Organizations frequently use open-source software for both internal operations as well as in commercial software and other products. While OSS can be inexpensive, efficient and reliable, it also comes with significant risks including cybersecurity and intellectual property concerns. A recent Strafford program offered a comprehensive primer on the uses and risks of OSS, and insights on designing appropriate compliance controls for its use. The program featured Sheppard Mullin attorney James G. Gatto and Baker Botts attorneys Luke K. Pedersen and Andrew Wilson. Part one of this two-article series explains the key legal issues, common OSS license provisions, and cybersecurity and litigation risks. Part two will addresses where attorneys encounter OSS challenges, identifying OSS, best practices for OSS guidance, and patent issues that OSS presents. See our two-part series on vendor risk management: “Nine Due Diligence Questions” (May 25, 2016), and “14 Key Contract Terms” (June 8, 2016).