The growing swath of enterprise open source solutions (OSS) is playing an important role in how companies and governments modernize their IT infrastructures, especially when migrating to the cloud.\u00a0 The benefits of enterprise open source are vast, as it provides enterprises with options and capabilities they would not otherwise receive through proprietary software. Moreover, CIOs are never locked into a single vendor\u2019s solution because the capabilities provided by open source are ubiquitous and constantly evolving.\u00a0 Open source allows for the easy integration of new solutions, thus enabling IT professionals to improve legacy infrastructure more efficiently than working with proprietary solution vendors.\nOpen source solutions also lead to cost reductions.\u00a0 As such, in its 2016 Federal Source Code Policy the federal government argued the effective implementation of the right open source tools can save a significant amount of money.\u00a0 Cost reductions are especially relevant when migrating to the cloud, as the less a company spends on proprietary software, the more it can devote to its digital transformation efforts.\u00a0\nHowever, there is always a catch . . .\u00a0\nOpen source is free in a monetary sense, but it is not necessarily free of legal obligations.\u00a0 Open source software is like proprietary software in that they are both protected by copyright and, oftentimes, patents.\u00a0 Thus, an enterprise must still comply with the applicable licenses to legally use the open source software.\u00a0 It is incredibly important that enterprises fully understand their risks for both patents and copyright.\u00a0 While programmers will have a thorough understanding of how the code operates, they likely will not understand\u2014or even know\u2014the legal implications of using a open source component.\u00a0 Therefore, it is imperative that CIOs understand these legal scenarios, and that there are policies in place to prevent using code that is not properly licensed.\u00a0 Still, there will always be risk, and managing that risk is essential.\u00a0\nManaging the patent risk\nAs larger enterprises and developers continue to embrace open source, the number of patent infringement assertions is increasing.\u00a0 The Citrix and Sound View Innovations cases are two examples.\u00a0 Because the code is public, it is easy for a patent owner to determine whether the code infringes their patent.\u00a0 Once a patent owner is confident an OSS component infringes its patent, the owner can then easily detect whether the invention is being used by an enterprise.\u00a0 One can detect usage of OSS through job postings or knowledge of Hadoop, and once the OSS component user is identified, it is easy to efficiently prove infringement by comparing the code to the patent.\u00a0 Non-practicing entities that own patent reading on OSS components have a great interest in focusing on common elements used by large numbers of entities, which allows them to efficiently assert infringement against multiple enterprises.\u00a0\nDon\u2019t forgot the copyright angle\nWhile most companies think of patents as a potential litigation risk when implementing new software technologies, they often forget about the copyright angle.\u00a0 This is likely one reason why there has been an uptick in assertions from copyright \u201ctrolls.\u201d \u00a0So far, most of these lawsuits have occurred in Germany, but this could easily broaden out as lawyers get more creative.\u00a0 The assertions derive from the notion of enforcing compliance with the OSS license.\u00a0 So, as long as an enterprise is complying with all of the terms of the license, they are fine.\u00a0 But if for some reason they don\u2019t meet the license terms, the license can be terminated, and they have just become a copyright infringer. For example, the GPLv2 license is automatically terminated when one of its conditions is not met, and can only be reinstated by a copyright holder, thereby creating a potentially important exposure to copyright claims. The Linux community was recently able to successfully defend themselves, but other, more sophisticated copyright trolls may emerge over time.\u00a0 In an attempt to get ahead of the game, a number of companies (RedHat, Google, Microsoft, etc.) recently announced a set of cure rights for software under their General Public Licenses (GPL).\u00a0 The goal is to create industry norms that allow for fixing honest mistakes in complying with GPL software.\nFurthermore, it is unclear how the recent appeals court decision in the Oracle v. Google case will change the litigation landscape in the United States.\u00a0 Some stakeholders assert that it could create a storm of copyright litigation in the software space.\u00a0\nAs you migrate to the cloud, what can you do to make sure your company doesn\u2019t fall prey to an assertion?\u00a0 First, there are groups that are defining best practices for minimizing OSS risk.\u00a0 For example, your enterprise could commit to the aforementioned cure rights.\u00a0 You could also ensure your cloud provider has a broad indemnity policy. One of the main reasons you are moving to the cloud is to sleep easier at night\u2014not only do you want your enterprise to be more secure and the system to be more reliable, you also want to ensure your legal liability is more limited than before.