Read the Fine Print on Open-Source Licenses

Open-source applications typically provide free use of the software and access to its source code. But if you plan to distribute the modified application outside your company, open-source licenses usually require you to return any enhancements to the user community, says Michael Goulde, a senior analyst at Forrester Research. But as the open-source model moves up the stack to applications, the term open source is morphing to accommodate corporate needs.

More restrictive licenses are emerging with the new class of open-source CRM applications. For example, a version of SugarCRM is available under a variation on the standard General Public License (GPL). But users of SugarCRM Pro, available under a separate license from SugarCRM, get a different deal. The SugarCRM license works much like a proprietary software vendor’s license, with the exception that Sugar provides the source code and lets companies modify it for internal use only. And that modified code belongs to the user company, not to SugarCRM.

This model is becoming common as more companies build businesses around open-source software for which they offer both a “pro” version and for-pay support services, says Goulde.

“Their free version is really a marketing tool,” says Bob Gatewood, CTO of Athenahealth, a service provider to doctors and a SugarCRM Pro customer. That suits Gatewood just fine, since the SugarCRM license still lets Athenahealth customize its CRM code easily, without requiring expensive professional services that, for example, a Siebel CRM deployment might require.

Another example is the Veteran Administration’s Vista electronic records software, which is available free as public-domain software. Although the VA has integrated enhancements made by some users in later releases, it still manages the core code development. Private companies have created proprietary extensions and add-ons that they sell to Vista users. They’ve also customized the Vista code for their clients, but none of these efforts belong to the VA or the Vista community as they would in traditional open-source efforts such as Linux, Apache or BSD Unix.

The Avalanche Corporate Technology Cooperative is taking a private open-source approach: Enterprises and consultants can join, which provides them access to software developed by the Avalanche members. (The cooperative is just starting its first efforts, including a Sarbanes-Oxley compliance project.) As with open source, the members all contribute technology to various Avalanche efforts, and Avalanche members provide mutual support. Unlike open source, however, only Avalanche members have access to this technology, which its founders believe will ensure development efforts stay focused on members’ business priorities.For CIOs, this means that some open-source tools might in fact be just partially open source, requiring a careful understanding of the license and the program’s contents. “You really need to read the license,” advises Athenahealth’s Gatewood. –G.G.