The Hitchhiker’s Guide to Open Source Software Compliance – Episode 2
Open source software has become the new normal when creating enabling technologies, and open source compliance has become the normal of ensuring that your organization meets the legal obligations of the various applicable licenses.
Twenty something years back, open source compliance was not much of a concern. The software platforms and stacks were implemented using proprietary software from various 3rd party software providers with negotiated licensing terms, and the business environment was predictable. Companies simply mitigated potential risks through license and contract negotiations with the software vendors.
In recent decades, however, open source adoption has skyrocketed. Open source software has disrupted most industry verticals, starting with internet/web, to telecom, automotive, finance and now even energy. Companies are incorporating open source software into their platforms for the different advantages it offers, and software stacks can consist of code from different sources under different licenses. The business environment has diverged from familiar territory and corporate comfort zones, and there are no contracts to negotiate and execute with open source projects. Companies must deal with dozens of different licenses, and hundreds or even thousands of licensors and contributors.
The risks that companies used to manage through license negotiations are now managed through compliance and engineering practices.
What is Open Source Software Compliance?
In its simplest definition, open source software compliance is the ability to observe copyright notices and satisfy all the license obligations for open source code used in a commercial product.
For an enterprise, this challenge is combined with that of protecting the intellectual property of any 3rd party suppliers from unintended disclosures, not to mention ensuring the protection of their own IP.
The benefits of Ensuring Open Source Software Compliance
Oftentimes, organizations consider open source software compliance a nuisance – it is hard work identifying all the licenses and ensuring their respective license obligation. But it is also part of the responsibility that companies are entrusted with, to ensure the continued viability of open source projects, and it is no difference from complying with any 3rd party proprietary software licenses.
On the flip side, the compliance efforts can help corporations gain an increased understanding of open source benefits, and valuable insights how it impacts their organization. With the proliferation of open source software, it pays off to better understand what costs and risks that are associated with the use of open source code, and have insight in which available open source components that can support the corporate efforts. In addition, being compliant with open source licenses helps establishing a positive relation with the open source community, a relation of respect and trust.
In upcoming blog entries, we will discuss common errors leading to non-compliance, and suggest methods to mitigate and prevent them from happening. Then, we get into the details into building a compliance process and all the supporting elements.
Until next time, happy innovation and “don’t panic!”