Insight: Best Practices for Leveraging Open Source Software and Mitigating Their Risks | Morgan lewis
Across all industries, open source software forms the basis for a significant number of applications, with open source components per commercial application having more than six-fold in the past five years. With this growing importance, it is critical that businesses understand the license risk and compliance issues associated with managing open source software. If managed well, businesses can reap the many benefits of leveraging open source software, from its low cost to the speed at which it can be deployed, among other benefits.
Below are some best practices to consider when trying to get the most out of open source software.
- Establish an open source policy and internal processes to implement it.
- Review and approve usage requests and track usage of open source software.
- Keep accurate records.
- Involve legal and developer organizations – buy-in from both organizations is necessary to be successful.
- Develop a training program for developers on the safe use of open source software.
- Create a system for people to submit requests to use open source software and ensure that the scope of approval of the request is limited for this purpose.
- Set up separate exam tracks for different types of uses or licenses; for example, strictly internal uses of unmodified open source software or open source software used in distributed code.
- Consider developing an expedited approval process for the use of a limited set of licenses or uses. Re-evaluate these processes if use changes.
- Remember that the use of open source code can be audited through inspection or code review tools.
For more on this topic, including recent trends and developments, check out the Morgan Lewis IP Academy series overview, Open Source Software: Risks and Rewards.