Open Source Licensing Quick Reference

October 04, 2023

By Paul Chason

• 80% of all software contains open-source code
• How your organization uses open-source software could impact operations or product sales
• Open-source licensing influences any new lines of business that involve software
• Understanding ideal licensing for a use case mitigates potential legal issues around software distribution and use

If you’re responsible for or have a stake in technology in your organization, chances are you’ve come across open-source software. Open source has been on an exponential growth trajectory since the early 2000’s. It’s part of most of the software the world uses. This reference guide covers the most popular license types, and what they allow, that exist in the open-source software supply chain.

To frame licensing at a high level, there are two main types of open-source licenses: permissive licenses and copyleft licenses.

• Permissive licenses: Permissive licenses give you the most freedom to use and distribute open-source software. You can typically modify the software, distribute it to others, and even sell it without any restrictions. Examples of permissive licenses include the MIT License and the Apache License 2.0.

• Copyleft licenses: Copyleft licenses require that any derivative works of the software be distributed under the same license. This means that you cannot simply take an open-source software application and add a few features to it, then sell it as your own proprietary product. Examples of copyleft licenses include the GNU General Public License (GPL) and the Lesser General Public License (LGPL).

• Hybrid licenses: These are licenses that combine concepts from Permissive and Copyleft licenses. It’s important to note that the underlying components of any software application can, and often do, contain different types of licenses.

Next, included is a table that outlines the different types of popular licenses and the pertinent aspects of each license.

License	Type	Allowed	Not Allowed	Must Do
Apache License 2.0	Permissive	Modify Distribute Sublicense Commercial use Private use Patent claim Assign warranty	Liability claim Trademark use	State major changes Keep entire license in modified software Keep original copyright Keep NOTICE file
Berkeley Software Distribution (BSD 3-clause)	Permissive	Modify Distribute Sublicense Commercial use Assign warranty	Liability claim Trademark use	Keep entire license in modified software Keep original copyright
Internet Systems Consortium (ISC)	Permissive	Modify Distribute Commercial use	Liability claim	Keep entire license in modified software Keep original copyright
MIT License	Permissive	Modify Distribute Sublicense Commercial use Private use	Liability claim	Keep entire license in modified software Keep original copyright
Common Development and Distribution License (CDDL 1.0)	Weak Copyleft	Modify Distribute Sublicense Commercial use Private use Patent claim Assign warranty	Liability claim Trademark use	Release source code Keep entire license in modified software Keep original copyright
Eclipse Public License (EPL 2.0)	Weak Copyleft	Modify Distribute Sublicense Issue secondary license Commercial use Private use Patent claim Assign warranty	Liability claim Trademark use	Release source code Keep entire license in modified software Keep original copyright Indemnify claims against contributors
Lesser General Public License (LGPL 3.0)	Weak Copyleft	Modify Distribute Commercial use Patent claim Assign warranty	Sublicense Liability claim	Release source code State modifications Keep original copyright Provide install instructions Keep entire license in modified software
GNU General Public License (GPL-3)	Copyleft	Modify Distribute Commercial use Patent claim Assign warranty	Sublicense Liability claim	Release source code State modifications Keep original copyright Provide install instructions Keep entire license in modified software

Need to understand more how these open-source licenses impact your company's products and services? ⇨ Contact us to review your open-source supply chain