How to Manage Open Source for Your Startup

If you had the opportunity to read my previous post ‘FOSS Principles Explained’ and have used open source software before, you understand not only its impact on the hi-tech and other industries, but also the integral role it plays for your start-up.

Aside from its range of benefits, open source software also imposes certain restrictions and obligations on its ‘users’ and requires (usually more than other licenses), management and legal attention.

So how can you better manage your open source?

  1. Document, record, reference
    Common open source licenses require that reference or attribution is given to your usage of open source libraries in or next to your software or service.The most practical way to do this is to designate a place within your application, website, or software’s terms of service/use, to list the open source components, provide their licenses, and advise if you have made any changes to them.  Everything should also be hyperlinked for better access.See below how Google (on Android) and Dropbox (in its mobile app) do it:google
  1. Repositories
    Use public repositories like Github to store your open source.  These can be updated and be made accessible to the public.   In combination with the specific references described under item #1 above, you should cover the majority of demands outlined in the majority of common open source licenses.
  1. Copyleft licenses
    It’s too large of a task to have a lawyer or open source expert review and approve every time you use an open source.  You should, however, be familiar with at least the names of most of the copyleft licenses that impose the most restrictive terms, so that you can flag these to your counsel and seek its advice and approval.
  1. In-house management
    In addition to a public list of open source licenses, you should also manage an elaborated in-house list, which should contain at least the following:

    • Name of the library
    • Version of the library
    • Open source license to which the library is subject, including its version
    • Is it distributed? How?
    • Did you make any modifications to the open source library? If so which?
    • How it is being used? For what purpose?
    • How it works with your proprietary software, is it linked or just distributed alongside? If it is linked – how? Is it static or dynamic linking?

    Having such a database in place helps you manage your open source more sufficiently, ensures your start-up is better prepared for any due diligence, and also lowers the likelihood of your company breaching any open source license. Most importantly, it gives you control.

  1. Open source policy
    Your start-up will most likely encompass policies outlining sexual harassment, data security, etc.  These generally list the do’s and don’ts expected from your start-up’s employees and service providers in a variety of fields (sometimes incorporated into an ‘employee handbook’).  You should also have a similar open source policy in place.Your employees are obligated – by the terms of their employment agreement – to read and obey all policy provisions, and an open source policy is no different.  It should state that each open source component your employees uses should be documented and go through a set of approvals by your managers and, if necessary, your legal counsel.The policy should also describe the authorization process and provide the applicable tools (mostly forms) for the submission of open source approval request. In this regard, a start-up or a small company must also act as a corporation.