Effective Open Source Software Adoption for Compliance with Legal Obligations

At first glance, utilizing open source software might seem likely pose potential legal hurdles, but this doesn't have to be the case. Government and even military groups have enjoyed the benefits of open source software, while making sure legal protocol was followed. Here's how it can be done.

Software is a pervasive element in most industrial products and processes nowadays. It comes from internal developments, from suppliers of sub-systems and chips, from outsourced development contractors, from open source repositories or simply from the previous work of the developers themselves. Software, unlike hardware, is easily replicable, accessible, copied and re-used. While large corporations could implement in-house procedures for software governance and compliance to legal obligations, small and mid-size businesses could not afford first generation tools for managed adoption of open source software and had to rely on training and trusting their developers, with some formal audits only when faced with a major sale, a merger & acquisition (MA) or other legally binding events.

Recently available second generation software lifecycle IP management tools enable open source adoption with a no training approach and without disturbance to established development processes.

Compliance to Legal Obligations

Open source software has become a significant player in most software development thanks to the wealth of source code available, its apparently free cost and its high degree of stability and security. Open source code is generally cost free. But it is not without obligations, as it comes laden with licensing and copyright conditions which are enforceable by law – sometimes with dire effects for the hapless users who are not careful to validate the pedigree of the code in their products; i.e. the provenance and the associated obligations of all software components.

This does not mean that outsourcing or the use of open source software is to be avoided. The issue is not with the use of open source, but with the unmanaged adoption without proper care to the copyright and licensing obligations it entails. It is paramount for industrial managers to validate the IP cleanliness of their products and services and ascertain that they meet all legal obligations before they reach the market.

Like most hardware products, software products need to have an associated Bill of Materials (BoM) that fully records the components in the product, their provenance and the licensing and copyright obligations each of them entail, making sure that there are no incompatibilities or violations. An adequate software BoM is instrumental in determining the legal compliance of the software and provides the necessary assurance to customers. As such, it can minimize the cost of indemnification and other associated legal obligations.

Traditionally, IP cleanliness was done manually through rather expensive expert analyses and due diligence processes, mostly undertaken in advance of important financial transactions – a merger, an acquisition or a major commercial undertaking. Manual analyses are prone to error, consume expert resources, take a long time and are becoming prohibitively expensive nowadays, when software is so pervasive and the use of open source and outsourcing so prevalent.

Fortunately, nowadays there are tools at our disposal to do such pedigree analyses automatically - on demand, on schedule or even in real-time within the development process. Some of these tools allow the analyses to be done in accordance with corporate IP policies and lend themselves well to an institutionalization of proper record keeping and safe software development practices.

As the critical factors driving the economics of software management are the efforts to fix the software IP issues and the associated delays in product introduction to market, everything should be done to catch IP issues as soon as possible in the development process rather than wait until the product is finished.

Critical Elements of Software IP Management

The critical elements of software IP management in an organization are:

    • The existence of an IP policy for each project undertaken and a process to disseminate and apply it.

About the author

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.