Time for an Open Source Audit?

By Daniel Nikolin

What is Open Source Software?

Open source software (OSS) is software whose source code is freely available for modification or enhancement by the general public. This is in contrast to proprietary software which generally contains source code that can only be modified by the person, team or organisation who created it and maintains exclusive control over it. Most commercial-off-the-shelf software, such as Microsoft Word or Adobe Photoshop, is proprietary software. OSS is different in that its authors make the source code freely available to anyone who wishes to view the code, copy it or improve it by making modifications to the programming language.

How does OSS get onto my IT system?

Given that open source code is freely available and is constantly being reviewed and updated by contributors in the open source community, it is commonly used by programmers as a cost effective and reliable resource in writing or modifying software. Although open source licence terms often specify what is and is not permissible, there is a lot of scope for inadvertent error and/or deliberate misuse. For example, a contributor to an open source project may include material that is rightfully the property of his employer without permission. Other than copyright notices and references to licence terms in the comments to the code, it is often difficult to identify various bits of code once they are incorporated into a larger work. Moreover, there is no guarantee that there will be any notices, as the authors may not have included any or they may have been removed by other contributors.      

Where to begin...

A good starting point for any organisation is to identify if any open source elements are embedded in their software assets. If so, the next steps are to identify which licences attach and understand any applicable rights and restrictions. PwC Legal conducts open source audits for this very purpose and develops strategies to assist businesses in their use of OSS.

Why does my company need an OSS Audit?

Potential IPO or Merger/Acquisition

IPOs, mergers and acquisitions - and the associated due diligence – are often time consuming exercises that stretch company resources. PwC Legal’s open source audits can help buy-side clients and sellers identify OSS code embedded in software, and provide a comprehensive overview of the license terms, risks and obligations. If you are required to provide warranties regarding your company’s use of OSS, we can help you make accurate and complete disclosure.       

Compliance, Commercialisation and Risk Mitigation

Although it is freely available, OSS is not shareware or public domain software; the original authors retain significant rights and the use of OSS is subject to often onerous legal terms. Our lawyers can provide you with the information your business requires around your use, distribution, ownership, modification and sub-licencing to ensure that your products and licences are not compromised. Safeguarding your IP rights can be of particular importance if code of uncertain origins has been incorporated into company products which could result in copyright infringement or require your business to issue copyright or patent licences on demand.

Internal Policy and Governance

Once an audit is complete, we can assist you to use the results to formulate an open source usage policy or update an existing one based on industry best practice and tailored to the specific needs of your business. We can also help to formulate ongoing governance processes to ensure that appropriate measures are implemented and aligned to your overall business strategy to ensure your business remains compliant.