Very interesting article explaining the risks of using OSS in commercial software (typically closed-source):
http://sdtimes.com/open-source-commercial-software-development-handle-care/
http://sdtimes.com/open-source-commercial-software-development-handle-care/
Quoting:
"licenses fit into two major categories: Permissive and Copyleft. With Permissive licenses, there are few terms and conditions. With Copyleft licenses, the terms and conditions tend to be more stringent and bind any derivative work to the same terms and conditions."
(...)
"Mitigate Your Legal Risk
You can mitigate your risks by following some key steps. Some best practices:
"licenses fit into two major categories: Permissive and Copyleft. With Permissive licenses, there are few terms and conditions. With Copyleft licenses, the terms and conditions tend to be more stringent and bind any derivative work to the same terms and conditions."
(...)
"Mitigate Your Legal Risk
You can mitigate your risks by following some key steps. Some best practices:
- Track all third party software included in your distribution and the license type, and keep it up to date. Consider each addition carefully, examining the risks and the benefits. Be sure to republish the license text of each work (and subwork), particularly if you are distributing object code only.
- For Apache works, be sure to republish a copy of the Apache license, together with a prominent notice on any modified files that you have changed the files.
- Consider the use of any GPL work in a closed source application very carefully. If your application can be considered and extension of the GPL work, you may be required to disclose your source. Seek counsel if your rights are in doubt.
- Is the project supported by a specific group of developers and is there a thriving community dedicated to delivering a quality application? Or, is the software built by a single developer as a part-time project?
- Are contributions well vetted and under CLA? Consider the effort and expense of replacing the software should you encounter any issues. Can it be swapped out easily, or is it intimately entangled with your application? Consider the value of the contribution when compared to self-developed or commercial alternatives. Could you benefit from vendor engagement and professional support?"