Missing Open Source Licenses May Cost Channel $59B

"License, schmisence" may be the mantra of at least some open source developers, who are more interested in software code than legal minutiae.  But that's a mistake, according to open source consulting company BlackDuck, which claims that as much as $59 billion may be "locked up" in open source projects that haven't declared explicit licenses.

BlackDuck's findings don't come out of the blue.  They're part of a wider discussion in the open source ecosystem about the importance of adopting any of the various licenses — like the GPL, Apache or MIT licenses — that the Open Source Initiative has approved to protect software code.  Just this week, the popular code-hosting site GitHub — probably motivated by the realization that a huge number of the projects it hosts have no license — unveiled a mini-site, choosealicense.com, to help developers make license decisions.

BlackDuck's research suggests that the GitHub tool might see more than a few users.  The company found in an analysis of one million open source projects that 40 percent have no declared license — although 42 percent of that group do have "embedded" licenses, meaning they incorporate code that is explicitly protected by a license.

Using this data and figures from Gartner, BlackDuck concludes that up to $59 billion in software value is in limbo because of a lack of declared licenses.  A representative of the company explained the methodology as follows:

Industry-wide, $342 billion was spent on software in 2012 (from Gartner). On top of the $342 billion, it is estimated that 30% of software running in today’s enterprises is open source, saving companies an estimated $146B industry-wide.

With 40% of today’s open source projects carrying no declared license, and the majority of organizations unwilling to use projects without a declared license, upwards of $59 billion (40% of $146 billion) of potential-use open source software is going untapped.

The data analysts in the audience might question the methodology a bit here. For one, the company's data, which it summarized in an infographic, doesn't specify how an open source project's size or age affects its likelihood of having a declared license. It seems logical that the projects without licenses would tend to be smaller and newer, and therefore represent less commercial value.

It's also not clear that enterprises derive no value at all from projects without licenses.  Making use of code that is not governed by an explicit license may pose auditing and compliance risks, but I'd be surprised if that stops everyone everywhere from using unlicensed software that is publicly available.

Still, BlackDuck's findings highlight the disconnect between open source development, enterprise deployment and licensing. They also, incidentally, underline an important application of Big Data analytic techniques for the open source ecosystem, which is why BlackDuck collected the information in the first place using the software tools it designed to help automate licensing and compliance tasks for open source projects.