Effective Open Source Software Adoption for Compliance with Legal Obligations

[article]
Summary:
At first glance, utilizing open source software might seem likely pose potential legal hurdles, but this doesn't have to be the case. Government and even military groups have enjoyed the benefits of open source software, while making sure legal protocol was followed. Here's how it can be done.

Software is a pervasive element in most industrial products and processes nowadays. It comes from internal developments, from suppliers of sub-systems and chips, from outsourced development contractors, from open source repositories or simply from the previous work of the developers themselves. Software, unlike hardware, is easily replicable, accessible, copied and re-used. While large corporations could implement in-house procedures for software governance and compliance to legal obligations, small and mid-size businesses could not afford first generation tools for managed adoption of open source software and had to rely on training and trusting their developers, with some formal audits only when faced with a major sale, a merger & acquisition (MA) or other legally binding events.

Recently available second generation software lifecycle IP management tools enable open source adoption with a no training approach and without disturbance to established development processes.

Compliance to Legal Obligations

Open source software has become a significant player in most software development thanks to the wealth of source code available, its apparently free cost and its high degree of stability and security. Open source code is generally cost free. But it is not without obligations, as it comes laden with licensing and copyright conditions which are enforceable by law – sometimes with dire effects for the hapless users who are not careful to validate the pedigree of the code in their products; i.e. the provenance and the associated obligations of all software components.

This does not mean that outsourcing or the use of open source software is to be avoided. The issue is not with the use of open source, but with the unmanaged adoption without proper care to the copyright and licensing obligations it entails. It is paramount for industrial managers to validate the IP cleanliness of their products and services and ascertain that they meet all legal obligations before they reach the market.

Like most hardware products, software products need to have an associated Bill of Materials (BoM) that fully records the components in the product, their provenance and the licensing and copyright obligations each of them entail, making sure that there are no incompatibilities or violations. An adequate software BoM is instrumental in determining the legal compliance of the software and provides the necessary assurance to customers. As such, it can minimize the cost of indemnification and other associated legal obligations.

Traditionally, IP cleanliness was done manually through rather expensive expert analyses and due diligence processes, mostly undertaken in advance of important financial transactions – a merger, an acquisition or a major commercial undertaking. Manual analyses are prone to error, consume expert resources, take a long time and are becoming prohibitively expensive nowadays, when software is so pervasive and the use of open source and outsourcing so prevalent.

Fortunately, nowadays there are tools at our disposal to do such pedigree analyses automatically - on demand, on schedule or even in real-time within the development process. Some of these tools allow the analyses to be done in accordance with corporate IP policies and lend themselves well to an institutionalization of proper record keeping and safe software development practices.

As the critical factors driving the economics of software management are the efforts to fix the software IP issues and the associated delays in product introduction to market, everything should be done to catch IP issues as soon as possible in the development process rather than wait until the product is finished.

Critical Elements of Software IP Management

The critical elements of software IP management in an organization are:

    • The existence of an IP policy for each project undertaken and a process to disseminate and apply it.

About the author

TechWell Contributor's picture TechWell Contributor

The opinions and positions expressed within these guest posts are those of the author alone and do not represent those of the TechWell Community Sites. Guest authors represent that they have the right to distribute this content and that such content is not violating the legal rights of others. If you would like to contribute content to a TechWell Community Site, email editors@techwell.com.

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, TechWell.com is the place to go for what is happening in software development and delivery.  Join the conversation now!

Upcoming Events

May 04
May 04
May 04
Jun 01