Neolex Open Source Audits

HomeOpen Source AuditsAdvisory ServicesContact us
Follow us on Twitter!
Why do you need open source license audits?

The use of open source software, like any software, is governed by the license terms applicable to it. There is one key difference, however. Whereas most proprietary software is licensed under a single license, most open source software has a variety of difference licenses applicable to it.

To illustrate the difference, we can take the case of PHP (available via php.net). According to the PHP.net website, the PHP framework is available under the PHP 3.01 license.  However, when performing a source code check with HP's well-known Fossology license checker, we can identify 662 instances of code licensed under various licenses. These are shown in the screenshot below.

PHP licenses overview

A few points are worthy of note. First, there are several instances of the same license. Second, sometimes one file can be licensed under multiple licenses. Third, due to the way Fossology operates, it can consider for example code licensed under under licensed under LGPL 2.1 to be an instance of code licensed either under LGPL 2.0 or 2.1. It is thus important to review its findings manually.

After such a review by a lawyer, we can conclude that the PHP distribution still contains various bits of code licensed under a different license than the PHP 3.01 license. Identified license include the Zend License version 2, MIT, BSD, Apache Software License, and more worryingly, components licensed under the GPL and the LGPL.

 

If you wish to distribute, or even use the software in question, you are legally obliged to comply with all of the licenses identified above (including the GPL and the LGPL). It is not sufficient to comply with the primary license, which is the PHP 3.01.

What does Neolex Open Source Audits do?

We are lawyers with special expertise in performing the license audits that give you quality data on i) all licenses applicable to the code in question, and ii) information on how you comply with the licenses. Without that information you are in likely to be in breach of the license terms in question, as it is only by luck that you can comply with obligations you are not even aware of.

We want to help everyone using and distributing open source to make sure they do so legally. We are therefore building a database of all the above-type audits we have performed, and grant our subscribers access to it. We also provide for free to open source projects we have audited  information on any potential issues we have identified so that they can fix them.

Home | Contact | © Copyright 2009, Neolex OS Audits | Design: Everdawn Infosys| Valid CSS and XHTML