Effective Open Source Software Adoption for Compliance with Legal Obligations

  • code, the matching external content and the associated legal obligations is made available to authorized personnel.
  • Automatic analysis of any new code that is deposited into the organization’s Source Control Management (SCM) library.
      • On notification of a file being checked-in, an automatic IP analysis is performed and the file’s IP attributes are checked against established IP policies.
        • The pedigree database is automatically updated when a source file is saved or checked-in to the code repository.
          • If any violations are detected, an alert is provided, as specified by the mandated workflow in the IP policy.
        1. Real-time developer assistance to select and use only IP policy acceptable software components.
            • Advanced software IP management tools can operate unobtrusively at each developer workstation to detect any new code being brought into a project, determine its pedigree and verify that it meets requirements of IP policy associated with that project.
              • No developer training is necessary.
                • The pedigree database is automatically updated when a source file is saved or checked-in to the code repository.
                  • Developers are notified only if there is a violation of the IP policy, in which case they are requested to justify acceptance of code (e.g. for internal use only) or to change it for acceptance by IP policy.
                    • Development managers can also be alerted as specified by the mandated workflow in the IP policy.
                      • An interactive report detailing the content and legal obligations of the analyzed code is available on demand by authorized personnel.
                    1. Final analysis of the software build load before delivering it outside the organization.
                        • The software build load is automatically analyzed and its pedigree is checked against specified IP policy.
                          • The associated pedigree database is updated.
                            • Any violations of IP policy is notified for appropriate action.
                              • A software BoMs is provided together with information on compliance to legal obligations as per established IP policy.
                            1. This software lifecycle management process ensures automatic compliance with appropriate IP policies without imposing specific pre-approval of open source components. An optional stage dedicated to pre-approval of open source components and the management of a repository of approved open source can be considered as part of stage 3 above.

                              Done properly, software IP management should be unobtrusive to the developers, requiring their attention only when code of unknown or unacceptable pedigree is brought into the software.

                              Second generation tools for software lifecycle management have been designed from the beginning for easy adoption and application, do not require any special training of developers, are affordable even for small companies and provide automatically a software BoM which can attest the compliance to legal obligations.

                              Mahshad Koohgoli is the CEO of Protecode, Inc. , based in Ottawa, Ontario, Canada. He has more than 25 years of experience in the telecommunications industry and specializes in technology start-up businesses. Mahshad has a BSc and a PhD from the University of Sussex, England. Sorin Cohn-Sfetcu has 30 years of international business and technology experience. He holds several patents in Web services, wireless, and digital signal processing.

                              Mahshad: 613-721-5936
                              [email protected]

                              Sorin: 613-301-0066
                              [email protected]

                              About the author

                              AgileConnection is a TechWell community.

                              Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.