📖 Open Source Contributions and the Risk of IP Exposure
This is an excerpt from my upcoming corporate open source strategy book, being published by Pragmatic Bookshelf. All book excerpt content is early in the development process and therefore unedited; the errors are mine alone (and will be fixed before publishing 😉).
The first risk most leaders think about when faced with the idea of releasing or contributing to free and open source software projects is losing control of their organisation’s precious intellectual property (IP). “Oh no!”, they think, “Someone will see how we do things here and then we’ll be ruined! Alas and alack!” OK, perhaps they’re not quite so dramatic about it, but they’re certainly worried that outbound FOSS will unnecessarily expose company IP. The risk of exposing something that will harm the business is real, but it’s not as likely as many would have you think.
If you recall from the Copyright section, original expressions of ideas are intellectual property and more or less automatically receive copyright protections. This is regardless of whether that idea expression is a trade secret, a patentable business process, or a memo detailing that employees should not microwave fish in the shared staff kitchen.
I’m sorry to be the one to have to break it to you, but most of the intellectual property that your company creates isn’t especially important and it’s certainly not business critical. Across your organisation, people create stacks of copyrightable works every week, and most of those are of the fish memo sort: works that improve life for those who make the business tick but don’t directly impact the business itself. Utilities, templates, and similar things usually fall into this fish memo category and often are safe candidates for releasing under free and open licenses. Contributions to FOSS components that the team uses to build the company’s web presence are similarly safe; these are an example of an outbound engagement that’s unlikely to expose business critical intellectual property.
What qualifies as critical intellectual property naturally varies by company and business, but you’ll probably know it when you see it. Does the IP directly touch upon business matters? It’s likely critical. For instance, if you’re a car manufacturer then details about the internal workings of the infotainment system in your next-gen electric vehicle may be differentiating functionality that you don’t want exposed to competitors.
Developing, communicating, automating, and enforcing FOSS policies and procedures (P&P) can work wonders for mitigating this sort of outbound engagement risk. Revisit the policy chapters for more information about creating P&P that work. And never forget: where IP is concerned, if there’s ever even a hint of a question, consult your Legal team. They’ll let you know whether that outbound engagement is a legitimate risk to the business or whether it’s just a fish memo.
The excerpt content is copyright © The Pragmatic Programmers, LLC and used with permission. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher.
All other content of the post is Copyright VM Brasseur and licensed under CC BY-SA.