Five reasons to consider an open-source software audit

by Carl Spencer-Spear, May 2019

Page Book

Have you considered an open-source software audit?


What is open-source software?

If you’re a software developer or service provider, chances are you are using some open-source software. “Open-source” software is licensed under a group of licences that give licensees full access to the software and its source-code.

This makes open-source software very attractive to software developers, as it provides easy access to software libraries and tools, which would otherwise require development time and resource to build. As the source code is fully accessible and editable, it can be modified to meet the developer’s needs and can be incorporated, or combined with, the developer’s software.

This quick and easy access can, however, come at a price. The key concern for developers using open-source software is the extent to which the licence for that software imposes conditions on modified versions of the software and/or the combination of the software with other programs.


Restrictive & permissive licences

Open-source licences sit on a spectrum, from restrictive or ‘strong copyleft’ licences, to permissive or ‘weak copyleft’ licences.

Restrictive or ‘strong copyleft’ licences will generally impose conditions on how the open-source software - and any modifications or derivatives of it - is distributed. This is a business risk for developers and software licensors, as one of these open-source licences could potentially require the whole software product - and its source code - to be made available under the open-source terms, exposing potentially valuable proprietary code and information.

On the other hand, permissive or ‘weak copyleft’ licences will normally allow the open-source software to be modified or combined without the new version becoming subject to the licence and having to be made open-source. 

For this reason, it is vital that software developers and licensors, and any business whose value sits in proprietary software, has an understanding of the open-source software they’re using and the type of licence it is provided under.


What is an open-source software audit?

An open-source software audit involves two stages:

1. determining which of your software, if any, is provided under an open-source licence. This can be done manually by developers familiar with the coding and the software elements in use, or via software programs that analyse the software code; and

2. a legal review of the open-source software licences to determine whether they are permissive or restrictive, and highlight any key licence terms and restrictions, and advise on any steps a business may want to consider to reduce any risks associated with such software.

Roxburgh Milkins can assist with this process. We can provide an open-source software questionnaire, to help you gather and collate the relevant information about the software you’re using. Using the responses provided, we will find the relevant software licences, review them, and provide you with relevant advice and guidance.


Five reasons to consider an open-source software audit

1. By performing a review of the software components you’re using, you’ll be able to create a comprehensive register of those components, making auditability and future development much easier.

2. Our legal review will provide you with a comprehensive register of the open-source software licences you’re subject to, and the key terms of those, so you can keep track of the licences and your legal obligations when using those open-source software programs.

3. If the roadmap for your business includes any sale or investment, you’re going to need to provide due diligence information, which will include details of any open-source software used in your products or services. An audit will provide all relevant information and show good business practice.

4. An audit may highlight certain software licence terms that, often unwittingly, you haven’t been complying with. This allows you to redress those issues before they become a problem for your business.

5. In the worst case scenario, if you’re using highly restrictive open-source software, which comprises the proprietary value of your software products or services, an audit will allow you to identify such software and give you an opportunity to replace it with less restrictive, or in-house, software.


If you’d like further information on our open-source software audit, please feel free to contact Carl Spencer at or Ian Grimley at

Twitter Instagram YouTube LinkedIn Facebook Google + WhatsApp Link Email icnUpArrow Right Arrow Down Arrow Left Arrow Search Checkbox Check Close Map Pin Shopping Bag