The State Services Commission’s IT branch has produced a guide to help government agencies minimise the legal risks of losing part of their intellectual property, or being accused of misusing someone else’s, when rolling out open source solutions.
“There is no reason why agencies should not consider open source software on the same basis as commercial software,” says the guide’s introduction “Agencies should base their decisions on the overall merits of the software concerned. [However], this means weighing the unique legal risks of open source software together with the usual factors such as cost, functionality, interoperability and security.”
Problems, says the guide, centre on the “infectiousness” of open source licenses, most of which require that any modified version of the software carry the same open licence conditions as the original product. This may lead to the inadvertent release of confidential in-house developed code.
Potential users are warned they should “only use open source licences that have been legally reviewed, including the GPL, LGPL, CAL, MBSD, MIT, which … are recommended by SSC for use in accordance with this guide.”
It describes each licence type and spells out the precautions that should be taken with software, typically by “quarantining” it within a restricted group of users.
Performance and intellectual property warranties should be obtained from the supplier of the open source software, “where appropriate and available,” the guide says.
It advocates care with contractors who may use open source software in developing applications for a government agency.
The agency should either exclude open source-based development or, after considering the risks, “include specific contractual provisions in the development contract to ensure the proposed use of open source software is appropriate.”
The guide warns of the risk that open source software may contain code in breach of a third party’s intellectual property rights.”The absence of warranties and indemnities in most open source licences means the licensee bears this risk. This can be contrasted with the protection usually available under commercial software licences.” The SSC publication comes in the same week as a major seminar for government agencies on open source, the second to be organised by the government information managers’ forum Govis.