Do you think that just because you use open-source software, you’re safe from compliance audits and licensing issues? Think again!

As much as we all love the benefits of using open source software, doing so still comes with a good amount of risk. Let’s be clear, open-source software does not have to be free. The essence of open source is you can access application source code, and not necessarily, use it for free.

Open-Source Software Licensing Benefits

So what are you paying for? First of all, most open-source software is accompanied by professional technical support, patches, and updates for the software. Also, the use of some open-source systems may (although it is rare) involve licensing fees for certain parts of the technology. For example, these may be required if you want to use the software for commercial purposes, as opposed to personal use. Often, open-source developers provide users with both free and paid versions.

Commercial vendors selling products, such as Red Hat and SUSE, have created a model where the software was available for free, but ongoing support including patches and updates are sold on a subscription basis. Embracing these subscription models allowed these companies and ones like them to monetize “free” software.

From its Linux heritage, SUSE builds open source solutions backed by superior support services. What most of the customers don’t know is that in the SUSE Subscription Offering Terms and Conditions, it states that a customer requires a Subscription to cover ALL acquired, installed, or deployed SUSE Products – which is called the ‘All or Nothing Rule’ in the software compliance world. This is where the issue arises as many customers think they only need to pay for what they are actively supporting; but later learn through a compliance audit, that they need support services on ALL of their deployed software instances. Perhaps they have an old application that runs just fine on a 3-year-old operating system, while they keep newer systems up to date. They’d still be expected to pay for the older server since they could theoretically use their subscription to upgrade it, even if not supported.

Red Hat, just like SUSE has a software compliance program that engages with its customers to provide licensing education and ensure the correct application of subscriptions. With IBM’s completed acquisition of Red Hat, it is unclear for customers on how compliance efforts will be affected, and how much influence IBM’s global audit practices will have on Red Hat’s program. Red Hat is the leading provider of enterprise open source solutions, including Linux. IBM has been supporting Linux and open source, but now has capabilities to build public/private/hybrid cloud environments for customers. From a licensing point of view, this means they will most likely focus on migrating customers to their cloud solutions or offerings, as part of customer audit settlements. Red Hat already has an active compliance program, and customers shouldn’t expect the company’s audit posturing to change as a result of the merger with IBM. With that said, companies can expect IBM and Red hat to make a bigger push on their cloud-related offerings to address some of the on-premise license findings identified during audits.

In addition, enterprises should be aware of changes to license models of any open-source software deployed for commercial purposes. In 2018, Oracle released a new subscription-based model for Java SE, and announced that starting January 2019, Java SE commercial users must purchase a subscription in order to receive important product updates. While there is still a no-charge option to satisfy the open-source aspect of the software, Oracle has applied new terms to certain types of usage that should be carefully reviewed to ensure you continue leveraging the technology in accordance with the vendor’s licensing policies. Changes to the way Oracle Java is licensed and supported should make customers more aware of possible non-compliance issues that can result from leveraging open source technology without proper license management controls.

As great as open-source software is, we need to be aware of its non-traditional licensing that could create surprise subscription or software costs. Does your company have any concerns about its open-source licensing environment or potential compliance exposure? Reach out to Connor today at info@connor-consulting.com, and let us help you minimize your licensing risk and optimize IT costs.