Open source · Licensing

Can I use Open Source Software in my product?

Sri Vemulpali Member of Technical Staff at Riverbed Technology

June 10th, 2013

I have very pressing concern in regard to using open source software in my product.

I am developing a telecom product, that will go in to service providers tier-1 network. I have this dilemma, whether to integrate open source software licensed under Apache or Eclipse in to my product. I know if software is licensed under BSD or MIT they are free to use. How about Apache and Eclipse. Does anyone integrate open source software in to their products.

Products that are sold are different from providing services. In service oriented product development, we can use any open source software under any license as long as we are not distributing it as object or selling in product form.

Anyone has deeper knowledge of concerns or issues to be wary of?

Matthew Cordasco Co-founder and Head of Product

June 10th, 2013

Two points to share:
1) Get legal advice to understand the nuances of the different licenses perfectly.  I can't emphasize this enough.

2) Chances are that when your licenses will really get examined is before an acquisition or funding event.  Depending on the sophistication of buyer/ funder this could range from light diligence to an "enhanced pedigree."   

"Enhanced pedigree" implies that not only the license of your open source software, but the licenses of the software that it is based on or modules included within it..and the licenses of the software that is based on, etc..  Sometimes digging several layers deep uncovers an unfavorable license which will require remediation before moving forward.   

These can often go un-declared in software and only turn up when scanned by a tool like BlackDuck.  I have had people try to talk down the price of acquisition based on some sticky licenses buried deep in my software...

It's great that you are asking the questions now, and I definitely think taking time to do it right up front will pay off in the long run.

good luck.


Sridhar Alla Big Data Architect, Engineer, Trainer and Agile practitioner

June 10th, 2013

Yes, apache and eclipse licensing is not gpl or even lgpl. And i have used them in the past verified by a professional consultant. Note: do not use lgpl or gpl without detailed analysis. If you want advise ping me. Regards, Sridhar Cto, On Jun 10, 2013 11:04 AM, "Sri Ram K Vemulpali"

Sridhar Alla Big Data Architect, Engineer, Trainer and Agile practitioner

June 10th, 2013

Marty is right. I put all licenses as individual files in the build install kit and also mentioned them in eula. Bill is right about gpl. Unless you pay a license fee or get a letter from the developers , do not use gpl. Lgpl allows binaries to be used but you cant modify code or include source code directly. Email the developers to make sure. Sridhar On Jun 10, 2013 11:24 AM, "Bill Snapper"

Bill Snapper Owner Principal at SammyCO, LLC

June 10th, 2013

I've used open source in commercial products.  It is legal but you need to understand the different licensing options out there.  I was fortunate to work for a venture backed startup that had an attorney give us an education on the licensing models at that time, what the restrictions were of each, and how you needed to advertise the components you use in your product where required.

GPL was, at the time, the one we tried to steer clear of as we were doing some proprietary software and didn't want to have to release the source code to our product when integrating.

This is not a hard problem and has been solved by lots of others.  Just make sure you're well educated on the licenses you want to use and make sure you track what you're using (i.e. versions, libraries, etc).

Sridhar Alla Big Data Architect, Engineer, Trainer and Agile practitioner

June 10th, 2013

usually when a company makes something opensource, they dont remove it outright rather they launch a commercial version with more features. Tenable which commercialized Nessus Datastax & cassandra Cloudera & hadoop although there is no 100% answer i can give from my experience, a company which makes something open source cannot sue you unless you violate the license agreement. plus, If they are big enough they might just buy your company :) i really believe that court will rule in your favor if something like that happens as the company has to prove that it still owns everything in the software and doesnt have a single byte of open source contribution. regards, sridhar

Asaf Barkan CEO at SkyFormation

June 11th, 2013

There is a company name WhiteSource ( which tackle the open source risk aspects for ISVs. Feel free to send direct questions to their CEO Rami Sass at I am sure he could further advice and help you. He got heads-up already... Good luck. Asaf

Marty O'Brien Portfolio & Risk Analytics Research and Validation at Bloomberg LP

June 10th, 2013

Hi Sri, See, particularly questions 15-17. In general, you are free to incorporate Eclipse into a propietary product, but you need to provide some information about it in your own license.

Michael Barnathan

June 10th, 2013

From the Wikipedia article:

"The Apache License is widely, but not universally, considered permissive in that it does not require a derivative work of the software, or modifications to the original, to be distributed using the same license (unlike copyleft licenses - see comparison). It still requires application of the same license to all unmodified parts and, in every licensed file, any original copyright, patent, trademark, and attribution notices in redistributed code must be preserved (excluding notices that do not pertain to any part of the derivative works); and, in every licensed file changed, a notification must be added stating that changes have been made to that file."

So if the terms you're worried about are GPL-style "share alike" provisions for derivative works, it sounds like you're safe.

Jonathan Bond-Caron

June 11th, 2013

Sri, it really depends on your future plans. For company backed open-source, I like to look at how frequent they update the source code, that tends to indicate if they plan on maintaining it regularly. Sometimes companies 'dump' projects as open-source because they decided to go in a different direction and most likely it won't be maintained in 5 years. In general, use open source to accelerate your development time, but always develop your own source code to what you think is 'core' / competitive advantage to your competitors. For telecom, that might be consumer focused features instead of optimizing the network stack.

Toan Do Director, National Security Programs at Red Hat

June 10th, 2013

I am in the open-space software world (from the provider side of the house) and its perfectly acceptable to use Open Source in your product.  Just know that you will have one hell of a time supporting it once deployed in terms of upgrades to the OS project and what the end-user wants.

For instance you use Apache project X  version 1.2 in an OEM model.  Customer buys your product and later on the Apache project is upgrade to 2.2.  You customer has a problem, good luck getting support for v 1.2 once later versions of the OS project is upgrade.

Happy to discuss.