The chances are high that your company uses open source software (“OSS”) in some capacity. While the benefits of OSS are clear, it is also clear that OSS can pose significant legal risks that must be addressed. The best way to manage these risks is to have a clearly written and enforced OSS policy. To understand why these policies are necessary, it is first necessary to understand the risks of not having one. Our recent paper identifies some of the key legal issues to understand when using OSS followed by some of the elements to consider in such a policy.