open-source-licensing
Safeguard articles tagged "open-source-licensing" — guides, analysis, and best practices for software supply chain and application security.
21 articles
Software Escrow and Supply Chain Continuity Planning
Most escrow deposits are write-only: nobody ever verifies they build. What escrow actually covers, when to pay for verification, and what continuity means for SaaS and OSS.
The GNU General Public License, Explained in Plain Terms
A GPL license explained without legal jargon: what copyleft actually requires, when it triggers, and what it means for a codebase that links against GPL-licensed code.
Node.js License: What Actually Applies to Your App
Node.js itself ships under a permissive MIT-style license, but your app's real license exposure comes from the hundreds of npm packages riding along with it.
Software License Models: A Comparison
Types of software license models split into three broad camps — proprietary, permissive open source, and copyleft — plus the newer source-available middle ground companies keep inventing to protect commercial interests.
GNU GPL v3.0 Obligations, in Plain English
The GNU General Public License v3.0 explained without the legal phrasing: what you must do when you distribute software that includes GPL-3.0 code, and what triggers those obligations.
MIT License vs Apache 2.0: Which to Pick
MIT license vs Apache 2.0 comes down to one real question: do you need an explicit patent grant and contribution terms, or do you want the shortest possible license text?
GitHub Licenses: Choosing One for Your Repo
A practical walkthrough of the license options GitHub surfaces when you create a repo, and how to pick one that matches what you actually want people to do with your code.
GPLv3 License: What Changed From GPLv2
GPLv3 added patent protection and anti-tivoization clauses that GPLv2 never had. Here's what actually changed and why it still matters for dependency compliance.
The AGPL-3.0 License, Explained
AGPL-3.0 is the GNU Affero General Public License v3.0 — GPLv3 with one added clause that closes the SaaS loophole, requiring source disclosure even when software is only used over a network, never distributed.