Why GPL still gives enterprises the jitters

Though open source is a way of life in many companies, the GPL still inspires hesitancy -- for surprising reasons

Open source has gone from a curiosity in the enterprise to a welcome and valuable addition. It's not just invaluable to enterprise IT; it's also a philosophy that's changed software and IT.

But enterprises must still determine which open source licenses enterprises they're most comfortable with. By and large, the GPL license and its cousins still give enterprises pause, but perhaps not for the expected reasons.

Typically, the problem with the GPL software license is its reciprocity. Any software that's derived from software licensed under the GPL and released for public consumption must also be GPL-licensed, and it must have the source code readily available.

Phil Odence, vice president and general manager at Black Duck Software, noted that the days of merely accepting open source licenses is over and open source is now seen commonly as a strategic advantage over competitors. But "there are specific licenses that do cause concern," and "reciprocal licenses like GPL certainly raise more of a flag than the more permissive ones."

The biggest corporate issues with the GPL, he claims, involve companies with intellectual property they closely guard, since the GPL requires "derivative works be licensed under GPL, thus potentially exposing proprietary [intellectual property]."

How that intellectual property gets exposed is the wider issue.

"With the rise of mobility," Odence explained, "more and more enterprises, in all kinds of industries, have become distributors of software and in that scenario businesses are concerned with reciprocal license. The new and growing breed of reciprocal licenses that trigger obligations on network use (like the AGPL) are of broader concern in enterprises. "

Jay Lyman, an analyst with 451 Research, also noted that "legal and [intellectual property] issues [around open source] are pretty common" in companies, with the GPL again cited as a sticking point. "We typically see organizations focusing on some licenses that they approve for internal users or in products and licenses they do not support or condone. This is often the GPL, which is considered less permissive than other popular open source licenses, such as Apache Public License or Eclipse Public License."

The requirements of the GPL, compared to a more permissive license, "are still perceived and truly are in some cases more onerous to the user," said Lyman, "especially if it's a large enterprise that has high sensitivity around intellectual property, both others' and its own."

Whether these perceptions about the GPL and AGPL are in line with reality is another story, though. In theory, complying with the terms of the GPL and AGPL have been eased with a gamut of software tools and services, and most of the lawsuits over the GPL have been aimed at hardware companies who abuse GPL licensing. But perceptions of the difficulty of compliance or its risks can be as big a stumbling block as the actual risks themselves.

Saïd Ziouani, CEO of Ansible, providers of an open source automation and orchestration solution, also noted how these perceptions are typically largest in a company's legal department. "Anything that looks like risk to an enterprise lawyer can be a barrier for enterprise adoption," he said.

Ziouani also concurred with how perceptions of the GPL's risks have contributed to a move away from the GPL in many environments. "All open source licenses have some risk," he said, "but it's becoming clear that projects licensed under the GPL and other copyleft licenses are perceived as having higher risk. People are choosing to license their projects under the GPL less and less as a result of this risk."

On the other hand, using the GPL is better than no license at all. Odence has noted that software with no identifiable license attached with it -- a side effect of the rise of GitHub -- is also a risk. "At least with GPL or AGPL," he pointed out, "you know what you are dealing with."

This story, "Why GPL still gives enterprises the jitters," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies