3 Things You Need in Your Open Source Policy!

Jeremy Aber

December 22, 2010

If you operate a software based business and you are seeking growth capital or a venture capital investment, you are likely using some third-party code with your software. There is nothing wrong with utilizing these third-party codes, for it is very common now (and probably a best practice too). But what is your process to review and track this code and the associated license terms (remember I am an attorney)? Well, here are 3 thoughts that may help:

1) Written Policy. Think through (a) when it makes sense for your company to use open source code (maybe with functionality that is not core to your offering), and (b) what types of licenses you will allow and won’t (maybe try to avoid GPL licenses if you distribute your code to your customers). For example, you may allow licenses which only require attribution/notice. Oh yeah, don’t forget to write this up and communicate it to all your developers (and contractor developers). See below for an example of attribution wording:

2) Tracking Process. It’s critical to track where you use the open source code and the associated license terms and thankfully it’s very easy to do. Your process could look as simple as a spreadsheet with the name of the open source code, a listing of your products (and version) with which it is included, any requirements of that license, and a copy of the license agreement. This tracking process is super simple if you implement it along the way, and really hard to re-create if you need to do it years later when someone (an acquirer or your CEO) wants to know what open source code is embedded in your product. 
3) Annual Audit. While many people overlook this, whoever is in charge of your open source process (and I suggest you have one person in charge who owns this policy) should annually review what your developers (including any developers who are actually contract developers) know and follow your policy. 
I could make this a lot more complicated, but I find that a software company looking at its company exit strategy needs at least these three basics steps and not necessarily the 25 page open source policy. 
Great, Detailed Article on Developing an Open Source Policy. 
Some Thoughts from a Microsoft Attorney on Creating an Open Source Policy

Disclaimer: This is not intended to serve as legal advice. It is provided for educational and informational purposes only.

President and Shareholder

<strong>Jeremy Aber</strong> consults OpenView portfolio companies on legal and contract matters. Jeremy runs his own IT focused law firm, the <a href="http://www.aberlawfirm.com/">Aber Law Firm</a>, and has over 18 years experience in technology and corporate law.