
Introduction
In the vast array of potential technical scenarios, there will always be the potential for code to be deliberately or inadvertently mingled or fused together in a larger program or stack of applications:
- proprietary (closed source code under a commercial license) with other proprietary;
- proprietary (closed source) with open source (code released under an OSS license) ;
- open source code with other open source code.
The licensing background is becoming increasingly complex
The Open Source Initiative openly admits that by facilitating the adoption of so many different types of OSS licenses, they have effectively created a legal ‘Babel’. But the universe of approved OSS licenses was relatively small and the industry of automated scanning tools was able to identify, label and code them with reasonable accuracy. Where particularly nuanced questions arose, mostly around the issue of fused or linked software components governed by different OSS licenses, a graduated approach was possible:
- Check out the available public sources such as GitHub for a quick overview of potential compatibility issues
- Find and read what the specific communities have to say about their specific licenses and the types of combinations that are either not permitted or problematic
- Consult an expert, such as an experienced OSS lawyer.
Now the ‘Babel’ has effectively been expanded by the release of the so-called Open Source Artificial Intelligence Definition or “OSAID” version 1.0. The jury is still out as to the wisdom of the approach taken to determining which generative LLMs may be entitled to call themselves ‘open’, regardless of whether the model’s coding elements are released under a recognized form of OSS license. Time will tell. The fact is that LLMs claiming to be ‘open’ per the OSAID definition have adopted and will likely continue to use their own form of license to confer the required rights upon the community of researchers, developers, distributors and users both private and commercial.
With the advent of so many new or ‘hybrid’ licenses – new LLMs and new license formats are multiplying by the day – the universe of license compatibility questions takes on a whole new dimension.
Many scenarios will be benign from both a technical and legal standpoint. Many will not and could give rise to a number of consequences if not caught and addressed in time.
Questions arising in Academia
Universities, colleges and schools have been relatively slow to recognize the benefits of a centralized Open Source Project Office. This may mean that there is no hub within the organization that could provide best practice guidelines or offer access to resources or expert advice of the kind mentioned in this article. Even where awareness, knowledge and implementation experience may exist, silos between different research areas and projects within departments and lack of channels for sharing information between departments and faculties may lead to inconsistent or even conflicting policies and practices.
The open questions when it comes to using Open Source Software may not have been aired in a sufficiently general and inclusive manner in order for comprehensive strategies, policies and procedures to be formulated and cascaded with modifications as needed throughout the institution.
Some of the high-level and big picture questions would be:
- How should the involvement of the student body in foundational research be handled, both as regards the development and modification of software code and applications and increasingly with regard to the introduction into projects of Generative AI solutions and of data generated by LLMs.
- Assuming Open Source code is permitted to be used, how and by whom will decisions be made for selecting, maintaining and training students and relevant staff on the use of automated tools, such as license scanning and vulnerability scanning tools.
- What criteria will be used to determine what automated and non-automated processes should be in place and what platforms should be used for development (e.g. public cloud, private cloud, on-site or hybrid solutions).
- Where scanning tools are not being deployed for cost or other reasons, how will university based research projects consisting of or including software development ensure the integrity of the code being generated to avoid security vulnerabilities, and if intended for public use, license compliance or IP exposure issues.
- In industry collaborations or collaborations inside Open Source Foundations or other non-profit enterprises, how will the institution manage the question of faculty or student body project contributions with regard to code and programming.
- Should Gen AI tools be permitted for research generally and more specifically is AI to be permitted for coding assistance, in either case subject to what guidelines and rules.
Next time we will focus on some of the fundamental questions arising in the industry sector.
Your mOSS team

Leave a Reply