OpenSource Risk Experts
Map your blast radius

BLOG

The open source license risk blog: field notes on relicensing.

The open source license risk blog gives plain reads on relicensing, the differences between the Business Source License, the Server Side Public License, and the GNU AGPL, and how to keep a dependency tree defensible.

FEATUREDRelicensing

The blast radius is not the project. It is everything downstream of it.

Why a single relicense reaches systems the project's name never appears in, and how to see the chain before someone else does.

June 20269 min read
LICENSES

BSL, SSPL, AGPL: what each one actually restricts.

A side by side read of the three terms behind most relicensing events, and the trigger that turns each one on.

May 20267 min read
 RELICENSING

What the Terraform move to BSL taught every platform team.

A component you treat as plumbing can carry the most reach. The lesson was about depth, not popularity.

May 20266 min read
 SBOM

An SBOM that tracks license state, not just versions.

Most bills of materials answer what you run. Few answer under which terms. The gap is where relicensing hides.

April 20268 min read
 GOVERNANCE

Catching the next relicense at intake, not in an audit.

An allowlist and an approval gate cost far less than a remediation program. Where to put the controls.

April 20265 min read
 M AND A

Pricing open source license risk into a deal.

A target's dependency tree can move valuation. How diligence surfaces it while there is still room to negotiate.

March 20267 min read
 RELICENSING

When a fork is the safe path, and when it is a new liability.

Permissively licensed forks can contain the risk, but maintenance and provenance decide whether they last.

March 20266 min read

No posts in this category yet.

COMMON QUESTIONS

Questions buyers ask.

What does the open source license risk blog cover?

It covers relicensing events, the differences between the Business Source License, the Server Side Public License, and the GNU AGPL, SBOM practice, governance, and open source risk in M and A.

How often is it updated?

New field notes are published as relicensing events and license changes warrant. This is a fast moving topic, so posts carry dated, as of framing.

Do the posts give legal advice?

No. The blog provides commercial and licensing risk perspective, not legal advice. For interpretation of license terms, consult your own counsel.

Where do I go deeper than a blog post?

See the gated open source risk white papers for longer form analysis, or contact us for a confidential assessment of your own tree.

CONTAINMENT

Map your blast radius before it spreads.

A confidential open source license risk assessment. Independent, buyer side, paid only by you.

Not ready to talk? Read the free open source license risk guides first.

Map your blast radius