A feature of the software world over the last 20 years has been the rise and rise of open source software (OSS). From its origins in US academia in the early 1970s, OSS emerged into the mainstream in the 1990s, continuing into widespread use throughout the 2000s and 2010s so that it is today approaching ubiquity.
What is open source software?
In essence, open source software is software provided under a licence which grants certain freedoms to a licensee. It is often free and used by developers to produce the foundational elements of software. But not always. It should properly be seen as a range of associated licensing techniques: there are many different types of OSS licences differing widely in clarity, length and legal effect.
Looking ahead
The scope and appeal of open source software is only likely to increase, due to a fairly unique combination of circumstances:
- The internet. Open source software modules are readily downloadable from software library sites like net and github.com. To that extent open source is similar to other software delivery techniques that the internet powers, like virtualisation, software-oriented architecture (SOA), software as a service(SaaS) and cloud computing, all of which are following a trend of increasing adoption throughout the 2010s.
- The current generational shift in the software industry. The generational shift from the traditional “software as a licence” – on the PC at home or in the server room at the office – towards remote, service-based computing which embraces these internet-enabled delivery techniques is now firmly established. This shift is another spur for OSS.
- The rise of smartphone and tablet devices. Smartphones and tablets are increasingly challenging the dominance of the desktop and laptop as the primary computing device. The software running on these devices both from an operating system perspective (such as Android and Tizen) and also the applications available on “app stores”, have opened up new markets and scenarios for open source software to be used.
- The rise of the Internet of Things (IoT). IoT can be broadly described as the interconnecting of physical devices with software and sensors and enabling these devices to communicate with each other and the internet. IoT is tipped to be one of the greatest technology innovations of the 2020s and open source software is a key enabler of IoT.
Plethora of open source software licences
Today, there are many hundreds of open source software licences in use, varying widely in length, clarity, intent and legal effect, and ranging from the intrusive, “copyleft” General Public Licence (GPL) through to short licences containing virtually no obligations.
OSS licences can be broadly grouped into two distinct categories. These are:
- Permissive licences.
- Restrictive licences (also known as “reciprocal”, “hereditary” or “copyleft” licences).
While the exact terms vary between OSS licences, the key difference between the two categories of licence is how subsequent amendments, improvements and adaptations of the open source software (or combinations of the open source software with other software) are licensed or restricted.
Permissive open source software licences
Permissive OSS licences usually only require that any distribution of the original open source software be on the same terms as those on which it was provided. Importantly, permissive licences permit a licensee to freely amend, adapt open source code and combine open source code with proprietary code without placing restrictions (or significant restrictions) on such amendments, adaptations or combinations (usually called “derivative works”) and how these derivative works can be licensed onwards.
Restrictive open source software licences
Restrictive OSS licences, on the other hand, go one step further than permissive licences, imposing licensing restrictions or requirements where the open source software is amended, adapted or combined with any other software (whether proprietary or open source) to produce a derivative work. While the provisions vary, restrictive OSS licences will (to a certain extent) apply to both the original open source software and any derivative works based upon it. This can be of key concern to organisations when using restrictive open source software alongside their proprietary software, as proprietary software could unintentionally be made subject to the open source licence.
Some examples
As a practical matter, when using open source software, a good starting point is to identify the OSS concerned and the licence terms under which it is made available and then to assess whether the licence attaches any particular terms which might pose a risk to your business. A leading OSS service provider publishes data in relation to trends in OSS usage under the most common OSS licences. The table below sets out the position based on the most recent data:
Top 10 open-source licences in 2016 and 2018
Licence | Permissive or restrictive? | 2016 (% of all open source licences) |
2018 (% of all open source licences) |
Change % |
MIT | Permissive | 25 | 26 | 1 |
Apache 2.0 | Permissive | 15 | 22 | 7 |
GPL 3.0 | Restrictive | 19 | 16 | -3 |
GPL 2.0 | Restrictive | 15 | 10 | -5 |
LGPL | Restrictive | 6 | 6 | 0 |
BSD 3 | Permissive | 6 | 5 | -1 |
Microsoft Public | Permissive | 5 | 3 | -2 |
BSD 2 | Permissive | 3 | 2.2 | -1 |
Eclipse 1.0 | Restrictive | 1 | 1 | 0 |
Zlib | Restrictive | 1 | 1 | 0 |
Software as a Service
Software as a Service (SaaS) is the term used to describe an arrangement in which software is hosted by a company and made available to users indirectly via a web browser. An example would be Dropbox where a user logs in via a portal to access and use the software provided for a subscription fee. There has been considerable controversy over whether the source code for OSS hosted by a SaaS provider must be made available to the users.
Under the wording of current OSS licences (except the GNU Affero General Public License (AGPL)), the hosting of OSS software by a SaaS provider would not appear to be a problem. Indeed, Section 0 of GPLv3 notes that mere interaction with a user through a computer network, with no transfer of a copy of a program, is not conveying and as a result, the obligations to publish source code may not be triggered. As a result, AGPL was created. It is a modified version of the ordinary GPL version 3, with one added requirement: if a modified AGPL program (or a derivative of it) runs on a server and users access it there, the server must also allow them to download the corresponding source code.
Final Thoughts
This blog is only a brief introduction to open source software and some legal issues to consider. Before supplying any software which contains OSS or, in some cases, before buying any software which contains OSS, understand how the supply or acquisition of the open source software may impact your business model is crucial. Generally speaking there has been a trend towards more permissive licencing in the last decade. Whilst encouraging, this should not prevent organisations from having a deeper look into the OSS licences they use.
EM law specialises in software technology law. Get in touch if you have any questions on the above.