Open source · Licensing

Can I use Open Source Software in my product?

Sri Vemulpali Member of Technical Staff at Riverbed Technology

June 10th, 2013

I have very pressing concern in regard to using open source software in my product.

I am developing a telecom product, that will go in to service providers tier-1 network. I have this dilemma, whether to integrate open source software licensed under Apache or Eclipse in to my product. I know if software is licensed under BSD or MIT they are free to use. How about Apache and Eclipse. Does anyone integrate open source software in to their products.

Products that are sold are different from providing services. In service oriented product development, we can use any open source software under any license as long as we are not distributing it as object or selling in product form.

Anyone has deeper knowledge of concerns or issues to be wary of?

Matthew Cordasco Co-founder and Head of Product

June 10th, 2013

Two points to share:
1) Get legal advice to understand the nuances of the different licenses perfectly.  I can't emphasize this enough.

2) Chances are that when your licenses will really get examined is before an acquisition or funding event.  Depending on the sophistication of buyer/ funder this could range from light diligence to an "enhanced pedigree."   

"Enhanced pedigree" implies that not only the license of your open source software, but the licenses of the software that it is based on or modules included within it..and the licenses of the software that is based on, etc..  Sometimes digging several layers deep uncovers an unfavorable license which will require remediation before moving forward.   

These can often go un-declared in software and only turn up when scanned by a tool like BlackDuck.  I have had people try to talk down the price of acquisition based on some sticky licenses buried deep in my software...

It's great that you are asking the questions now, and I definitely think taking time to do it right up front will pay off in the long run.

good luck.

Matthew
MyCrowd.com




Toan Do Director, National Security Programs at Red Hat

June 10th, 2013

I am in the open-space software world (from the provider side of the house) and its perfectly acceptable to use Open Source in your product.  Just know that you will have one hell of a time supporting it once deployed in terms of upgrades to the OS project and what the end-user wants.

For instance you use Apache project X  version 1.2 in an OEM model.  Customer buys your product and later on the Apache project is upgrade to 2.2.  You customer has a problem, good luck getting support for v 1.2 once later versions of the OS project is upgrade.

Happy to discuss.

Sridhar Alla Big Data Architect, Engineer, Trainer and Agile practitioner

June 10th, 2013

Yes, apache and eclipse licensing is not gpl or even lgpl. And i have used them in the past verified by a professional consultant. Note: do not use lgpl or gpl without detailed analysis. If you want advise ping me. Regards, Sridhar Cto, techlok.com On Jun 10, 2013 11:04 AM, "Sri Ram K Vemulpali"

Marty O'Brien Portfolio & Risk Analytics Research and Validation at Bloomberg LP

June 10th, 2013

Hi Sri, See http://www.eclipse.com/legal/eplfaq.php, particularly questions 15-17. In general, you are free to incorporate Eclipse into a propietary product, but you need to provide some information about it in your own license.

Bill Snapper Owner Principal at SammyCO, LLC

June 10th, 2013

I've used open source in commercial products.  It is legal but you need to understand the different licensing options out there.  I was fortunate to work for a venture backed startup that had an attorney give us an education on the licensing models at that time, what the restrictions were of each, and how you needed to advertise the components you use in your product where required.

GPL was, at the time, the one we tried to steer clear of as we were doing some proprietary software and didn't want to have to release the source code to our product when integrating.

This is not a hard problem and has been solved by lots of others.  Just make sure you're well educated on the licenses you want to use and make sure you track what you're using (i.e. versions, libraries, etc).

Sridhar Alla Big Data Architect, Engineer, Trainer and Agile practitioner

June 10th, 2013

Marty is right. I put all licenses as individual files in the build install kit and also mentioned them in eula. Bill is right about gpl. Unless you pay a license fee or get a letter from the developers , do not use gpl. Lgpl allows binaries to be used but you cant modify code or include source code directly. Email the developers to make sure. Sridhar Techlok.com On Jun 10, 2013 11:24 AM, "Bill Snapper"

Michael Barnathan

June 10th, 2013

From the Wikipedia article:

"The Apache License is widely, but not universally, considered permissive in that it does not require a derivative work of the software, or modifications to the original, to be distributed using the same license (unlike copyleft licenses - see comparison). It still requires application of the same license to all unmodified parts and, in every licensed file, any original copyright, patent, trademark, and attribution notices in redistributed code must be preserved (excluding notices that do not pertain to any part of the derivative works); and, in every licensed file changed, a notification must be added stating that changes have been made to that file."

So if the terms you're worried about are GPL-style "share alike" provisions for derivative works, it sounds like you're safe.

Jonathan Bond-Caron

June 10th, 2013

Apache is the best license because it gives protection against patents and rights for commercial use.

MIT & BSD are the most permissive for commercial use.

But be careful of MIT & BSD, telecom companies/competitors could sue your customers for patent infringement & consequently you as the service provider. 

Make sure your contracts are well drafted that you are service provider are not liable for claims of patent infringement to your customers if you plan on using BSD or MIT source code. 

Gaurav Garg

June 10th, 2013

Sri, Based on my past experience, there are two things that you need to remember w.r.t. the open source package: 1. Pricing - If you are deploying any open source, you can not charge your customers for the open source packages (e.g. Apache or MySQL). You can charge for services related to the installation and you can charge for the code that you have developed (your IP) on top of the open sources. While creating the bill of material, you will clarify the charges. 2. Patents - while creating the patent application, you will need to distinguish between your application and the open source packages you are using. Ideally, your patent attorney will be able to guide you on this topic. Example: I built a product for the NIH using LAM + J2EE stack. There is no problem deploying the code in production. We just clarify that the there in no license fee for the OS (Linux), Apache, MySQL or J2EE; the license fees is for the application that we have developed. We will charge the customer for using and supporting our application. Hope this simplifies the problem at hand. Regards, Gaurav

Istvan Jonyer VC at NexStar Partners

June 10th, 2013

Sri, Google does this extensively and I dealt with these issues with our legal team there. I'd be happy to get on the phone and point you in the right direction about legal and technical challenges. It's a bit lengthy to explain in email though. Istvan