What is Open Source Compliance?
When you use someone else’s open source software, you receive it from them under an open source license. At its core, “open source compliance” refers to making sure that when you use, modify or redistribute someone else’s open source software, you’re doing so in compliance with the terms of the applicable licenses.
What do all these terms like “inbound licenses” and “weak copyleft” and “attribution notices” mean?
Take a look at our Compliance Dictionary for a very basic look at some common terms regarding open source license compliance.
If you’re looking for a deeper dive, check out our free Compliance Basics for Developers training course.
What does an Open Source Compliance process look like?
From a high-level view, an open source compliance process typically looks like the following:
The amount of time and effort that you, your organization or your project put into each step may vary, depending on your priorities and focus on compliance. There are also a wide variety of tools and processes that can assist with open source compliance. However, most open source compliance activities include some form of each of these steps.
Our detailed compliance process page provides more information about each of these steps, and how they can help provide a framework for enabling you to comply with obligations under free and open source software licenses.
I work on an open source project. Do I need to care about Open Source Compliance?
If your project makes use of anyone else’s open source software, or if you build on top of any pre-existing projects, or if you accept contributions from anyone else, then it’s worth paying attention to compliance with open source licenses.
Complying with an open source license is the only thing that the authors of other open source projects request, in exchange for providing you with software and with the freedoms to use, learn from, modify and redistribute that software. Even setting aside any legal responsibilities under license requirements, taking steps towards complying with those licenses is also a way to respect the time and efforts put into the software you’re building upon.
Even in the situation where you are writing open source software entirely from scratch, there are small steps you can take to make it easier for others to comply with your open source license. Doing so shows project maturity, and helps to enable others to build on top of your project more easily — and to grow the ecosystem by doing so.
I work for a company writing proprietary software. Do I need to care about Open Source Compliance?
It is increasingly rare for proprietary software to exist in a vacuum. Open source software is so widespread that it is found in virtually any software stack, including operating systems, development tools, libraries, and applications. Your “proprietary” software almost certainly makes use of, or is built with or on top of, a broad ecosystem of open source software — and its corresponding open source licenses.
Understanding those licenses, and complying with them, is essential if you are going to be making use of any third party’s open source software. Your company’s legal compliance requirements, as well as the demands of your customers, necessitate that you know what third party open source your product or service makes use of, and that your use is within the requirements of the applicable licenses.