- Open source is often entangled with IP rights such as copyright, trade secrets, trademarks, and patents
- It crucial to identify open source components and subcomponents as well as the licences they carry
- The OpenChain Project is an international community of companies, dedicated to optimising compliance
Imagine finding out that 90% of the software in your products is not yours but only licensed in as third-party IP. As soon as you start reading the agreements, you realise some of them contain terms you are not familiar with or have never even heard of before, such as “source code”, “binary”, “object code”, and “system libraries”. Moreover, you cannot find basic contractual provisions such as “governing law” or “jurisdiction” in the agreements. These agreements (and there are hundreds of them) are all different, non-negotiable, ‘take-it-or-leave-it’ standard template licences.
After this unsettling discovery, your journey may look something like this: Firstly, you tell yourself that the above cannot be true (denial). Later on, you rightly become angry: “Surely someone must be responsible for this”. So, you take the elevator down to the software development team to read them the riot act (anger). Once there, you beg them – please! – stop bringing in all this third-party IP under these strange software licences (bargaining). If you are not outright laughed out of the room, they will reply that this is not going to happen if the company wants to continue to ship any products at all. You go back to your office, perhaps passing by the coffee machine, dejectedly thinking that “at least the coffee machine people do not have to deal with this issue” (depression). You would be wrong though, since the coffee machine uses the same kind of third-party IP under the same kind of licences as whatever product your company develops. Hopefully, you will eventually come out on the other side, realising that you must manage this strange third-party IP dependency. You just need to be smart about it and come up with the right tools, processes, and strategies to do so (acceptance)! We are here of course talking about open source, and you have just passed the five stages of - open source - grief.
The term ‘open source’ refers to software available under an open source licence, usually royalty free distribution, use and modification. Most of the applications that run in our smartphone or computer contain some open source. Even things we do not think about as being particularly “open”, such as our smart washing machines, our home automation systems, or for that matter, parts of the telecom infrastructure equipment handled by carriers, are built upon open source software. In fact, we guarantee that you are using open source software for reading this article right now. Companies face major dependencies on third-party IP because of using open source in their products. The reason is that, regardless of the industry they are active in, there are few products or value chains that do not incorporate any software elements. For this reason, open source, more often than not, is entangled with IP rights such as copyright, trade secrets, trademarks, and patents.
Consequently, to succeed in the market, companies must address their open source dependency, not only from a technology, security and trade compliance perspectives, but also as an IP management issue. Surprisingly, few companies are well prepared for this.
Against this background, this article describes the significance of open source management in the context of IP management. We would like to introduce you to the OpenChain Specification 2.1 (ISO/IEC 5230:2020) on open source licence compliance, and the benefits of implementing such a programme within the framework of your existing IP management.