. The community may include employees of the company, employees of clients or suppliers and other active participants. Negative perception of the company in the eyes of the community can lead to negative publicity. However, our experience is that most of the active members of the community prefer to directly discuss any issues with the companies instead of resorting to publicity.

On the other hand, some risks are clearly lower with open source software. When using open source code, a company is not as dependent on its suppliers, it is possible to alter or fix the software and the supplier can be replaced. Further, open source software is almost always easier to test and inspect in advance before deciding on whether to take it into use.

Perhaps the most significant legal risks relate to complying with the license conditions, i.e., how the software has been licensed, what different licensing options it provides and which conditions pertain to which parts. When the licensing status has been established, one can proceed to evaluating whether the software can be attached or linked to proprietary software products, whether the component can be distributed to clients and how, whether changes to the software must be licensed under a particular license and whether a patent license must be granted to such changes. If you distribute open source software without complying with the applicable license conditions, the result is probably at least a copyright infringement. However, your products do not automatically transform into open source.

If you have committed yourself deeply (commercially or technically) to software under the GPL, and you distribute this software as a whole with your closed source software, you may (depending on the situation) end up  infringing the conditions of the GPL license. In a case like this, the copyright holder of the GPL-licensed software may resort to making legal claims against you, for example, demanding that you comply with the license or stop distributing your software. This may result in a situation where you may prefer to, for business reasons, keep distributing the GPL’d software and rather than ceasing the distribution altogether, decide to distribute your own software under the GPL as well. This may be necessary, in particular, when replacing or removing the GPL software is too difficult or in other ways disadvantageous.

 

Where can we get more information on open source software and licenses?

Sources in English:

- www.validos.org - (ie. this site)

- validos.github.io - curated open source compliance resources

- www.coss.fi - site of COSS - the Finnish Centre for Open Systems and Solutions

Validos validates, i.e. reviews on behalf of its member companies, whether any given open source software packages are suitable for the members' use. If you need legal advice in relation to some individual situation or more detailed legal consultation, you should contact a specialized law firm. The service provider for Validos is HH Partners, a law firm serving companies also more generally. COSS has a License Helpdesk which is meant for its members. The License Helpdesk counsels members of COSS in relation to open source licenses.

 

Why shouldn't we take advantage of open source software?

Yes, why shouldn't you? If you are operating a web-centric software business, for example, certain big projects like the Apache HTTP Server or NGINX may be quite difficult to avoid. If you really do not use any open source code, it may be time to change direction. Your clients would probably want better, more affordable products.

On the other hand, your mileage may vary and there is never only one answer. In this day and age, it is unusual but not entirely impossible that your client has prohibited all use of open source code. It may also be that you are unable to find an open source project that suits your specific need. Or it may be that software that is in other ways suitable is licensed in a way not convenient for you, or that the licensing is so tangled that the software of the project is not desirable due to the legal risks. In that case, that particular project is not suitable for you but some other may be.

It has also been claimed that open source management can turn out to be more costly to the company despite it being free. It is true that a company must allocate resources to the management of open source software and open source cannot be taken into use completely without consideration. Validos is in part an answer to this critique: Validos facilitates open source management, implementation and lowers costs by way of multiple organizations chipping in and sharing the results. With Validos, the analysis for the software you are planning to use may well have been done already, slashing the time it takes to make decisions on open source use. In addition, Validos offers great opportunities to learn about open source from other organizations and exchange information on best practices.

 


 

Validos - a new way to deploy open source!

The more members Validos has, the more useful the co-operation is for its members. That's why we are always open for new companies and other organizations. Contact us!