Navigating Open Source Licenses: Common Pitfalls and How to Avoid Them

In recent years, open‑source technologies have become mainstream in cloud computing, mobile internet, and big data, driving innovation while also raising intellectual‑property and information‑security concerns.

Common Questions about Open Source Licenses

Do open‑source licenses grant patent rights or contain "patent retaliation" clauses?

Is source code required when providing cloud services based on open‑source software?

How can the disclosure requirements of open‑source licenses be satisfied?

What does “breach remediation” in a license mean?

What special issues arise when using open‑source licenses in cloud‑computing environments?

A guide titled "Open Source License Usage Guide" will be released at the OSCAR Open Source Pioneer Day on October 20, compiled with support from companies such as Tencent, Alibaba, Huawei, ZTE, Didi, Oracle, and others. The guide details the selection of mainstream licenses, risks of improper use, and common problems, providing practical guidance for enterprises and developers.

Overview of Main Open Source Licenses

The guide reviews eleven widely used open‑source licenses, highlighting common characteristics: retention of copyright, attribution to original authors, clear license identification with full text or link, permission for commercial use, permission to modify and redistribute, permission for private use, and a disclaimer that authors are not liable for downstream use.

Licenses differ in commercial compatibility, sharing permissions, requirements to provide source code on redistribution, patent grants, patent‑retaliation clauses, and obligations when creating online services or internal solutions.

Risks of Improper License Use

Open‑source risk: Using a copyleft or weak‑copyleft license may obligate you to disclose your private source code.

Contract breach risk: Violating license obligations can be considered a contract breach in some jurisdictions, as noted by U.S. case law.

Intellectual‑property risk: Non‑compliant use may infringe copyrights, patents, or trade secrets of the original authors.

License compatibility risk: Differing obligations among licenses can cause incompatibility issues when combining components.

Data security and privacy risk: Introducing open‑source components may expose systems to malicious code, viruses, or privacy breaches.

OSCAR Open Source Pioneer Day

The event, organized by the China Academy of Information and Communications Technology, will feature a special session on open‑source governance where experts will present the guide and answer audience questions. It will be held on October 20 at the Beijing Taifu Hotel (Xitu Cheng Road, Haidian District).