What should my company know about open source?

A “cheat sheet” for entrepreneurs, lawyers, and engineers.

Do we need an open source policy?

You have a policy, whether it is written down or not. It could range from “no open source at all” to “anything goes.” The question is: does anyone follow it? Is it sensible for your business? Written policies are useful to communicate your expectations about use of open source in your organization, particularly to outsourced developers or engineers in subsidiaries and affiliates, whom you may not see every day.

My company doesn’t use open source. Why should I care about it?

You are wrong. Your company uses open source. You just don’t know it yet. See question #1 about your policy.

Should my engineers contribute to open source projects on their own time?

It’s likely they are already doing so, but they may need help understanding whether they are encumbering your intellectual property rights or complying with your expectations. Some companies don’t allow their engineers to contribute, but there can be a downside to that. The top engineers will want to contribute, and by contributing, you may be able to set the direction of open source projects so they will meet your needs.

I heard the GPL isn’t enforceable. Is it OK to violate it?

That’s wrong, and no.

I read the GPL and don’t understand it. Help!

That’s OK, most people don’t. You can’t understand it very well by reading it on its face. (Otherwise there would not be many long FAQs about it on the FSF web site.) Most questions about the meaning of GPL have straightforward answers, but if you are asking, for instance, what is a “derivative work,” or what is “distribution,” you probably need expert help.

Using open source seems complicated? Is it worth it?

It’s not as complicated as you might think.  With a sensible policy and a little training, you can handle most questions on an engineering level, and escalate only the exceptions to a legal resource. Open source licensing works better for some software than other software. The market seems to think it worthwhile — most companies use it.