While boosting tech innovation across many sectors, the use of open-source software has driven the need for better governance in businesses to protect their valuable patent estates and ability to commercialise products, according to in-house counsel.
Sources at Benevolent AI, Ericsson and a bank say that the growing popularity of open source has raised the danger of businesses or individual engineers unwittingly incorporating seemingly free technologies into lucrative products.
They add that companies or employees can sometimes be unaware of the restrictions and obligations set out by open-source software licences, and how they could ultimately undermine the value of costly patent estates by forcing the business to license an invention for free.
“The common worry is that you will spend millions of dollars on patents for a new product only to build it with open source software that compels you to give away the invention to the entire world,” says the global head of IP at a bank.
He adds that he does not like the term ‘open’ because it implies that the resource is entirely free to use and not owned. “And that is not entirely true, so you have to be careful,” he says.
These risks could prove particularly problematic for traditionally non-tech-focused firms that are exploring the open source space because of the convergence of technologies in certain lucrative products.
One such industry might be the automotive sector because of its focus on autonomous vehicles. Jimmy Ahlberg, IPR and open source policy manager at Ericsson in Sweden, a top driverless car-tech patent holder, says that automotive patent attorneys and risk and compliance managers could be in for a challenge.
“Automotive is starting to realise that software is really everything, and for them to adapt to a software setting and open source world is likely to be an eye opener for them.”
He adds that the industry is in a good starting position because it is used to dealing with complex supply chains. But he points out that software supply chains are quite different because they require businesses to know that they can use the open source software in a compliant manner and not just whether they have the right to use it.
Other industries managing a convergence of technologies in their products, including medical devices, might similarly find it difficult to adapt to open source risks.
Sources point out that the risks of using open source are unlikely to dissuade businesses from using the resource because of its usefulness in driving innovation and buttressing reputation in the developer community. The trick is to be aware of the licences attached to publicly available technologies and how those might affect what a business intends on doing with those technologies.
Gareth Jones, vice president of IP at AI invention discovery firm Benevolent AI in the UK, explains that if a company is planning on developing commercial products that would rely on a GNU General Public Licence (GPL), the business needs to consider what the implications would be if it carelessly took out a more restrictive licence.
“Lawyers have traditionally been scared of open source, and that is a sensible approach to a point,” he says. “If you have not considered the consequences, you may end up with a problem scenario.”
He adds that those working with open source must understand the related licence obligations – and that the right behaviours can be encouraged among engineers with training on the proper structures and processes.
Open source technology is becoming an increasingly popular way for large and small businesses to strengthen their software development without spending large sums of money on licences. The resource is particularly popular with start-ups that might not have the resources necessary to build software products by themselves. In an interview with Managing IP last year, the general counsel of smartphone-only bank Monzo at the time pointed out that most of his company’s technology could not be patented because it was based on open-source software. Despite that fact, the company is now valued at more than $1 billion.
Open governance tips
The in-house counsel from Ericsson, Benevolent AI and the bank say that effective open source governance is all about education, embedding processes into development and tracking.
Ahlberg at Ericsson points out that monitoring open source use without governance is a challenge because managers cannot be expected to look over the shoulders of every one of their developers. His engineers pass new code through a program that evaluates it for risk and, if it passes muster, records the software.
He adds that the program promotes the re-use of pre-approved code and keeps track of the software version, when it was brought in and under what licence.
“Engineers can find what they need in that repository most of the time – and when they cannot, they can submit a new piece of code for evaluation,” he says.
“In that way, we have a fairly good knowledge of what we bring in and how it can be used by the company.”
Jones at Benevolent AI adds that controls should be flexible and adaptable so not to completely restrict engineers from using open source while making sure that company interests are covered.
The level of governance needed, he adds, should depend on the type of business and the complexity of the software it uses. If a business is light on software development, it could track software used by having engineers submit requests.
Another option, he says, is to have a blanket approval guide that sets out rules on which licences can be used for which purpose.
“Having those pre-defined guidelines could make software development more efficient by allowing engineers to easily look up already approved licences,” he says.
Businesses could also choose to automate the governance process through software that will flag up code that does not comply with the company’s open source policy.
“That is good for large companies with a large software development resource – but it comes at a cost.”
Open source is a fantastic resource for tech-focused companies, but it can be the killer of hard fought-for or expensive patents surrounding lucrative products. More and more businesses need to have the right processes to manage this resource, and those should be tailored to the firm’s code development capacity.
