FOSSA Logo
O
Licensing
Compliance
Legal
Open Source

Open Source License

Legal agreements that govern the use, modification, and distribution of open source software, balancing creators' rights with users' freedoms.

What is an Open Source License?

An open source license is a legal agreement that governs how software can be used, modified, and distributed, while granting users certain freedoms that are not typically available with proprietary software. These licenses allow the source code to be freely accessible, used, modified, and shared while establishing the terms and conditions under which these activities must occur.

Open source licenses provide the legal framework that enables collaborative development, shared innovation, and the broader open source ecosystem, defining both the permissions granted to users and the obligations they must fulfill.

Types of Open Source Licenses

Open source licenses generally fall into two main categories, with varying levels of restrictions and requirements:

Permissive Licenses

Permissive licenses impose minimal restrictions on the redistribution and use of the software, allowing nearly unlimited freedom to use, modify, and redistribute the code in both open source and proprietary projects.

MIT License

One of the most popular and shortest licenses, allowing users to do almost anything with the code as long as they include the original copyright notice and disclaimer.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software...

Apache License 2.0

A permissive license that also provides an express grant of patent rights from contributors to users and addresses other modern legal concerns.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

BSD Licenses

A family of permissive licenses originating from the Berkeley Software Distribution, with variations differing in the number of clauses they contain (2-Clause, 3-Clause).

Redistribution and use in source and binary forms, with or without modification, are permitted provided that...

Copyleft Licenses

Copyleft licenses require that derivative works be distributed under the same or compatible license terms, ensuring that modifications remain open source.

GNU General Public License (GPL)

A strong copyleft license that requires derivative works to be distributed under the same license terms, ensuring code remains open.

  • GPLv2: The second version of the GPL, still widely used
  • GPLv3: Updated to address patent rights, license compatibility, and to close loopholes
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License...

GNU Lesser General Public License (LGPL)

A weaker copyleft license that allows linking the licensed code with proprietary software without requiring the proprietary code to be open-sourced.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License...

Mozilla Public License 2.0 (MPL)

A "weak copyleft" license that requires source code modifications to be available under the same license but allows the code to be combined with proprietary code.

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.

Key Concepts in Open Source Licensing

Copyleft

The principle that derivative works must maintain the same freedoms present in the original work, often by requiring the same license be used.

License Compatibility

The ability to combine code under different licenses without violating the terms of either license. Incompatibilities can create legal barriers to code reuse.

Derivative Work

A new work based upon an original work, such as a modification or extension. License obligations often hinge on what constitutes a derivative work.

Patent Grants

Explicit permissions in some licenses (like Apache 2.0) that grant patent rights to users, protecting against patent litigation from contributors.

Attribution Requirements

Most open source licenses require retaining copyright notices and attribution to original authors when redistributing the code.

Open Source Licenses in the Software Supply Chain

License Identification

Properly identifying the licenses of all components in a software supply chain is crucial for compliance. This can be challenging due to:

  • Multiple licenses within a single project
  • Lack of clear license information
  • License conflicts between dependencies

License Scanning

Tools and techniques to automatically detect and identify licenses in source code and binary artifacts.

License Compatibility Analysis

Determining whether the licenses of different components can legally coexist in a single application.

License Obligations Management

Tracking and fulfilling the requirements imposed by each license, such as:

  • Including license text
  • Providing attribution
  • Making source code available
  • Documenting changes

Common License Compliance Challenges

Dependency License Tracking

Modern applications often include hundreds or thousands of dependencies, each with its own license terms.

License Violations

Common unintentional violations include:

  • Failing to include required notices
  • Mixing incompatible licenses
  • Not providing source code when required
  • Removing copyright notices

Proprietary and Open Source Mixing

Understanding when and how proprietary code can legally interact with open source components.

Contributor License Agreements (CLAs)

Agreements that clarify the intellectual property rights of contributions to open source projects.

Tools for Open Source License Management

  • FOSSA: License compliance and vulnerability management platform
  • Black Duck: Open source security and license compliance solution
  • REUSE: Initiative to make license identification easier and more consistent
  • ScanCode Toolkit: Open source scanning tool for detecting licenses
  • ClearlyDefined: Community-driven project to clarify component license data
  • SPDX: Standard format for communicating software bill of materials information

Best Practices for Open Source License Management

  1. Establish a License Policy: Define which licenses are acceptable for your organization
  2. Inventory All Components: Maintain a comprehensive list of all open source components
  3. Automate License Detection: Implement scanning tools in development and CI/CD pipelines
  4. License Compatibility Analysis: Ensure all licenses work together legally
  5. Fulfill License Obligations: Properly attribute and provide notices as required
  6. Document Compliance: Maintain records of compliance efforts
  7. Developer Education: Train developers on license implications
  8. Review Before Release: Verify license compliance before distributing software
  9. Monitor License Changes: Track license changes in dependencies
  10. Legal Review: Involve legal counsel for high-risk or unclear situations

Related Terms

License Compliance

Ensuring that software usage, distribution, and modification adhere to the legal requirements and obligations specified in software licenses and agreements.