SlideShare a Scribd company logo

Top Open Source Licenses Explained

WhiteSource
WhiteSource

Open source licenses are legal contracts that permit software use under certain conditions, allowing for commercial applications while maintaining the author's rights. They are categorized as either copyleft or permissive, with over 200 licenses available, including popular ones like GPL and Apache. The document details important aspects of these licenses, including terms, obligations, and differences between major licenses like GPLv2, GPLv3, and Microsoft Public License.

Technology
1 of 58
Downloaded 61 times
1
2
Most read
3
Most read
4
5
Most read
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Top Open Source Licenses Explained
What are open source licenses? An open source license is a legal and binding contract between the author and the user declaring that the software can be used in commercial applications in certain conditions. The license is what turns plain old software components into open source components, and allows users to use that software as long as they keep to the specific terms and conditions as laid out in the license.
The legal side of open source licensing • Software is considered as a work of art in the eyes of the law • There is a legal obligation to receive approval from the author who has copyrights on the software in order to use it • Each open source license states what users are permitted to do with the software components. • There are over 200 open source licenses. • The Open Source Initiative (OSI) put together a list of a little bit over 80 approved licenses, best suited for commercial use. • Open source licenses can be divided into two main categories: Copyleft and Permissive.
Open source license use breakdown in 2018 Apache 2.0, 22% GPL 3.0, 16% GPL 2.0, 10% LGPL 2.1, 6% BSD 3, 5% Microsoft Public, 3% BSD 2, 2% Eclipse 1.0, 1% Zlib, 1% other, 8%
5 Copyleft vs. Permissive Permissive: Guarantees the freedom to use, modify, and redistribute, while also permitting proprietary derivative works Copyleft If you are using a component with this kind of open source license, then you too must make your code open for use by others as well.
Permissive open source licenses continue to trend Up 56% 64% 30% 35% 40% 45% 50% 55% 60% 65% 70% 2017 2018 Permissive Licenses % Permissive Licenses %
Permissive apache 2.0 license shook things up in 2017 15% 21% 22% 0% 5% 10% 15% 20% 25% Apache 2.0 usage over the years 2016 2017 2018
The slow decline of copyleft licensing • The GPL license, the most used copyleft license, serves as a good example o fthat trend 19% 14% 6% 18% 11% 6% 16% 10% 6% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% GPL 3.0 GPL 2.0 LGPL 2.1 GNU GPL Usage Over the Years 2016 2017 2018
Top questions & answers for the top open source licenses
GNU GPL License
GPL - Facts • The most popular open source license • It is a copyleft license • Created by Richard Stallman • Any software that uses any GPL open source component (regardless of its percentage in the entire code) is required to release its full source code and all of the rights to modify and distribute the entire code.
Top 3 GPL license questions & answers
What are the GPL terms and conditions? If you have used a GPL component in your software, then your entire software is considered a ‘work based on’ GPL, and therefore: • You are not allowed to claim patents or copyright on the software. Moreover, you are obligated to display a copyright notice, disclaimer of warranty, intact GPL notices, and a copy of the GPL. • You are not allowed to change the license or introduce additional terms and conditions. • You are under the reciprocity obligation, which means you are obligated to release the source code and all of the rights to modify and distribute the entire code.
Is GPL enforceable? GPL is enforceable as it’s essentially a copyright license. The copyright holders of the GPL software can choose to enforce the GPL on the distributed or derivative works of the software. For example, the FSF holds the copyrights on many pieces of the GNU system, such as the GNU Compiler Collection. As the copyright holder, it can enforce the copyleft requirements of the GNU General Public License (GPL) if copyright infringement occurs on that software.
What is the difference between the GPLv2 and the GPLv3? There has always been some confusion regarding what constitutes a ‘work based on’ another work, which in turn triggers the GPL reciprocity obligation. • The FSF tried to add more clarity to GPLv3 as to when the reciprocity obligation is triggered. The FSF even wrote a new GPL license, the Affero license, to address a specific confusion referred to as the “ASP loophole”. • In addition, the FSF tried to increase the compatibility of the GPLv3 with other licenses. To combine two codes into a larger work, both the programs must permit it. If such rights are granted by both the programs' licenses, they are compatible. By making the GPLv3 more compatible, the FSF expanded development options.
What is the difference between the GPLv2 and the GPLv3? • The third difference between the two versions is that the GPLv3 was written in an attempt to increase usage worldwide. The language used in GPLv3 to describe the license rights was modified to ensure that international laws will interpret it as the FSF intended, unlike the language used in GPLv2, which is considered very US centric. GPLv3 also allows developers to add local disclaimers, which also helps increasing its usage outside the US.
GNU GPL with Classpath Exception
Top 3 GPL with Classpath Exception questions & answers
What is the GNU Classpath exception? • The GNU GPL requires that every work based on the program – that is, every derivative of the original program or any modifications one introduces to it – be subject to the GPL. As such, it may cover your original code if you combined it with a GPL module. • The classpath exception permits linking a GPL library with an independent module (“which is not derived from or based on the library“), without subjecting the resulting program to the GPL. The independent module can obviously be your own proprietary program. Therefore, the classpath exception enables to use GPL’ed license components in a certain way without risking the integrity of your Intellectual Property.
What is the GNU Classpath Exception? • Further, the resulting executable can be copied and redistributed under a license of your choice – as long as you meet the terms and conditions that govern the existing modules you’re using. • Essentially, the classpath exception protects you from having to release your project under the GNU license, if you link to a GPL with classpath exception library— thereby protecting you from having to publically open your entire source code.
How should I link a GPL with classpath exception components to my software? You can either link the modules statically or dynamically. The GNU GPL classpath exception permits both methods.
Do I have to extend the Classpath Exception downstream? • If you use the GPL library as is, then you must. However, if you modify the GPL with classpath exception library, you may choose whether to extend the exception to your modified library. This is not compulsory. If you don’t want to extend the exception, you don’t have to include the exception statement in your modified library.
Apache License
Apache - Facts • Released by the Apache Software Foundation (ASF) It is a copyleft license • A popular and widely deployed permissive license • Allows you to freely use, modify, and distribute any Apache licensed product.
Top 3 Apache License questions & answers
What are the Apache License terms and conditions? • The Apache License is a permissive open source software license — so you can release your modified version of the Apache-licensed product under any license of your choice. You can freely use, modify, distribute and sell a software licensed under this license without worrying about its use: personal, internal or commercial. • This license explicitly grants rights to users that can be applied to both copyrights and patents, unlike other permissive licenses that are applicable only to copyrights and not patents. The rights given are perpetual, worldwide, irrevocable, but also non-exclusive — so you can use the licensed work, and so can anyone else. • If you redistribute software with any Apache licensed components, you must include a copy of the license, provide a clear Apache License attribution, and add modification notices to all the files that you modify.
What are the Apache License terms and conditions? • You can choose to release the modified or derived products under different licenses, the unmodified parts of the software, however, must retain the Apache License, and you cannot name your modified version in any way that suggests that the final product is endorsed or created by the ASF. • Additionally, if you want to add a copyright statement about all the modifications that you’ve done to any Apache licensed software; you are free to do so. Since the Apache License doesn’t require you to release the modified code under the same license, you can choose to add specific license terms and conditions that govern how others use, reproduce, or distribute your modified code.
What is the difference between the different versions? • The Apache Group (later named the Apache Software Foundation) released the first version of its license in 1995, but it’s rare that you’ll come across components that still carry this license. • In 2000, when Berkeley accepted the argument put to it by the Free Software Foundation and retired their advertising clause from the BSD license and formed the modified BSD license, Apache did likewise and created the Apache License version 1.1. • Removing the advertising clause meant that the advertising materials of the derivative works of any Apache licensed product were no longer required to include the Apache License attribution. It became ok to include the attribution in the documentation alone. • In 2004, the ASF decided to depart from the BSD model a little more radically and produced the Apache License version 2.0 by granting patents rights and defining solid definitions of the concepts it uses to make it more coherent.
What is the difference between the Apache License 2.0 and the GNU GPL? The GNU GPL is a copyleft license. So software that uses any GPL-licensed component has to release its full source code and all rights to modify and distribute the entire code. The Apache License 2.0 doesn’t impose any such terms. You’re not forced to release your modified version. Besides, you can choose to release your modified version under a different license (however, you’re required to retain the Apache License for the unmodified parts of the code).
Microsoft Public Licenses (Ms-PL)
Ms-PL - Facts The Microsoft Public License is a free and open source software license released by Microsoft, which wrote it for its projects that were released as open source.
Top 3 Ms-PL questions & answers
What are the Microsoft Public License (Ms-PL) terms and conditions? • You are free to reproduce and distribute original or derivative works of any software licensed under the Ms-PL license. However, you may not use any contributors' name, logo, or trademarks when you do so. The Ms-PL protects the authors by explicitly not offering any express warranties or guarantees for using your code, so the author is not liable if the code doesn’t work well in some cases. • When you distribute software (or its portion) under the Ms-PL, you’re not required to distribute its source code. You may do so if you want to, but you’re not obliged. • However, you’re required to: Retain all copyright, patent, trademark, and attribution notices that are originally present in the software.
What are the Microsoft Public License (Ms-PL) terms and conditions? Additionally, if you distribute any portion of the software in its source code form, you may do so only under the Ms-PL by including a complete copy of this license with your distribution. If you distribute any portion of the software in its compiled or object code form, you may only do so under any other license that complies with the Ms-PL. It is important to note that the Ms-PL terms and conditions document is very short, concise and written in a very coherent language. Microsoft wanted to be very clear and direct with the open source community, which also helps adoption rate (as we know from the BSD license).
Is Microsoft Public License (Ms-PL) considered copyleft? A Copyleft license offers the right to distribute modified and derivative versions of a program, provided that the same rights and freedoms are preserved for downstream recipients of those modifications and derivatives. When you distribute MsPL’ed software or its portion in its source code form, you may only do so under the Ms-PL license. When you distribute the Ms-PL’ed software in compiled or object code form, the Ms- PL license lets you do so only under “a license that complies with” the Ms- PL.
Is Microsoft Public License (Ms-PL) considered copyleft? Hence, the Copyleft effect of Ms-PL is clear when choosing to distribute source code version of the modified or derivative Ms-PL software. It seems that when distributing compiled or object code versions of modified or derivative Ms-PL software, the same rights and freedoms need not be passed through to downstream recipients, even though the Ms-PL text is not entirely clear on this point. This interpretation is supported by Microsoft, the steward of Ms-PL, who maintains that one may distribute compiled or object code versions of Ms-PL’ed software under terms of his or her choosing, which must not grant downstream recipients more rights (but can grant them less rights) to the Ms-PL’ed software than are granted to that person.
What is the difference between Microsoft Public License (Ms-PL) and the Microsoft Reciprocal License (Ms- RL)? The Ms-RL license is a copyleft license that is more restrictive than the Ms-PL. It allows you to modify and distribute any Ms-RL’ed component as long as the modified source files are included and licensed under the Ms- RL. However, you can license the other files of the software, which are entirely your own work, under any other compatible license you may choose.
Berkeley Software Distribution (BSD)
BSD - Facts BSD Licenses or the original BSD License and its two variants - the Modified BSD License (3-clause), and the Simplified BSD License/FreeBSD License (2-clause) are a family of permissive free software licenses.
Top 3 BSD License questions & answers
What are the terms and conditions of the BSD Licenses? • The BSD License lets you freely modify and distribute your software’s code in the source or binary format as long as you retain a copy of the copyright notice, list of conditions, and the disclaimer. • The original BSD License or the 4-clause BSD License also contains an advertising clause and a non-endorsement clause (detailed explanation about these clauses are offered in the following questions). The modified BSD License or the 3-clause BSD License was formed by removing the advertising clause from the original BSD License. Further, the FreeBSD version or the 2-clause BSD License was formed by removing the non-endorsement clause from the modified BSD License or the 3-clause BSD License.
What is the difference between the original 4-clause BSD License and the Modified 3-clause BSD License? • The advertising clause from the original BSD License requires users to acknowledge the original authors of any used BSD-licensed components in all advertising materials mentioning features or use of their software. This clause was criticized for several reasons. It also made the original BSD License incompatible with the GNU GPL. • Basically the BSD License authors expected developers to include the following acknowledgment in their copyright notices.
What is the difference between the original 4-clause BSD License and the Modified 3-clause BSD License? • However, due to misunderstanding the license (and even with malice intention, in some cases), developers started replacing the above acknowledgment text by adding their own or their organizations’ names. • This led to situations where developers were required to list too many attributions, each corresponding to a used BSD-licensed component in their software. • Following the feedback, in 1999, the advertising clause that appears in the original BSD License was removed to create the Modified 3-clause BSD License.
What is the difference between the Modified 3-clause BSD License and Simplified 2-clause BSD License? • The Simplified 2-clause BSD License further toned down the 3-clause BSD License by removing the non-endorsement clause. This clause ensured that users could not make it sound like their software was endorsed by any of the acknowledged developers or organizations. • It also introduced a disclaimer about views and opinions expressed in the software to be those of the authors and not of the FreeBSD project.
Common Development and Distribution License (CDDL)
CDDL - Facts • published by Sun Microsystems to replace the Sun Public License (SPL). • The CDDL • The license is considered by Sun (now Oracle) to be SPL version 2 and It is inspired by the Mozilla Public License (MPL). • CDDL is often dubbed as a cleaned up version of the MPL and is made to facilitate reusability.
Top 3 CDDL License questions & answers
What are the Common Development and Distribution License (CDDL) terms and conditions? • You’re free to reproduce and distribute any original or derivative works of any software licensed under the CDDL. However, you must not remove or make any changes to any copyright, patent or trademark notices contained in the software. You must also retain any notices of licensing or any descriptive text giving attribution to any contributor or the initial developer. • When you distribute your software in an executable form (any form other than source code), you are required to make the source code available as well under the CDDL. The executable form may be released under the CDDL or any CDDL compatible licenses.
What are the Common Development and Distribution License (CDDL) terms and conditions? • The source code that you have to make available includes your contributions as long as they are an addition to, deletion from or modification of the contents of a file containing the original software – or new files that contain parts of the original program. That means that if your additions are made in separate and independent files that do not contain the original code, you do not have to release it under the CDDL. You may do that if you choose to, but you’re not obliged. • In addition, you must include a copy of the CDDL with any source code that you distribute. For each modification that you make, you must identify yourself as the modifier by including a notice in your modified files.
Is the CDDL considered copyleft? • The CDDL is considered a weak copyleft license. A copyleft license, like the GNU GPL, the MPL or the Eclipse License, requires that you give down-the-stream users of the program the same rights that you- yourself received. For that purpose, you are required to distribute the program – including any modified and extended versions of it - under the same license. This means that using such a copyleft licensed component in your code, will require you to release your entire program as an open source. Essentially, it means to distribute the original or modified software under the same license that it originally carried. • The CDDL requires you to release the source code of only the CDDL licensed components that you use or modify in your code under the CDDL. If you distribute your software in its executable form, you are bound to include the source code form but the executable can be distributed either under the CDDL or under a compatible license.
Does the CDDL grant patent rights? • Yes, it does. Any contributor grants you the right to use the patents that his contribution embodies. CDDL takes a very clear stand on patents — you can use, modify, and redistribute CDDL licensed components without any concerns about any patents that the code contributors might hold on the contributed technology. • The CDDL discourages patent litigations against developers by terminating the usage rights to of anyone who initiates a patent claim against a developer about the code that he/she has contributed.
Eclipse Public License (EPL)
EPL - Facts • Developed by the Eclipse Foundation. • It’s derived from the Common Public License (CPL). • The Eclipse codebase is now available under the EPL was formerly licensed under the CPL.
Top 3 EPL License Questions & Answers
What are the terms and conditions of the Eclipse Public License? • The EPL license is a copyleft license. If you modify an EPL’ed component and distribute it in the source code form as part of your program, you’re required to disclose the modified code under the EPL. If you distribute such a program in its object code form, you’re required to state that the source code can be made available to the recipient upon request. You’re also required to share the method for requesting the source code. • The Eclipse Foundation makes clear that, in their opinion, ‘merely interfacing or interoperating’ with an Eclipse plugin does not make your code a derivative work of the plugin. • If you redistribute a program with an EPL component, you are obligated to include the full license text and the copyrights. • The EPL protects the author from possible lawsuits or damages caused if a company used his/her component in a commercial product. It also offers a patent grant.
Is EPL considered a copyleft license? • Yes, the EPL is considered a weak copyleft license. • Weak copyleft licenses require you to disclose your source on the source code, but not on binaries and therefore you can compile covered sources with others and distribute the resulting (merged) binaries under the license of your choice. With ‘strong’ copyleft license, the GPL family, you are obligated to reuse the same license in case of re-distribution of copies or derivatives on both source and binaries.
What is the difference between the Eclipse Public License and IBM’s Common Public License (CPL)? The EPL revises the CPL by deleting the first sentence in the 7th section of the original CPL that was believed to be overly broad and non-conducive to the growth of the Eclipse ecosystem. The removed content explained how the CPL handled patent retaliation.
Download our full open source licenses whitepaper for free DOWNLOAD

More Related Content

What's hot (20)

PDF
FOSS4Gov: Understanding Open Source Licenses
Chamindra de Silva
 
PDF
Understanding open source licenses
Rogue Wave Software
 
PPTX
GitOps w/argocd
Jean-Philippe Bélanger
 
PPTX
Open Source Concepts
RituBhargava7
 
PPT
Open Source Software Presentation
Henry Briggs
 
PPTX
Introducing DevOps
Nishanth K Hydru
 
PPTX
OPEN SOURCE SEMINAR PRESENTATION
Ritwick Halder
 
PDF
DevOps
ARYA TM
 
PPT
Open Source Technology
priyadharshini murugan
 
PDF
Gitlab ci-cd
Dan MAGIER
 
PPTX
DevOps intro
Abdelrhman Shawky
 
PDF
ArgoCD Meetup PPT final.pdf
amanmakwana3
 
PPT
Introduction To Open Source Licenses
Harley Pascua
 
PPTX
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
PDF
Open Source Software - Avoiding Common Pitfalls
Ansel Halliburton
 
PDF
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
PPTX
DevOps and Tools
Mohammed Fazuluddin
 
PDF
IaaS, SaaS, PasS : Cloud Computing
Software Park Thailand
 
ODP
Kubernetes Architecture
Knoldus Inc.
 
PPTX
Open source software
MuhamadHajMousa
 
FOSS4Gov: Understanding Open Source Licenses
Chamindra de Silva
 
Understanding open source licenses
Rogue Wave Software
 
GitOps w/argocd
Jean-Philippe Bélanger
 
Open Source Concepts
RituBhargava7
 
Open Source Software Presentation
Henry Briggs
 
Introducing DevOps
Nishanth K Hydru
 
OPEN SOURCE SEMINAR PRESENTATION
Ritwick Halder
 
DevOps
ARYA TM
 
Open Source Technology
priyadharshini murugan
 
Gitlab ci-cd
Dan MAGIER
 
DevOps intro
Abdelrhman Shawky
 
ArgoCD Meetup PPT final.pdf
amanmakwana3
 
Introduction To Open Source Licenses
Harley Pascua
 
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
Open Source Software - Avoiding Common Pitfalls
Ansel Halliburton
 
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
DevOps and Tools
Mohammed Fazuluddin
 
IaaS, SaaS, PasS : Cloud Computing
Software Park Thailand
 
Kubernetes Architecture
Knoldus Inc.
 
Open source software
MuhamadHajMousa
 

Similar to Top Open Source Licenses Explained (20)

PPTX
Hidden gotcha’s of various open source licenses
Manuswath K.B
 
PDF
Open Source Software Legal Issues and Compliance
Tarun Khurana
 
PPTX
Open Source licenses
Olga Lavrentieva
 
RTF
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Falainix
 
PDF
Understanding Open Source & GPL
Zero Point Development
 
PDF
Overview of basic open-source licenses
Irina Shubina
 
PPTX
Legal-Considerations-for-Open-Source-Software-Creative-Commons-Licenses_Sprin...
EmmaShort14
 
PDF
WP_Open-Source_Best_pratice_web
Paul Plaquette
 
PPTX
Software Licensing.pptx
AaliyanShaikh
 
PPT
Open Source Presentation To Portal Partners2
Viet NguyenHoang
 
PDF
An Open Source Workshop
halehmahbod
 
PDF
GDSC - Software Licensing.pdf
AaliyanShaikh
 
PDF
"Open Source licensing and software quality" by Monty Michael Widenius @ eLib...
eLiberatica
 
PDF
Open source announcement
Raman Pundir
 
PPTX
Foss introduction and history
Thilini munasinghe
 
PPTX
Open Source Licensing: Types, Strategies and Compliance
All Things Open
 
PPT
Open source licenses training
Gokul Muralidharan
 
PPTX
OPEN SOURCE SOFTWARE
Sarvesh Maurya
 
PPT
Opensource powerpoint-reviewppt742
Vibha Khanna
 
PPTX
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
Hidden gotcha’s of various open source licenses
Manuswath K.B
 
Open Source Software Legal Issues and Compliance
Tarun Khurana
 
Open Source licenses
Olga Lavrentieva
 
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Falainix
 
Understanding Open Source & GPL
Zero Point Development
 
Overview of basic open-source licenses
Irina Shubina
 
Legal-Considerations-for-Open-Source-Software-Creative-Commons-Licenses_Sprin...
EmmaShort14
 
WP_Open-Source_Best_pratice_web
Paul Plaquette
 
Software Licensing.pptx
AaliyanShaikh
 
Open Source Presentation To Portal Partners2
Viet NguyenHoang
 
An Open Source Workshop
halehmahbod
 
GDSC - Software Licensing.pdf
AaliyanShaikh
 
"Open Source licensing and software quality" by Monty Michael Widenius @ eLib...
eLiberatica
 
Open source announcement
Raman Pundir
 
Foss introduction and history
Thilini munasinghe
 
Open Source Licensing: Types, Strategies and Compliance
All Things Open
 
Open source licenses training
Gokul Muralidharan
 
OPEN SOURCE SOFTWARE
Sarvesh Maurya
 
Opensource powerpoint-reviewppt742
Vibha Khanna
 
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
Ad

More from WhiteSource (20)

PPTX
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
PDF
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
WhiteSource
 
PDF
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
PDF
Tackling the Container Iceberg:How to approach security when most of your sof...
WhiteSource
 
PDF
Taking Open Source Security to the Next Level
WhiteSource
 
PDF
Securing Container-Based Applications at the Speed of DevOps
WhiteSource
 
PDF
The Challenges of Scaling DevSecOps
WhiteSource
 
PDF
The State of Open Source Vulnerabilities Management
WhiteSource
 
PDF
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
PDF
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
PDF
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
 
PDF
Deep Dive into Container Security
WhiteSource
 
PDF
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
 
PDF
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
 
PDF
Barriers to Container Security and How to Overcome Them
WhiteSource
 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
PDF
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
PPTX
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
WhiteSource
 
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
Tackling the Container Iceberg:How to approach security when most of your sof...
WhiteSource
 
Taking Open Source Security to the Next Level
WhiteSource
 
Securing Container-Based Applications at the Speed of DevOps
WhiteSource
 
The Challenges of Scaling DevSecOps
WhiteSource
 
The State of Open Source Vulnerabilities Management
WhiteSource
 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
 
Deep Dive into Container Security
WhiteSource
 
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
 
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
 
Barriers to Container Security and How to Overcome Them
WhiteSource
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
 
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
WhiteSource
 
Ad

Recently uploaded (20)

PPTX
UI5Con 2025 - Get to Know Your UI5 Tooling
Wouter Lemaire
 
PDF
HydITEx corporation Booklet 2025 English
Георгий Феодориди
 
PDF
HR agent at Mediq: Lessons learned on Agent Builder & Maestro by Tacstone Tec...
UiPathCommunity
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
PDF
OpenInfra ID 2025 - Are Containers Dying? Rethinking Isolation with MicroVMs.pdf
Muhammad Yuga Nugraha
 
PDF
Impact of IEEE Computer Society in Advancing Emerging Technologies including ...
Hironori Washizaki
 
PPTX
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
PDF
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
PDF
Arcee AI - building and working with small language models (06/25)
Julien SIMON
 
PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PDF
Productivity Management Software | Workstatus
Lovely Baghel
 
PDF
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PDF
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
PDF
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
PDF
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
UI5Con 2025 - Get to Know Your UI5 Tooling
Wouter Lemaire
 
HydITEx corporation Booklet 2025 English
Георгий Феодориди
 
HR agent at Mediq: Lessons learned on Agent Builder & Maestro by Tacstone Tec...
UiPathCommunity
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
OpenInfra ID 2025 - Are Containers Dying? Rethinking Isolation with MicroVMs.pdf
Muhammad Yuga Nugraha
 
Impact of IEEE Computer Society in Advancing Emerging Technologies including ...
Hironori Washizaki
 
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
Arcee AI - building and working with small language models (06/25)
Julien SIMON
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
Productivity Management Software | Workstatus
Lovely Baghel
 
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 

Top Open Source Licenses Explained

  • 2. What are open source licenses? An open source license is a legal and binding contract between the author and the user declaring that the software can be used in commercial applications in certain conditions. The license is what turns plain old software components into open source components, and allows users to use that software as long as they keep to the specific terms and conditions as laid out in the license.
  • 3. The legal side of open source licensing • Software is considered as a work of art in the eyes of the law • There is a legal obligation to receive approval from the author who has copyrights on the software in order to use it • Each open source license states what users are permitted to do with the software components. • There are over 200 open source licenses. • The Open Source Initiative (OSI) put together a list of a little bit over 80 approved licenses, best suited for commercial use. • Open source licenses can be divided into two main categories: Copyleft and Permissive.
  • 4. Open source license use breakdown in 2018 Apache 2.0, 22% GPL 3.0, 16% GPL 2.0, 10% LGPL 2.1, 6% BSD 3, 5% Microsoft Public, 3% BSD 2, 2% Eclipse 1.0, 1% Zlib, 1% other, 8%
  • 5. 5 Copyleft vs. Permissive Permissive: Guarantees the freedom to use, modify, and redistribute, while also permitting proprietary derivative works Copyleft If you are using a component with this kind of open source license, then you too must make your code open for use by others as well.
  • 6. Permissive open source licenses continue to trend Up 56% 64% 30% 35% 40% 45% 50% 55% 60% 65% 70% 2017 2018 Permissive Licenses % Permissive Licenses %
  • 7. Permissive apache 2.0 license shook things up in 2017 15% 21% 22% 0% 5% 10% 15% 20% 25% Apache 2.0 usage over the years 2016 2017 2018
  • 8. The slow decline of copyleft licensing • The GPL license, the most used copyleft license, serves as a good example o fthat trend 19% 14% 6% 18% 11% 6% 16% 10% 6% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% GPL 3.0 GPL 2.0 LGPL 2.1 GNU GPL Usage Over the Years 2016 2017 2018
  • 9. Top questions & answers for the top open source licenses
  • 11. GPL - Facts • The most popular open source license • It is a copyleft license • Created by Richard Stallman • Any software that uses any GPL open source component (regardless of its percentage in the entire code) is required to release its full source code and all of the rights to modify and distribute the entire code.
  • 12. Top 3 GPL license questions & answers
  • 13. What are the GPL terms and conditions? If you have used a GPL component in your software, then your entire software is considered a ‘work based on’ GPL, and therefore: • You are not allowed to claim patents or copyright on the software. Moreover, you are obligated to display a copyright notice, disclaimer of warranty, intact GPL notices, and a copy of the GPL. • You are not allowed to change the license or introduce additional terms and conditions. • You are under the reciprocity obligation, which means you are obligated to release the source code and all of the rights to modify and distribute the entire code.
  • 14. Is GPL enforceable? GPL is enforceable as it’s essentially a copyright license. The copyright holders of the GPL software can choose to enforce the GPL on the distributed or derivative works of the software. For example, the FSF holds the copyrights on many pieces of the GNU system, such as the GNU Compiler Collection. As the copyright holder, it can enforce the copyleft requirements of the GNU General Public License (GPL) if copyright infringement occurs on that software.
  • 15. What is the difference between the GPLv2 and the GPLv3? There has always been some confusion regarding what constitutes a ‘work based on’ another work, which in turn triggers the GPL reciprocity obligation. • The FSF tried to add more clarity to GPLv3 as to when the reciprocity obligation is triggered. The FSF even wrote a new GPL license, the Affero license, to address a specific confusion referred to as the “ASP loophole”. • In addition, the FSF tried to increase the compatibility of the GPLv3 with other licenses. To combine two codes into a larger work, both the programs must permit it. If such rights are granted by both the programs' licenses, they are compatible. By making the GPLv3 more compatible, the FSF expanded development options.
  • 16. What is the difference between the GPLv2 and the GPLv3? • The third difference between the two versions is that the GPLv3 was written in an attempt to increase usage worldwide. The language used in GPLv3 to describe the license rights was modified to ensure that international laws will interpret it as the FSF intended, unlike the language used in GPLv2, which is considered very US centric. GPLv3 also allows developers to add local disclaimers, which also helps increasing its usage outside the US.
  • 17. GNU GPL with Classpath Exception
  • 18. Top 3 GPL with Classpath Exception questions & answers
  • 19. What is the GNU Classpath exception? • The GNU GPL requires that every work based on the program – that is, every derivative of the original program or any modifications one introduces to it – be subject to the GPL. As such, it may cover your original code if you combined it with a GPL module. • The classpath exception permits linking a GPL library with an independent module (“which is not derived from or based on the library“), without subjecting the resulting program to the GPL. The independent module can obviously be your own proprietary program. Therefore, the classpath exception enables to use GPL’ed license components in a certain way without risking the integrity of your Intellectual Property.
  • 20. What is the GNU Classpath Exception? • Further, the resulting executable can be copied and redistributed under a license of your choice – as long as you meet the terms and conditions that govern the existing modules you’re using. • Essentially, the classpath exception protects you from having to release your project under the GNU license, if you link to a GPL with classpath exception library— thereby protecting you from having to publically open your entire source code.
  • 21. How should I link a GPL with classpath exception components to my software? You can either link the modules statically or dynamically. The GNU GPL classpath exception permits both methods.
  • 22. Do I have to extend the Classpath Exception downstream? • If you use the GPL library as is, then you must. However, if you modify the GPL with classpath exception library, you may choose whether to extend the exception to your modified library. This is not compulsory. If you don’t want to extend the exception, you don’t have to include the exception statement in your modified library.
  • 24. Apache - Facts • Released by the Apache Software Foundation (ASF) It is a copyleft license • A popular and widely deployed permissive license • Allows you to freely use, modify, and distribute any Apache licensed product.
  • 25. Top 3 Apache License questions & answers
  • 26. What are the Apache License terms and conditions? • The Apache License is a permissive open source software license — so you can release your modified version of the Apache-licensed product under any license of your choice. You can freely use, modify, distribute and sell a software licensed under this license without worrying about its use: personal, internal or commercial. • This license explicitly grants rights to users that can be applied to both copyrights and patents, unlike other permissive licenses that are applicable only to copyrights and not patents. The rights given are perpetual, worldwide, irrevocable, but also non-exclusive — so you can use the licensed work, and so can anyone else. • If you redistribute software with any Apache licensed components, you must include a copy of the license, provide a clear Apache License attribution, and add modification notices to all the files that you modify.
  • 27. What are the Apache License terms and conditions? • You can choose to release the modified or derived products under different licenses, the unmodified parts of the software, however, must retain the Apache License, and you cannot name your modified version in any way that suggests that the final product is endorsed or created by the ASF. • Additionally, if you want to add a copyright statement about all the modifications that you’ve done to any Apache licensed software; you are free to do so. Since the Apache License doesn’t require you to release the modified code under the same license, you can choose to add specific license terms and conditions that govern how others use, reproduce, or distribute your modified code.
  • 28. What is the difference between the different versions? • The Apache Group (later named the Apache Software Foundation) released the first version of its license in 1995, but it’s rare that you’ll come across components that still carry this license. • In 2000, when Berkeley accepted the argument put to it by the Free Software Foundation and retired their advertising clause from the BSD license and formed the modified BSD license, Apache did likewise and created the Apache License version 1.1. • Removing the advertising clause meant that the advertising materials of the derivative works of any Apache licensed product were no longer required to include the Apache License attribution. It became ok to include the attribution in the documentation alone. • In 2004, the ASF decided to depart from the BSD model a little more radically and produced the Apache License version 2.0 by granting patents rights and defining solid definitions of the concepts it uses to make it more coherent.
  • 29. What is the difference between the Apache License 2.0 and the GNU GPL? The GNU GPL is a copyleft license. So software that uses any GPL-licensed component has to release its full source code and all rights to modify and distribute the entire code. The Apache License 2.0 doesn’t impose any such terms. You’re not forced to release your modified version. Besides, you can choose to release your modified version under a different license (however, you’re required to retain the Apache License for the unmodified parts of the code).
  • 31. Ms-PL - Facts The Microsoft Public License is a free and open source software license released by Microsoft, which wrote it for its projects that were released as open source.
  • 33. What are the Microsoft Public License (Ms-PL) terms and conditions? • You are free to reproduce and distribute original or derivative works of any software licensed under the Ms-PL license. However, you may not use any contributors' name, logo, or trademarks when you do so. The Ms-PL protects the authors by explicitly not offering any express warranties or guarantees for using your code, so the author is not liable if the code doesn’t work well in some cases. • When you distribute software (or its portion) under the Ms-PL, you’re not required to distribute its source code. You may do so if you want to, but you’re not obliged. • However, you’re required to: Retain all copyright, patent, trademark, and attribution notices that are originally present in the software.
  • 34. What are the Microsoft Public License (Ms-PL) terms and conditions? Additionally, if you distribute any portion of the software in its source code form, you may do so only under the Ms-PL by including a complete copy of this license with your distribution. If you distribute any portion of the software in its compiled or object code form, you may only do so under any other license that complies with the Ms-PL. It is important to note that the Ms-PL terms and conditions document is very short, concise and written in a very coherent language. Microsoft wanted to be very clear and direct with the open source community, which also helps adoption rate (as we know from the BSD license).
  • 35. Is Microsoft Public License (Ms-PL) considered copyleft? A Copyleft license offers the right to distribute modified and derivative versions of a program, provided that the same rights and freedoms are preserved for downstream recipients of those modifications and derivatives. When you distribute MsPL’ed software or its portion in its source code form, you may only do so under the Ms-PL license. When you distribute the Ms-PL’ed software in compiled or object code form, the Ms- PL license lets you do so only under “a license that complies with” the Ms- PL.
  • 36. Is Microsoft Public License (Ms-PL) considered copyleft? Hence, the Copyleft effect of Ms-PL is clear when choosing to distribute source code version of the modified or derivative Ms-PL software. It seems that when distributing compiled or object code versions of modified or derivative Ms-PL software, the same rights and freedoms need not be passed through to downstream recipients, even though the Ms-PL text is not entirely clear on this point. This interpretation is supported by Microsoft, the steward of Ms-PL, who maintains that one may distribute compiled or object code versions of Ms-PL’ed software under terms of his or her choosing, which must not grant downstream recipients more rights (but can grant them less rights) to the Ms-PL’ed software than are granted to that person.
  • 37. What is the difference between Microsoft Public License (Ms-PL) and the Microsoft Reciprocal License (Ms- RL)? The Ms-RL license is a copyleft license that is more restrictive than the Ms-PL. It allows you to modify and distribute any Ms-RL’ed component as long as the modified source files are included and licensed under the Ms- RL. However, you can license the other files of the software, which are entirely your own work, under any other compatible license you may choose.
  • 39. BSD - Facts BSD Licenses or the original BSD License and its two variants - the Modified BSD License (3-clause), and the Simplified BSD License/FreeBSD License (2-clause) are a family of permissive free software licenses.
  • 40. Top 3 BSD License questions & answers
  • 41. What are the terms and conditions of the BSD Licenses? • The BSD License lets you freely modify and distribute your software’s code in the source or binary format as long as you retain a copy of the copyright notice, list of conditions, and the disclaimer. • The original BSD License or the 4-clause BSD License also contains an advertising clause and a non-endorsement clause (detailed explanation about these clauses are offered in the following questions). The modified BSD License or the 3-clause BSD License was formed by removing the advertising clause from the original BSD License. Further, the FreeBSD version or the 2-clause BSD License was formed by removing the non-endorsement clause from the modified BSD License or the 3-clause BSD License.
  • 42. What is the difference between the original 4-clause BSD License and the Modified 3-clause BSD License? • The advertising clause from the original BSD License requires users to acknowledge the original authors of any used BSD-licensed components in all advertising materials mentioning features or use of their software. This clause was criticized for several reasons. It also made the original BSD License incompatible with the GNU GPL. • Basically the BSD License authors expected developers to include the following acknowledgment in their copyright notices.
  • 43. What is the difference between the original 4-clause BSD License and the Modified 3-clause BSD License? • However, due to misunderstanding the license (and even with malice intention, in some cases), developers started replacing the above acknowledgment text by adding their own or their organizations’ names. • This led to situations where developers were required to list too many attributions, each corresponding to a used BSD-licensed component in their software. • Following the feedback, in 1999, the advertising clause that appears in the original BSD License was removed to create the Modified 3-clause BSD License.
  • 44. What is the difference between the Modified 3-clause BSD License and Simplified 2-clause BSD License? • The Simplified 2-clause BSD License further toned down the 3-clause BSD License by removing the non-endorsement clause. This clause ensured that users could not make it sound like their software was endorsed by any of the acknowledged developers or organizations. • It also introduced a disclaimer about views and opinions expressed in the software to be those of the authors and not of the FreeBSD project.
  • 46. CDDL - Facts • published by Sun Microsystems to replace the Sun Public License (SPL). • The CDDL • The license is considered by Sun (now Oracle) to be SPL version 2 and It is inspired by the Mozilla Public License (MPL). • CDDL is often dubbed as a cleaned up version of the MPL and is made to facilitate reusability.
  • 47. Top 3 CDDL License questions & answers
  • 48. What are the Common Development and Distribution License (CDDL) terms and conditions? • You’re free to reproduce and distribute any original or derivative works of any software licensed under the CDDL. However, you must not remove or make any changes to any copyright, patent or trademark notices contained in the software. You must also retain any notices of licensing or any descriptive text giving attribution to any contributor or the initial developer. • When you distribute your software in an executable form (any form other than source code), you are required to make the source code available as well under the CDDL. The executable form may be released under the CDDL or any CDDL compatible licenses.
  • 49. What are the Common Development and Distribution License (CDDL) terms and conditions? • The source code that you have to make available includes your contributions as long as they are an addition to, deletion from or modification of the contents of a file containing the original software – or new files that contain parts of the original program. That means that if your additions are made in separate and independent files that do not contain the original code, you do not have to release it under the CDDL. You may do that if you choose to, but you’re not obliged. • In addition, you must include a copy of the CDDL with any source code that you distribute. For each modification that you make, you must identify yourself as the modifier by including a notice in your modified files.
  • 50. Is the CDDL considered copyleft? • The CDDL is considered a weak copyleft license. A copyleft license, like the GNU GPL, the MPL or the Eclipse License, requires that you give down-the-stream users of the program the same rights that you- yourself received. For that purpose, you are required to distribute the program – including any modified and extended versions of it - under the same license. This means that using such a copyleft licensed component in your code, will require you to release your entire program as an open source. Essentially, it means to distribute the original or modified software under the same license that it originally carried. • The CDDL requires you to release the source code of only the CDDL licensed components that you use or modify in your code under the CDDL. If you distribute your software in its executable form, you are bound to include the source code form but the executable can be distributed either under the CDDL or under a compatible license.
  • 51. Does the CDDL grant patent rights? • Yes, it does. Any contributor grants you the right to use the patents that his contribution embodies. CDDL takes a very clear stand on patents — you can use, modify, and redistribute CDDL licensed components without any concerns about any patents that the code contributors might hold on the contributed technology. • The CDDL discourages patent litigations against developers by terminating the usage rights to of anyone who initiates a patent claim against a developer about the code that he/she has contributed.
  • 53. EPL - Facts • Developed by the Eclipse Foundation. • It’s derived from the Common Public License (CPL). • The Eclipse codebase is now available under the EPL was formerly licensed under the CPL.
  • 54. Top 3 EPL License Questions & Answers
  • 55. What are the terms and conditions of the Eclipse Public License? • The EPL license is a copyleft license. If you modify an EPL’ed component and distribute it in the source code form as part of your program, you’re required to disclose the modified code under the EPL. If you distribute such a program in its object code form, you’re required to state that the source code can be made available to the recipient upon request. You’re also required to share the method for requesting the source code. • The Eclipse Foundation makes clear that, in their opinion, ‘merely interfacing or interoperating’ with an Eclipse plugin does not make your code a derivative work of the plugin. • If you redistribute a program with an EPL component, you are obligated to include the full license text and the copyrights. • The EPL protects the author from possible lawsuits or damages caused if a company used his/her component in a commercial product. It also offers a patent grant.
  • 56. Is EPL considered a copyleft license? • Yes, the EPL is considered a weak copyleft license. • Weak copyleft licenses require you to disclose your source on the source code, but not on binaries and therefore you can compile covered sources with others and distribute the resulting (merged) binaries under the license of your choice. With ‘strong’ copyleft license, the GPL family, you are obligated to reuse the same license in case of re-distribution of copies or derivatives on both source and binaries.
  • 57. What is the difference between the Eclipse Public License and IBM’s Common Public License (CPL)? The EPL revises the CPL by deleting the first sentence in the 7th section of the original CPL that was believed to be overly broad and non-conducive to the growth of the Eclipse ecosystem. The removed content explained how the CPL handled patent retaliation.
  • 58. Download our full open source licenses whitepaper for free DOWNLOAD