That's the good news. The bad news is, nearly all open source code comes with a license agreement. Just because it's free doesn't mean you can do anything you want with it. That something is "open source" doesn't mean that it isn't covered by its author's copyright or even by patents. That means, yes, you could be sued.
For developers, open source software is a goldmine. A huge goldmine dripping with value. For one thing, you can study the source code to see how it works. This can teach you new tricks, offer unique insight into specific methods or protocols, and generally show you some really nifty algorithms. For another, you can copy/paste your way to faster, more secure software by reusing open source components or routines.
At the very least, you should fully and accurately disclose that you used open source in your own documentation, in-line comments and software license agreement. Worse case, by incorporating some open source, you may be legally obligating your own company to adopt that component's license for your own application -- including releasing your entire application as open source.
The Open Source Initiative
has provided a handy reference to dozens of open source licenses. When you find some code that you want to use, be sure to check the license before doing anything with it. That may include running it past your organization's legal department.
Whether or not you sign a contract to use the code, you are generally legally obligated to follow the terms of the contract if you add the open source into your company's code.
You should also consider using a database to track the use of all open source components or even code snippets used in your company's software.
Think you won't be caught if you release code using open source components in disregard for that code's license restrictions? Think again. Just like plagiarism software catches students (or journalists) copying previously published works, so do commonly available tools, especially for software used on the Web.
For example, the Black Duck Knowledgebase
includes hundreds of thousands of open source products -- and the company claims that it knows about more than 2,200 separate licenses. The company also has tools, like Protex
, that essentially scan for unlicensed use of open source software.
There are other companies in the same space, such as Koders
. But even if you're not worried about getting caught (and you should be!), looking at the license for open source code and making sure that you are comfortable with its terms is also a moral obligation. The code is out there for free; the least you can do is follow the rules.