Open source software components have become an integral element of the software industry, with almost every codebase containing open source code. At the same time, source code is protected as intellectual property. In the European Union, computer programmes are protected under copyright law as literary works. This means the rights to software generally lie with the software developer and third parties may use such rights only when granted to them, for example, when they are licensed, as is the case with open source components. When incorporating open source components into proprietary software, it is thus essential to ensure that you have the necessary rights to use your code as you intend to use it.

Permissive vs Copyleft licences

Open source software can generally be divided into two categories: permissive licences and copyleft licences.

  • Permissive licences focus on the licensees’ freedom to use, modify and redistribute, while also permitting proprietary derivative works.

Permissive licences allow the licensee to determine the licence conditions for works they create with the help of the open source software components. Often, the main – and the only – requirements consist of retaining the information concerning the author and their copyright notice. Software programmes which include components licensed under permissive licences can thus be generally freely distributed and sold as proprietary software. Permissive licences are thus preferred by companies and developers looking to commercialise their products.

Examples of permissive open source licence include the MIT Licence, the BSD 2-clause Licence and the Apache Licence.

  • Copyleft licences focus on the free accessibility of the source code and generally come with an obligation to distribute derivative works under the same terms as the copyleft licence.

This means software programmes which include components licensed under copyleft licences must generally carry the same licence terms as the copyleft open source software component. Strong copyleft licences are often called “viral licences” because the copyleft clause generates a “viral effect” that extends to any additional code that is incorporated with the original copyleft code.

Examples of copyleft open source licences include the GNU General Public Licence and Mozilla Public Licence.

Which open source licences should you use?

Open source software compliance is often overlooked when distributing proprietary software involving open source components. Noncompliance with open source software licences can obstruct commercialisation of proprietary software and hinder investments. Open source software requirements are often neglected in the early phases of software development when compliance is especially important as components incorporated early on can become essential and inseparable parts of the final product. It is thus crucial to properly document the development process to understand which open source components have been used under which licenses.

At the same time, open source software licences work differently from conventional licences. Open source software licences must fit the use case of the software programme in which the component is being used and at the same time be compliant with other open source software licences applicable to the software programme. For example, permissive licences are best suited for commercial projects where you want to protect your code. Copyleft licenses are best suited for collaborative projects where you want to make it as easy as possible for others to use your code.

The following table includes a general overview of popular open source licences and their characteristics, and should be helpful when deciding on which open source strategy to adopt.

In a nutshell, in order not to risk open source non-compliance:

  • Understand the purpose of your project
  • Create a licensing strategy taking into account that purpose
  • Know what’s in your codebase and document the open source components and applicable licenses
  • Stick with licences suited for your use case; this generally means:
    • permissive licences for commercial proprietary projects
    • copyleft licences for collaborative projects

Happy coding!