It is now commonplace for software to be made up of Open Source software, so prevalent that nearly 80-90% of modern software is made up of Open Source software. Open Source software can be found in everything from smartphone operating systems to cloud computing, self-driving cars, the Internet of Things and critical infrastructure such as the electricity grid.
There are many benefits to Open Source software. It is cost-effective, provides more transparency, there is no lock-in, increased security, reliability, and free access to the code, which means a faster time to market. However, benefits such as reliability and increased security are only realised if the Open Source software has a thriving community that supports and improves it.
Along with the benefits, there are several areas of concern as well. Too often, the focus on any software development is getting it to work. With so many development projects going awry, a successful implementation brings such euphoria that most companies get on with business and only revisit the software when something goes wrong. When Open Source code is used to develop the software, there are other reasons to be concerned.
According to the 2020 OSSRA Report, 99% of codebases audited in 2019 contained Open Source components. Of these codebases:
The OSSRA Report highlighted that some components were over ten years old, with the oldest being 22 years old.
Open Source code that developers use to develop software is only a benefit if supported and updated. It is important that companies monitor updates to Open Source components and implement patches and updates especially those related to security flaws as some of the biggest security breaches such as Heartbleed for example, have resulted from flaws in Open Source components. It is also crucial to ensure that licence conditions are reviewed and their impacts assessed, especially if companies intend to commercialise their software, as non-standard licence conditions could impact the valuation of the software.
Orbital Law has extensive experience reviewing and assessing legal risks related to use of Open Source software. If we can assist you in reviewing your licence terms, please get in touch.