Due to the widespread use of OSS, it is important that businesses are aware of the potential pitfalls inherent in their software. Some of the key issues for consideration with regard to using OSS are set out below.
If OSS is included in software, depending on the particular licence terms, there may be a requirement to publish the source code for the software as a whole, free of charge. This principle applies to all so-called ‘restrictive’ OSS licences such as the GNU GPL. Businesses should seek confirmation from software developers that no restrictive OSS is incorporated in their software.
If software is underpinned by OSS, businesses may be exposed to known vulnerabilities.
Due to OSS being freely available, hackers may be able to identify vulnerabilities in the OSS and then exploit those weaknesses for their own means, such as stealing data. This happened to Equifax in 2017 where the personal details of 143 million people were exposed due to their use of Apache Struts.
Additionally, security updates for OSS are not pushed to users as they are created. Instead, it is up to businesses and developers to stay on top of upgrades and fixes - something which will be very difficult to do if the visibility of the OSS used in the software is limited.
Third party intellectual property rights
Many OSS licences are made available without any warranties or guarantees as to intellectual property rights. This means that the OSS could infringe intellectual property rights owned by third parties.
If infringing material contained in the OSS is combined with software, a business may find itself facing a claim for infringement of third party intellectual property rights.
Many OSS providers do not offer a dedicated support service which can cause issues if a fix is required.
Members of the community contributing to the code base may decide to create new versions of the OSS and stop providing support for older versions. If an older version of the OSS is used to underpin modified software, businesses may suffer reliability and robustness issues if the older OSS ceases to be maintained.
If you have an enquiry about OSS, please do not hesitate to get in touch with your main contact or Jack Shreeve direct.
This article is from the December 2019 issue of Upload, our newsletter for professional with an interest in technology. To download the latest issue, please visit the newsletter section of our website.
To keep up-to-date with the latest news, legal updates and seminar information, please register and select the areas that are of interest to you.