Steve Ballmer, Microsoft’s former CEO, infamously described open source software (OSS) as a “cancer that attaches itself in an intellectual property sense to everything it touches” and “viral”, that last one is almost surprising.
In truth, Ballmer was not talking about open source software, but was instead referring to open source licensing — specifically, the fact that popular OSS operating system Linux is licensed under the GNU General Public License (GPL) which, If you’re into keeping your source code a secret, is a definite “No.” Here’s why:
There are two major types of open source licenses — permissive and copyleft
While both types are fine for commercial use, only permissive licenses allow their source code and modifications to remain proprietary. With a permissive license, the only requirement is to attribute the original author, usually in a licenses page on your website or in a help file. Everything else is do-what-you-want. Popular permissive licenses include Apache, MIT, BSD and Mozilla.
On the other hand, copyleft and the GPL are philosophically opposed to proprietary source code. Not only must you release the full source code of any GPL library you use, you must also release all modifications, even if proprietary, as open source. Any software you link to a GPL library must also be open-sourced, meaning if you use even a single GPL-licensed library to build an otherwise massive proprietary application, you are legally obligated to make the entire software’s source code publicly available. Yikes!
While the Lesser GNU General Public License (LGPL) is not as restrictive, I still recommend being careful about its use. For most proprietary applications, permissive licenses are desired, especially since using copyleft licenses and then hiding your source code anyway can lead to issues, as in big … trouble. Here are two recent battles.
- Oracle vs. Google. Google uses Java APIs in Android. Oracle claims APIs – which are just endpoint descriptions – are covered under copyright laws and are suing Google. The differences between APIs and implementations are unaddressed by most software licenses, and how this will affect OSS depends on what happens next in court.
- VMware and Versata. VMware’s proprietary Esx (bare-metal hypervisor) is allegedly using Linux source in its implementation. The Software Freedom Conservancy is suing VMware for its source code, claiming using Linux source makes ESX fall under the GPL. Versata’s DCM (Distribution Channel Management) was reverse engineered by Ameriprise, who was using the product at the time. Versata sued, but Ameriprise has counter-sued, alleging Versata links to a GPL library, making the entire product legally open source.
All cases are currently pending. The outcomes will decide the future of the GPL, both in terms of its scope (APIs vs Implementations) and its enforce-ability.
If you don’t want to hire an IP lawyer just to find out if it’s legally permissible to reverse engineer your application, stick with Apache, MIT, BSD, Mozilla or another permissive OSS license. Here’s a list of popular software and frameworks and their licenses:
| Software | Type | Website | License | Permissive? |
| ASP.NET | Web Application Framework | asp.net | Microsoft EULA | Yes |
| jQuery | JavaScript Library | jquery.com | MIT | Yes |
| Bootstrap | CSS and Web UI Library | getbootstrap.com | Apache | Yes |
| Ruby on Rails | Web Application Framework | rubyonrails.org | MIT | Yes |
| Linux | Operating System | linux.com | GPLv2+ | No |
| Node.js | Web Application Framework | nodejs.org | MIT | Yes |
| JBoss | Enterprise Application Platform | jboss.com | GPL | No |
| Glassfish | Java EE Reference Implementation | glassfish.java.net | GPL | No |
| Docker | Software Deployment / Virtualization Container | docker.com | Apache 2.0 | Yes |
| Apache Cordova | Cross-platform Native Mobile APIs | cordova.apache.org | Apache 2.0 | Yes |
| Apache Hadoop | Big Data Platform | hadoop.apache.org | Apache 2.0 | Yes |
| WordPress | CMS, Web Platform | wordpress.org | GPLv2+ | No |
| Drupal | CMS, Web Platform | drupal.org | GPLv2+ | No |
| ReactJS | View-pattern / Architecture for Web Applications | facebook.github.io/react | BSD | Yes |
| PHP | Server-side Language | PHP.net | PHP License | Yes |
As you can see, there are plenty of open source projects to choose from. Most of what you use today is probably under a permissive license, meaning it’s free for both non-proprietary and proprietary use. Some projects, such as WordPress, Drupal and Linux view themselves as fundamentally large “community efforts” and do not permit proprietary revisions to their code. You retain ownership of your content, however.
Overall, it’s an easy choice. If your source code is proprietary, avoid copyleft and GPL. Instead, go with Apache, MIT, Mozilla, or BSD.
