It is 2:00 am. A tired software developer is trying to meet an early deadline for a new piece of code for you, and he knows that he won’t make the deadline if he codes the next module himself. What does he do? Perhaps he goes to a web-based source code repository (such as SourceForge or a similar site) and downloads an open-source version of the module, which is subject to an open source software license. He meets the deadline, but never tells you what he has done. What are the implications for proprietary intellectual property from the unintentional inclusion of such Open Source Software (“OSS”) code in the company’s software?
Merely by inclusion of OSS code in your software, depending upon the terms of the particular OSS license, the entire software package may be alleged to fall under the OSS license, which in extreme cases significantly impacts ownership and control over the code, security and patent rights.
The Best Practice for companies that write and use code is to adopt an OSS strategy, adopt an OSS policy, require all employees and contractors who write code to sign the OSS policy, and conduct periodic OSS audits on all mission critical code to confirm that the policy is being followed.