GitHub, Black Duck, and the lower burden of OSS compliance

Earlier this week we saw the debut of GitHub’s new microsite At the same time, source code analysis specialist Black Duck revealed their analysis of GitHub projects. The analysis claims that 77% of GitHub projects have no declared license. A little digging needs to be done to properly understand this number though. 

“Of this 77 percent”, the Black Duck press release says, “42 percent of GitHub projects actually have embedded licenses”. What does that mean? It means that those projects do have licenses, but that the licenses are declared only in the source code and not as separate “read me” or license files. If you were thinking of using or even contributing to a project, you would be sure to open the source files and take a look. The true number of unlicensed projects is in fact more like 25-30%. For more detail check out today’s ComputerWorldUK article.

Ultimately, this emphasis on potential OSS licensing problems is misplaced. Instead we need to focus critics on the large extent to  which open source has a lower compliance burden than proprietary software and its endless, custom EULAs and developer licenses. For further reading on this topic, Simon’s got some well developed ideas about open source compliance written up in this essay on his personal blog.