ALP: What are the ramifications of downloading source code from the Internet?

July 4, 2008

Obtaining source code, the instructions regarding the operation of computer programs, from the Internet can be a great shortcut for a programmer. But it may come with some traps for the unwary. Very few programmers publish their source code free of restrictions. In fact, many programmers follow the open source model by attaching one of the multitude of open source licenses available to their source code. Some of these licenses are viral which means that they could require a company to publish its proprietary codebase when open source code has been incorporated with or even communicates with their own codebase.

Most programmers don’t appreciate the legal niceties of open source licenses (even lawyers struggle with these!). This is like lighting a match near a powder keg. But, you can take measures to protect your codebase by creating a policy, educating your programmers and remediating your code.

First, develop a policy regarding if and how your company will treat open source code. This policy needs to be clearly communicated and followed in an integrated manner through all the levels of the company, from legal to management to the programmers themselves. Any vetting process must include your legal department because not all open source licenses are compatible.

Second, your programmers cannot have enough education on this subject. They need to be made aware of the dangers they are inviting by not following company procedures regarding open source.

Third, no matter how good your policy is or how much education you provide, there is still the possibility that open source code may work its way into your codebase. You can use a codescrubbing service to receive some assurance that your codebase is clean. There are a number of companies which provide these services (e.g., Blackduck, Olliance Group, OpenLogic and more). If you get a report back that is problematic,
you have the option of releasing code with the full knowledge of what you are getting into or removing the open source code which may trigger a viral license.

Ria Schalnat (Counsel/Cincinnati) is a patent attorney with a technology focus in telecommunications, billing, and other software-oriented inventions. Her practice includes prosecution, litigation, due diligence reviews and portfolio management. Prior to her legal career, she worked for several years as a programmer. Ria currently serves as President of the Cincinnati Intellectual Property Law Association (Cincy-IP) and is a member of the Intellectual Property Owners Subcommittee on Open Source.