This is the second of three posts (read Part 1 here) on the Worst IP Mistakes made in 2014 by some companies we spoke with last year.
I have written on this before but multiple questions about using open source code keep coming up with clients and in presentation question and answer. A couple of concepts are involved but at the root is copyright and the related licensing terms and conditions.
Open source code includes languages developed or code written by others that is made available for public use (for example, PHP language or RubyGems). As with other creations like books or music, the author or creator has IP rights when they develop the work and place it in a tangible medium. In the case of code, once it is written, that coder has copyright and therefore the ability to grant others permission to use the code.
I first became aware of this issue years ago when our application was coded in Ruby and our programmers were using RubyGems. I wondered how we were able to use these gems or snippets of code without paying anyone. Turns out that it is not the paying but rather the permissions to use.
The catch can be that not all available open source code is completely free and clear to use. The code itself most likely does not cost anything to use (unlike some photos or music where you pay a license fee to use for a certain period of time). However, there may be terms and conditions that make it “encumbered†or “tainted.â€
For example, the permissions might limit use to non-commercial applications – that can be very problematic if you are creating a product to sell. One attorney once mentioned some terms of use that limited the use to good not evil!
Also, attribution or copying over of the permission or copyright notice is common and should be adhered to without exception, otherwise you run the risk of copyright infringement.
What does this mean?
All open source code and any gems or libraries should be thoroughly checked out. By that I mean read the licenses; adhere to the permissions outlined for use; inventory the source and license; and always show proper attribution.
Blackduck or Palamida are services that are used after the fact to check code for proper use and attribution. Your potential investors, partners, and acquirers will most definitely wish to not only know you own your application but that you are properly using any open source code.
Start from day one and avoid expensive do-overs of your application.