Dealing with Patents in Software Licenses
Many members of the Open Source community oppose software patents. Software patents, they say, hinder the advancement of software art, and as such, counter the beneficial effects of open and published source code. The risk of infringing a copyright is much less than the risk of infringing a patent. You can avoid infringing a copyright by employing good clean-room practices and writing your own independent version of copyrighted software. On the other hand, a software patent can stop you from making, using or selling the patented invention, even if you didn't copy the inventor's software. This means that you may not be able to avoid infringing a patent no matter how careful you are. Someone you never even heard of can inform you that he or she has a patent and, if you cannot invent around that patented invention, your open-source project may be stopped dead in its tracks.
Like them or not, however, software patents are a reality. Software patents have been blessed repeatedly by Congress and the courts, and by the laws of many other countries. Given this reality, it is important to understand the implications of patents for software licenses so that you can select a license that meets your philosophy and goals.
Consider, from the viewpoint of a licensee of open-source software, three kinds of patents: 1) patents owned by the software licensor, 2) patents owned by third parties and 3) patents owned by the licensee or by the licensee's downstream sublicensees.
Licensor patents: suppose you took a license for some open-source software and then discovered that the licensor has a patent on that software that was not included in the license grant. Without a license to that patent, you could not make, use or sell the software. Whenever I review a software license for a licensee, I make sure there is an express grant “under claims of patents now or hereafter owned or controlled by licensor, to make, use, sell, offer for sale, have made, and/or otherwise dispose of licensed software or portions thereof.” Many open-source licenses, including the BSD license, contain no such provision. In those cases, a patent license may be implied, but I don't recommend relying on an implied license. Wherever possible, make sure you have an explicit license to any necessary patents held by the licensor.
Third-party patents: a software licensor may not be aware of all patents that apply to its software. Some third party suddenly may announce that it owns a patent that covers some aspects of the software. As a licensee of infringing software, you may have to stop using the software despite the license. To deal with this situation, proprietary-software licenses often include an indemnity clause, by which the software licensor indemnifies its licensees against third-party patent claims, promising to refund license fees, provide non-infringing versions of the software or obtain licenses to third-party patents, if third-party patents come to light. But open-source licenses usually don't contain indemnity clauses because licensors of open-source software usually do not collect license fees sufficient to cover the potential costs of the indemnification. So, for most open-source software, the license is “as is” without any warranty of non-infringement. Open-source licensees beware! The risk of third-party patents is usually borne by the licensee.
Licensee patents: the issue of licensee patents is much more subtle than with licensor and third-party patents. Licensors often include so-called “patent retaliation” clauses in their licenses to prevent licensees from using patents offensively against the licensor. Because this issue evokes strong feelings that justify careful discussion, I'm saving that topic for its own column next month.
Whatever your philosophy about software patents, it is important to understand the ways that patents can affect software licenses. It is not enough just to say “I don't like software patents.” Whether you out-license your software to others, or you in-license other's software for your own use, you should make sure that the license fairly expresses your own philosophy and goals relating to patents.
Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide