When GitHub can be dangerous for Business

Anybody doing anything with software has almost certainly heard of GitHub1. Just in case you haven't, GitHub is a hosting service for storing source code. In fact, it's the largest code host in the world, with over 3.4 million users.


Developers frequently use GitHub to find software libraries and code snippets they can use within their own projects. This, in and of itself, is an amazing practice and provides a great deal of value to the development community2. Unfortunately, potential problems arise when using someone else’s code without considering the licensing options provided by the author.

Background

Software licenses, like any other intellectual property license, explicitly states the rights under which a licensee can use that software.  Open Source software licenses generally provide the licensee the freedom redistribute the software within other software they are building free of charge.  

GitHub, however provides the option for users to select a license when creating their source code repository, but it is not the default.

If source code is published within GitHub without a license, it falls under copyright law by default, instead. A difference that is incredibly significant. If copyright law applies, the software author retains all rights to the source code, and nobody else may reproduce, distribute, or create derivative works3. This is extremely impactful to businesses that create software. If a developer uses code from GitHub that isn’t explicitly under a license, a business would essentially be breaking the law by including it in their product.

How Much of GitHub Software Is Unlicensed?

Although it is possible that a GitHub repository may not have a license, is this really a prevalent issue?  Unfortunately, yes.  A study last year4 indicates that well more than half of the GitHub repositories on file do not indicate an associated license. To be more precise, the study showed that only 14.9% had a file in their top-level directories that identified any kind of license at all…

Although GitHub has recognized5 the absence of a license being a potential issue and taken some steps to help users in selecting a license, such as ChooseALicense.com6, proper licensing still remains a potential issue for businesses.



Don't Get Screwed

In order to help ensure a business doesn’t run into issues with using someone else’s code, make sure all development teams are using software that is appropriately licensed. The ChooseALicence website is a great resource. Also, if someone does find a GitHub repository that doesn’t have a license that you want to use, simply ask the author to add one. Most are happy to do so, they’re human, after all.