The risks of using open source software in the development of a new software program have been discussed and debated over and over. Some risks may be exaggerated or misunderstood, but more often than not they are simply ignored.
A good summary of various risks associated with the use of open source software is included in an SEC filing made by Cloudera, Inc. in connection with its recent IPO. The Risk Factors section of Cloudera’s Form S-1 Registration Statement includes the following risk issues with respect to the commercial use of open source software in hybrid open source-proprietary software products:
because of the nature of open source software, there may be fewer technology barriers for competitors who wish to make competing products;
lack of control over the future course of development of the open source components used in the hybrid product;
if individual open source programmers who are not employees of the company do not continue to develop and enhance the various open source components of the hybrid product, the hybrid product itself may suffer from a lack of further development and enhancement;
any court ruling that a certain open source license is not enforceable, or that certain open source components may not be reproduced or distributed, may negatively impact the distribution or development of the commercial hybrid product;
for the more widely-adopted open source components, there is a higher risk of intellectual property infringement claims;
under the terms of certain open source software licenses, the developer of the hybrid product could be required to publicly release the source code of its proprietary software, and to make proprietary software available under the terms of open source licenses, if the open source software and proprietary software are combined in a certain manner;
if the license terms of open source software components change, re-engineering or alternative solutions may be required;
developers of open source software generally do not provide warranties, support, or infringement indemnification, but customers who license the hybrid product may demand these items; and
if certain open source software is supported by a foundation, the commercial business could be affected by decisions made by the foundation or by claims or disputes involving the foundation.
The Cloudera SEC filing includes more detailed descriptions of these, and other, risk factors.