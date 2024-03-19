What is an open source license?

An open source license outlines a set of terms and conditions for use of an open source component (or a snippet of a component’s code) in software, as well as end user obligations, including how it may be used and redistributed.

Most open source licenses fall into one of two categories. A “permissive” license allows use of the component with few restrictions. Generally, the main requirement of this type of license is to include attribution of the original code to the original developers. A “copyleft” license (also known as a viral license) generally includes a reciprocity obligation stating that modified and extended versions are released under the same terms and conditions as the original code, and that the source code containing changes must be provided upon request. In a general sense, most permissive licenses are considered low-risk from a compliance standpoint, while copyleft licenses can expose organizations to varying levels of IP and compliance risk.

It should be noted that terms such as “low-risk” are only a guideline and should not be used by developers to make decisions about using the open source governed by a license. For example, although Apache 2 software—generally considered to have a low-risk license—can be included in projects licensed under GNU General Public License 3.0 (GPLv3), GPLv3 software cannot be included in Apache projects. This is a result of Apache Software Foundation’s licensing philosophy and the GPLv3 authors’ interpretation of copyright law. Another example is the JSON license, based on the permissive MIT license, which adds the restriction that “the software shall be used for good, not evil.” The ambiguity of this statement leaves its meaning up to interpretation—and adds risk. Rather than trying to interpret often convoluted licensing language, the safest strategy is for developers to consult their corporate policies and legal teams for specific guidance regarding license compliance.