The appeal of free and open source software is undeniable -- after all, who doesn't want to take advantage of OPM (other people's money) to develop a finished software product or platform that would otherwise require long lead times, dedicated programming resources, and significant cost?
Indeed, judging by the explosive growth of free, open source software (FOSS) initiatives, organizations are lining up like followers of the pied piper to take advantage of products they did not have to pay to develop, which can be put to use immediately. Or at least as soon as the in-house developers get a handle on the code base and customize the package for the company's needs.
And did someone mention perhaps the need to see if there are any maintenance costs, license restrictions, security risks, or if the adoption of open source code could have any impact on the company's intellectual property? Hidden costs, licensing issues, and other risks can create unexpected roadblocks for commercial enterprises.
Perception vs. reality: "Free" and "open" -- with a few strings attached
The business case for open source software at first blush can seem compelling. Finding an open source application that seems to closely match a company's needs can be a little like discovering hidden treasure, and some jump in with few questions asked. But the reality is that the "free" part of FOSS often ends up meaning just "free to download," as the costs to actually deploy the application or platform may in fact be substantial. And "open" is subject to interpretation, under seemingly simple licensing terms that may turn out to be difficult to interpret legally.
The overarching concept for the mainstream open source licensing model is to allow the free use, modification and redistribution of source code developed (or modified) under the license, so long as any derivative works are released under the same license, with the same notices, rights and access to the source code. The Open Source Initiative (OSI), a California non-profit advocacy group for open source software, has established specific requirements that it maintains must be met for compliance with the industry-supported Open Source Definition (OSD).
A number of licenses have been approved by the OSI under its licensing review process. These include familiar names and acronyms such as BSD, Apache, CPAL, GPL, MIT and many others. Yet there are an untold number of licenses that have not been approved under the OSI licensing review process, either due to non-compliance with the OSD, or perhaps simply because the vendor does not subscribe to the approval process. In any case, licensing terms vary considerably from license to license. Some software vendors playing fast and loose with the rules have slapped an "open source" label on software that in fact turns out to be a "free to download and use" version of proprietary software that cannot be altered or distributed. It's all in the licensing fine print, and this is where the first important tenet of open source risk management comes into play.
1. Understand the license and any restrictions