If you operate a software based business you are likely using some open source code in your software. There really is nothing wrong with that, as it is really common now (and probably a best practice). But what is your process to review and track this code, and the associated license terms? Well, here are 3 thoughts from a software licensing lawyer that may help.
1) Written Policy. Think through (a) what situations makes sense for your company to use open source code (maybe with functionality that is not core to your offering), and (b) what type of licenses you will allow and won’t (maybe try to avoid GPL licenses if you distribute your code to your customers). For example, you may allow licenses which only require notice (i.e. attribution) that the code is distributed with yours. Oh yea, don’t forget to write this down in a policy and let all your developers know about it.
See below for an example of attribution.
2) Tracking Process. Tracking where you use the open source code and the associated license terms is critical, and I suggest very easy to do (along the way at least). Your process could be as simple as a spreadsheet with the name of the open source code, listing of which of your products (and versions) it is included with, any requirements of that license, and a copy of the license agreement. This tracking process is super simple if you implement it along the way, and really hard to re-create if you have to do it years later when someone (an acquiror or the CEO) needs to know what open source code is embedded in your product.
3) Annual Review. While many people overlook this, whoever is in charge of your open source process/policy (and I suggest you have one person in charge who owns this policy), should annually review that your developers (including any developers that are actually contract developers) are aware of and follow your policy.
Look I could make this a lot more complicated, but I find that most small software companies need at least these three basics requirements and not the 25 page open source policy.
This is for informational and educational purposes only, and does not constitute legal advice. Contact your attorney for legal advice, which should be provided after review of the facts and applicable law.