What is open source software (OSS)?
Open source software is code that’s made publicly available and can be used, modified, and distributed by anyone. It’s historically been a powerful resource for tech startups, enabling faster software development and innovation without the need to code everything from scratch. However, each OSS library comes with a license that governs use of that code — and not all licenses are created equal.
What are the risks?
While open source can be a key strategic tool for software-focused tech companies, using it without a clear understanding of license terms can create real legal and business risks. Some licenses, especially “copyleft” licenses like the GNU General Public License (GPL) and Affero General Public License (AGPL), may require you to disclose or open source your own proprietary code if it’s combined improperly with the OSS library. This can compromise your software’s intellectual property and create barriers in deals or product launches.
What are best practices for managing OSS?
It is best practice to implement a simple, easy-to-understand internal open source policy for your organization. Most policies prohibit the use of strong copyleft code unless explicitly approved by a designated management team, CTO, or other approver. Companies should also ensure developers maintain a clean, accurate inventory of all OSS libraries that are used in development and their associated licenses. There are a number of free, open source tools out there (e.g. Syft) that companies may use to generate a “software bill of materials” identifying any open source licenses.
Why does OSS compliance matter for funding or M&A?
Investors and potential acquirers will look closely at your Company’s OSS usage as part of technical due diligence. Poor documentation or risky license usage can slow down or even kill a deal. Demonstrating that your company tracks OSS carefully and follows responsible policies shows maturity, reduces IP risk, and makes your company more attractive for investment or acquisition.