Open source software generally ships with an associated license. If present, this license may be highly permissive to commercial use or may mandate the release of internal source code as a result of using the open source software package.
For example, we classify the
Apache 2.0 license as a
This license is permissive, with few or no restrictions. You may typically use and modify the existing source code provided that the original copyright information is left intact.
In contrast, we classify the GNU General Public License (GNU GPL) as a high risk license:
This license is highly restrictive and may pose a significant risk to commercial projects, including the possibility that you may be forced to release your software under the same license and royalty-free.
By leveraging existing open source software packages, you may be inadvertently agreeing to conditions that may prove difficult to adhere to in a commercial setting.
Licenses are broken down into three risk groups: low, medium, and high. The impact of the license risk will lower the package score commensurate to the impact it has on commercial viability.
On December 11, 2008, the Free Software Foundation (FSF) initiated a lawsuit against Cisco Systems claiming that their software was being distributed in violation of the GNU General Public License. This lawsuit resulted in a settlement between the two organizations and an undisclosed financial contribution to the FSF by Cisco Systems.
Updated 5 months ago