SlideShare a Scribd company logo

The Art and Science of Open Source Compliance

Download as PPTX, PDF
Samsung Open Source Group
Samsung Open Source Group

Ibrah

Technology
1 of 41
Balancing Business, Community and Legal Currents: The Art & Science of Successful OSS Compliance Ibrahim Haddad, Ph.D. Head of Open Source Innovation Group | Samsung Research America – Silicon Valley 1 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
How did I get here? Jan 2000 2 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Basic Elements of a Compliance Program 3 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Compliance 101 • Companies using open source software must: - Observe the obligations of FOSS licenses - Protect their IP - Protect the IP of 3rd party software providers from unintended disclosure • Basic Elements of Compliance - Policy - Process - Guidelines - Staffing - Training - Audits - Tools and Automation - Inquiries Snapshot of Compliance Program Elements 4 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Compliance: A Balancing Act 5 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Balancing what? Internal & External Legal Counsel opinions / requirements Business needs Community needs Enforcers, whistle blowers It’s easier to make enemies than to make friends. 7 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Sweet Spot Legal Business Community Enforcers 8 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
How to balance? Welcome to the Art & Science of Compliance. 9 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
The Art & Science Compliance Meter Art (Creative Activity) Science (Systematic Approach) 10 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Policy • The 1 line compliance policy. We must ensure that all of <COMPANY NAME>’s incoming software (in house, 3rd party commercial, open source, other) is compliant with the license it is provided under by following the open source compliance process defined in <URL>. 11 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Policy • The 72 pages master policy 72 pages policy + various mini policies ranging from 10 to 22 pages. [The largest mini policy at 22 pages is on “Open Source Compliance Practices When Engaging With Business Partners] Fun Fact: 1 policy page per 1000 employee! 12 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Policy: Art / Science Meter Art Science 13 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Process The way we ensure the policy is applied. Simple process: - Check all incoming software - Identify origin, license, obligations, notices, etc. - Upon product release, meet the conditions of the licenses Incoming Software Released code Notices Written offer identificatio n Audit Approvals Distribution 14 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Do you think all engineers request approval? 15 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Process Story (1) • What to do when you are severely understaffed? • 1 JIRA ticket – 5 milestones in the JIRA process (identification, auditing, reviews, approval, fulfillment). Identify incoming code Audit Review Results & Fix Issues Approve Publish JIRA ticket linear lifecycle; does not assume iterations between different phases. 16 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Process Story (2) • Bring people into your world: Palm story. • Palm Pre compliance story. 17 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Process: Art / Science Meter Art Science 18 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Guidelines (Balancing with Legal Staff) License Compatibility Matrix License Playbooks Legal Best Practices Compliance 911 19 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Guidelines (Balancing with Engineering Staff) HOW-TOs Do’s and Don’t’s Engineering best practices 20 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Guidelines Story • Example comment found in source code while auditing it: “I stole this code from >URL<” 21 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Guidelines: Art / Science Meter License Playbooks Art Science 22 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Guidelines: Art / Science Meter Engineering Guidelines Art Science 23 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Guidelines: Art / Science Meter Compatibility Matrix How-To Do’s & Don’t’s911 Art Science 24 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Compliance Staffing: Art / Science Meter Building Compliance Team Art Science Right Mindset Easy To Find/Hire Hard To Find 25 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Staffing Story Ibrahim, I am not convinced we need to do any of this compliance stuff and we need to transfer the compliance resources to development. Can you figure out a plan for this? Compliance requires an executive sponsor. 26 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Training Crucial to the adoption of compliance. Ranges from a brown bag talk to a 3-days workshop. STORY: Compliance Seminar #1 - Less than 10 people attended. Compliance Seminar #2 (a week later) – Full house Any guess on what influenced the increased attendance? (2 factors) 27 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co. Must provide proper motivation!
Audits and Tools • Tools • Project management • Auditing • Linkage analysis • BoM diff tool 28 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Running the Audits Art Science 29 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Interpreting the Audit Results Art Science 30 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Automation • We ship 100s of products every year, many with multiple firmware and OTA updates. • How to deal with this industrial scale compliance? 31 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Coming up with a solution Art Science 32 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
The Automation Solution Art Science 33 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Inquiries / Challenges Acknowledge Inform Investigate Report Rectify Improve Incoming Inquiry These steps are taken only if a violation was found Close Inquiry 34 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Managing Inquiries – Process Art Science 35 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Resolving Rightful Inquiries Art Science 36 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Closing 37 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Relationships Matter 38 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
How good is good enough? Cost Very High Risk Acceptable Safe Level 0% Risk Optimal Point? • IP Leakage • Product Recall • Compensation • Public Apology • Opening code • $ Settlement • Reputation damage • Compliance Infra • Education & Training • Code Scanning • Legal Due Diligence • Automation Source: Yunjae Jung, Samsung SDS 39 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Final Thoughts We’ve come a long way in compliance and we learned a lot. Compliance today is now more of a scalability and a cost issue, not as much of a license interpretation debate. The Next Frontier: How can we take cost out of compliance and provide a consistent , bullet proof and repeatable approach that helps companies avoid compliance hiccups? We need Artists & Scientists to attack the Scaling, Automation and Cost challenges. 40 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
Thank you! Ibrahim Haddad, Ph.D. Head of Open Source Innovation Group Samsung Research America – Silicon Valley @IbrahimAtLinux 41 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.

Recommended

WSU Capstone
WSU CapstoneWSU Capstone
WSU CapstoneTroy Foley
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Assessing India's Open Science Data Framework
Assessing India's Open Science Data FrameworkAssessing India's Open Science Data Framework
Assessing India's Open Science Data FrameworkAnup Kumar Das
 
Books E Books E Audio
Books E Books E AudioBooks E Books E Audio
Books E Books E AudioFloyd Pentlin
 
Top Universities, Top Libraries Do Research Services in Academic Libraries Co...
Top Universities, Top Libraries Do Research Services in Academic Libraries Co...Top Universities, Top Libraries Do Research Services in Academic Libraries Co...
Top Universities, Top Libraries Do Research Services in Academic Libraries Co...Llarina González Solar
 
The role of libraries in supporting teaching and research in the sciences
The role of libraries in supporting teaching and research in the sciencesThe role of libraries in supporting teaching and research in the sciences
The role of libraries in supporting teaching and research in the sciencesAndrea Miller-Nesbitt
 
Promoting Information Literacy in Digital Environment
Promoting Information Literacy in Digital EnvironmentPromoting Information Literacy in Digital Environment
Promoting Information Literacy in Digital EnvironmentKavita Rao
 

Recommended

WSU Capstone
WSU CapstoneWSU Capstone
WSU CapstoneTroy Foley
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Assessing India's Open Science Data Framework
Assessing India's Open Science Data FrameworkAssessing India's Open Science Data Framework
Assessing India's Open Science Data FrameworkAnup Kumar Das
 
Books E Books E Audio
Books E Books E AudioBooks E Books E Audio
Books E Books E AudioFloyd Pentlin
 
Top Universities, Top Libraries Do Research Services in Academic Libraries Co...
Top Universities, Top Libraries Do Research Services in Academic Libraries Co...Top Universities, Top Libraries Do Research Services in Academic Libraries Co...
Top Universities, Top Libraries Do Research Services in Academic Libraries Co...Llarina González Solar
 
The role of libraries in supporting teaching and research in the sciences
The role of libraries in supporting teaching and research in the sciencesThe role of libraries in supporting teaching and research in the sciences
The role of libraries in supporting teaching and research in the sciencesAndrea Miller-Nesbitt
 
Promoting Information Literacy in Digital Environment
Promoting Information Literacy in Digital EnvironmentPromoting Information Literacy in Digital Environment
Promoting Information Literacy in Digital EnvironmentKavita Rao
 
Books, newspapers, magazines and periodicals across govt institutions
Books, newspapers, magazines and periodicals across govt institutionsBooks, newspapers, magazines and periodicals across govt institutions
Books, newspapers, magazines and periodicals across govt institutionsstatisense
 
How to read a book
How to read a bookHow to read a book
How to read a bookHarish M H
 
E - resources for economics, commerce and management students
E - resources for economics, commerce and management studentsE - resources for economics, commerce and management students
E - resources for economics, commerce and management studentsHaresh R
 
Green libraries initiatives at national and international level
Green libraries initiatives at national and international levelGreen libraries initiatives at national and international level
Green libraries initiatives at national and international levelअमोल खोब्रागडे
 
Emerging technologies and the future of libraries (and library systems). Keyn...
Emerging technologies and the future of libraries (and library systems). Keyn...Emerging technologies and the future of libraries (and library systems). Keyn...
Emerging technologies and the future of libraries (and library systems). Keyn...Ken Chad Consulting Ltd
 
Open access resources
Open access resourcesOpen access resources
Open access resourcesAkshay Kumar
 
Periodical Types
Periodical TypesPeriodical Types
Periodical TypesKatie Seeler Hoskins
 
The Future of Libraries
The Future of LibrariesThe Future of Libraries
The Future of LibrariesPeter Bromberg
 
Periodicals
PeriodicalsPeriodicals
PeriodicalsScott Lee
 
Public library
Public libraryPublic library
Public libraryHarish M H
 
Case Study of Performance Audit of National Library, Kolkata, India
Case Study of Performance Audit of National Library, Kolkata, IndiaCase Study of Performance Audit of National Library, Kolkata, India
Case Study of Performance Audit of National Library, Kolkata, IndiaShantanu Basu
 
Importance of periodicals
Importance of periodicalsImportance of periodicals
Importance of periodicalsHarish M H
 
Ict uses in libraries
Ict uses in librariesIct uses in libraries
Ict uses in librariesLiaquat Rahoo
 
The future of libraries
The future of librariesThe future of libraries
The future of librariesJane Cowell
 
Impact of ICT on libraries
Impact of ICT on librariesImpact of ICT on libraries
Impact of ICT on librariesAsif Waheed
 
Institutional Repositories
Institutional RepositoriesInstitutional Repositories
Institutional RepositoriesJoshua Parker
 
Teaching Library Skills Power Point
Teaching Library Skills Power PointTeaching Library Skills Power Point
Teaching Library Skills Power Pointlesleythelibrarian
 
National library of India. Library and information science
National library of India. Library and information scienceNational library of India. Library and information science
National library of India. Library and information scienceharshaec
 
Types of Information Sources
Types of Information SourcesTypes of Information Sources
Types of Information Sourceshisled
 
The library in the life of the user
The library in the life of the userThe library in the life of the user
The library in the life of the userlisld
 
From Idea to Corporate-Sponsored Open Source Project
From Idea to Corporate-Sponsored Open Source ProjectFrom Idea to Corporate-Sponsored Open Source Project
From Idea to Corporate-Sponsored Open Source ProjectSamsung Open Source Group
 
A Practical Guide to Open Sourcing Proprietary Technology
A Practical Guide to Open Sourcing Proprietary TechnologyA Practical Guide to Open Sourcing Proprietary Technology
A Practical Guide to Open Sourcing Proprietary TechnologySamsung Open Source Group
 

More Related Content

Viewers also liked

Books, newspapers, magazines and periodicals across govt institutions
Books, newspapers, magazines and periodicals across govt institutionsBooks, newspapers, magazines and periodicals across govt institutions
Books, newspapers, magazines and periodicals across govt institutionsstatisense
 
How to read a book
How to read a bookHow to read a book
How to read a bookHarish M H
 
E - resources for economics, commerce and management students
E - resources for economics, commerce and management studentsE - resources for economics, commerce and management students
E - resources for economics, commerce and management studentsHaresh R
 
Emerging technologies and the future of libraries (and library systems). Keyn...
Emerging technologies and the future of libraries (and library systems). Keyn...Emerging technologies and the future of libraries (and library systems). Keyn...
Emerging technologies and the future of libraries (and library systems). Keyn...Ken Chad Consulting Ltd
 
Open access resources
Open access resourcesOpen access resources
Open access resourcesAkshay Kumar
 
The Future of Libraries
The Future of LibrariesThe Future of Libraries
The Future of LibrariesPeter Bromberg
 
Case Study of Performance Audit of National Library, Kolkata, India
Case Study of Performance Audit of National Library, Kolkata, IndiaCase Study of Performance Audit of National Library, Kolkata, India
Case Study of Performance Audit of National Library, Kolkata, IndiaShantanu Basu
 
Importance of periodicals
Importance of periodicalsImportance of periodicals
Importance of periodicalsHarish M H
 
Ict uses in libraries
Ict uses in librariesIct uses in libraries
Ict uses in librariesLiaquat Rahoo
 
The future of libraries
The future of librariesThe future of libraries
The future of librariesJane Cowell
 
Impact of ICT on libraries
Impact of ICT on librariesImpact of ICT on libraries
Impact of ICT on librariesAsif Waheed
 
Institutional Repositories
Institutional RepositoriesInstitutional Repositories
Institutional RepositoriesJoshua Parker
 
Teaching Library Skills Power Point
Teaching Library Skills Power PointTeaching Library Skills Power Point
Teaching Library Skills Power Pointlesleythelibrarian
 
National library of India. Library and information science
National library of India. Library and information scienceNational library of India. Library and information science
National library of India. Library and information scienceharshaec
 
Types of Information Sources
Types of Information SourcesTypes of Information Sources
Types of Information Sourceshisled
 
The library in the life of the user
The library in the life of the userThe library in the life of the user
The library in the life of the userlisld
 

Viewers also liked (20)

Books, newspapers, magazines and periodicals across govt institutions
Books, newspapers, magazines and periodicals across govt institutionsBooks, newspapers, magazines and periodicals across govt institutions
Books, newspapers, magazines and periodicals across govt institutions
 
How to read a book
How to read a bookHow to read a book
How to read a book
 
E - resources for economics, commerce and management students
E - resources for economics, commerce and management studentsE - resources for economics, commerce and management students
E - resources for economics, commerce and management students
 
Green libraries initiatives at national and international level
Green libraries initiatives at national and international levelGreen libraries initiatives at national and international level
Green libraries initiatives at national and international level
 
Emerging technologies and the future of libraries (and library systems). Keyn...
Emerging technologies and the future of libraries (and library systems). Keyn...Emerging technologies and the future of libraries (and library systems). Keyn...
Emerging technologies and the future of libraries (and library systems). Keyn...
 
Open access resources
Open access resourcesOpen access resources
Open access resources
 
Periodical Types
Periodical TypesPeriodical Types
Periodical Types
 
The Future of Libraries
The Future of LibrariesThe Future of Libraries
The Future of Libraries
 
Periodicals
PeriodicalsPeriodicals
Periodicals
 
Public library
Public libraryPublic library
Public library
 
Case Study of Performance Audit of National Library, Kolkata, India
Case Study of Performance Audit of National Library, Kolkata, IndiaCase Study of Performance Audit of National Library, Kolkata, India
Case Study of Performance Audit of National Library, Kolkata, India
 
Importance of periodicals
Importance of periodicalsImportance of periodicals
Importance of periodicals
 
Ict uses in libraries
Ict uses in librariesIct uses in libraries
Ict uses in libraries
 
The future of libraries
The future of librariesThe future of libraries
The future of libraries
 
Impact of ICT on libraries
Impact of ICT on librariesImpact of ICT on libraries
Impact of ICT on libraries
 
Institutional Repositories
Institutional RepositoriesInstitutional Repositories
Institutional Repositories
 
Teaching Library Skills Power Point
Teaching Library Skills Power PointTeaching Library Skills Power Point
Teaching Library Skills Power Point
 
National library of India. Library and information science
National library of India. Library and information scienceNational library of India. Library and information science
National library of India. Library and information science
 
Types of Information Sources
Types of Information SourcesTypes of Information Sources
Types of Information Sources
 
The library in the life of the user
The library in the life of the userThe library in the life of the user
The library in the life of the user
 

Similar to The Art and Science of Open Source Compliance

From Idea to Corporate-Sponsored Open Source Project
From Idea to Corporate-Sponsored Open Source ProjectFrom Idea to Corporate-Sponsored Open Source Project
From Idea to Corporate-Sponsored Open Source ProjectSamsung Open Source Group
 
A Practical Guide to Open Sourcing Proprietary Technology
A Practical Guide to Open Sourcing Proprietary TechnologyA Practical Guide to Open Sourcing Proprietary Technology
A Practical Guide to Open Sourcing Proprietary TechnologySamsung Open Source Group
 
A Streamlined Process to Open Source Proprietary Technology
A Streamlined Process to Open Source Proprietary TechnologyA Streamlined Process to Open Source Proprietary Technology
A Streamlined Process to Open Source Proprietary TechnologySamsung Open Source Group
 
The Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect ConsortiumThe Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect ConsortiumOpen Interconnect Consortium
 
Why DevOps Matters To The CIO
Why DevOps Matters To The CIOWhy DevOps Matters To The CIO
Why DevOps Matters To The CIObenjaminwootton
 
The Role of Legal Counsels in Focusing Compliance on Scaling and Execution
The Role of Legal Counsels in Focusing Compliance on Scaling and ExecutionThe Role of Legal Counsels in Focusing Compliance on Scaling and Execution
The Role of Legal Counsels in Focusing Compliance on Scaling and ExecutionSamsung Open Source Group
 
The Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect ConsortiumThe Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect ConsortiumSamsung Open Source Group
 
Inner-Source: The Lesson of Linux for Enterprises
Inner-Source: The Lesson of Linux for EnterprisesInner-Source: The Lesson of Linux for Enterprises
Inner-Source: The Lesson of Linux for EnterprisesSamsung Open Source Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre EuclidesTI Safe
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Crowdsourcing vs. Technology Scouting in a B2B setting
Crowdsourcing vs. Technology Scouting in a B2B settingCrowdsourcing vs. Technology Scouting in a B2B setting
Crowdsourcing vs. Technology Scouting in a B2B settingMichael Heiss
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Resume_Prakash_Experienced_2yrs_Testing
Resume_Prakash_Experienced_2yrs_TestingResume_Prakash_Experienced_2yrs_Testing
Resume_Prakash_Experienced_2yrs_TestingPRAKASH N
 
CollabNet Houston Workshop Live Enterpise agility_11.12.14
CollabNet Houston Workshop Live Enterpise agility_11.12.14CollabNet Houston Workshop Live Enterpise agility_11.12.14
CollabNet Houston Workshop Live Enterpise agility_11.12.14dennisn129CBN
 
Outsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsOutsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsSPAN Infotech (India) Pvt Ltd
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSAP Ariba
 

Similar to The Art and Science of Open Source Compliance (20)

From Idea to Corporate-Sponsored Open Source Project
From Idea to Corporate-Sponsored Open Source ProjectFrom Idea to Corporate-Sponsored Open Source Project
From Idea to Corporate-Sponsored Open Source Project
 
A Practical Guide to Open Sourcing Proprietary Technology
A Practical Guide to Open Sourcing Proprietary TechnologyA Practical Guide to Open Sourcing Proprietary Technology
A Practical Guide to Open Sourcing Proprietary Technology
 
A Streamlined Process to Open Source Proprietary Technology
A Streamlined Process to Open Source Proprietary TechnologyA Streamlined Process to Open Source Proprietary Technology
A Streamlined Process to Open Source Proprietary Technology
 
The Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect ConsortiumThe Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect Consortium
 
Why DevOps Matters To The CIO
Why DevOps Matters To The CIOWhy DevOps Matters To The CIO
Why DevOps Matters To The CIO
 
The Role of Legal Counsels in Focusing Compliance on Scaling and Execution
The Role of Legal Counsels in Focusing Compliance on Scaling and ExecutionThe Role of Legal Counsels in Focusing Compliance on Scaling and Execution
The Role of Legal Counsels in Focusing Compliance on Scaling and Execution
 
The Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect ConsortiumThe Future of IoT: Why We Need the Open Interconnect Consortium
The Future of IoT: Why We Need the Open Interconnect Consortium
 
Developing Open Source Leadership
Developing Open Source LeadershipDeveloping Open Source Leadership
Developing Open Source Leadership
 
Inner-Source: The Lesson of Linux for Enterprises
Inner-Source: The Lesson of Linux for EnterprisesInner-Source: The Lesson of Linux for Enterprises
Inner-Source: The Lesson of Linux for Enterprises
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Crowdsourcing vs. Technology Scouting in a B2B setting
Crowdsourcing vs. Technology Scouting in a B2B settingCrowdsourcing vs. Technology Scouting in a B2B setting
Crowdsourcing vs. Technology Scouting in a B2B setting
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
 
Resume_Prakash_Experienced_2yrs_Testing
Resume_Prakash_Experienced_2yrs_TestingResume_Prakash_Experienced_2yrs_Testing
Resume_Prakash_Experienced_2yrs_Testing
 
CollabNet Houston Workshop Live Enterpise agility_11.12.14
CollabNet Houston Workshop Live Enterpise agility_11.12.14CollabNet Houston Workshop Live Enterpise agility_11.12.14
CollabNet Houston Workshop Live Enterpise agility_11.12.14
 
Outsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsOutsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factors
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
 

More from Samsung Open Source Group

The Complex IoT Equation (and FLOSS solutions)
The Complex IoT Equation (and FLOSS solutions)The Complex IoT Equation (and FLOSS solutions)
The Complex IoT Equation (and FLOSS solutions)Samsung Open Source Group
 
Rapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBRapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBSamsung Open Source Group
 
Tizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT DevicesTizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT DevicesSamsung Open Source Group
 
IoTivity: Smart Home to Automotive and Beyond
IoTivity: Smart Home to Automotive and BeyondIoTivity: Smart Home to Automotive and Beyond
IoTivity: Smart Home to Automotive and BeyondSamsung Open Source Group
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialSamsung Open Source Group
 
Open Source Metrics to Inform Corporate Strategy
Open Source Metrics to Inform Corporate StrategyOpen Source Metrics to Inform Corporate Strategy
Open Source Metrics to Inform Corporate StrategySamsung Open Source Group
 
IoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilityIoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilitySamsung Open Source Group
 
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...Samsung Open Source Group
 
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceAdding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceSamsung Open Source Group
 
IoT: From Arduino Microcontrollers to Tizen Products using IoTivity
IoT: From Arduino Microcontrollers to Tizen Products using IoTivityIoT: From Arduino Microcontrollers to Tizen Products using IoTivity
IoT: From Arduino Microcontrollers to Tizen Products using IoTivitySamsung Open Source Group
 
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under LinuxPractical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under LinuxSamsung Open Source Group
 
IoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/LinuxIoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/LinuxSamsung Open Source Group
 
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Things
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of ThingsJerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Things
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of ThingsSamsung Open Source Group
 

More from Samsung Open Source Group (20)

The Complex IoT Equation (and FLOSS solutions)
The Complex IoT Equation (and FLOSS solutions)The Complex IoT Equation (and FLOSS solutions)
The Complex IoT Equation (and FLOSS solutions)
 
Easy IoT with JavaScript
Easy IoT with JavaScriptEasy IoT with JavaScript
Easy IoT with JavaScript
 
Spawny: A New Approach to Logins
Spawny: A New Approach to LoginsSpawny: A New Approach to Logins
Spawny: A New Approach to Logins
 
Rapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBRapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USB
 
Tizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT DevicesTizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
 
IoTivity: Smart Home to Automotive and Beyond
IoTivity: Smart Home to Automotive and BeyondIoTivity: Smart Home to Automotive and Beyond
IoTivity: Smart Home to Automotive and Beyond
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
 
GENIVI + OCF Cooperation
GENIVI + OCF CooperationGENIVI + OCF Cooperation
GENIVI + OCF Cooperation
 
Framework for IoT Interoperability
Framework for IoT InteroperabilityFramework for IoT Interoperability
Framework for IoT Interoperability
 
Open Source Metrics to Inform Corporate Strategy
Open Source Metrics to Inform Corporate StrategyOpen Source Metrics to Inform Corporate Strategy
Open Source Metrics to Inform Corporate Strategy
 
IoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT InteroperabilityIoTivity for Automotive IoT Interoperability
IoTivity for Automotive IoT Interoperability
 
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Thin...
 
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceAdding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
 
IoTivity: From Devices to the Cloud
IoTivity: From Devices to the CloudIoTivity: From Devices to the Cloud
IoTivity: From Devices to the Cloud
 
SOSCON 2016 JerryScript
SOSCON 2016 JerryScriptSOSCON 2016 JerryScript
SOSCON 2016 JerryScript
 
IoT: From Arduino Microcontrollers to Tizen Products using IoTivity
IoT: From Arduino Microcontrollers to Tizen Products using IoTivityIoT: From Arduino Microcontrollers to Tizen Products using IoTivity
IoT: From Arduino Microcontrollers to Tizen Products using IoTivity
 
Run Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT NetworkRun Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT Network
 
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under LinuxPractical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
 
IoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/LinuxIoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
 
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Things
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of ThingsJerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Things
JerryScript: An ultra-lighteweight JavaScript Engine for the Internet of Things
 

Recently uploaded

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Recently uploaded (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

The Art and Science of Open Source Compliance

  • 1. Balancing Business, Community and Legal Currents: The Art & Science of Successful OSS Compliance Ibrahim Haddad, Ph.D. Head of Open Source Innovation Group | Samsung Research America – Silicon Valley 1 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 2. How did I get here? Jan 2000 2 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 3. Basic Elements of a Compliance Program 3 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 4. Compliance 101 • Companies using open source software must: - Observe the obligations of FOSS licenses - Protect their IP - Protect the IP of 3rd party software providers from unintended disclosure • Basic Elements of Compliance - Policy - Process - Guidelines - Staffing - Training - Audits - Tools and Automation - Inquiries Snapshot of Compliance Program Elements 4 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 5. Compliance: A Balancing Act 5 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 6.
  • 7. Balancing what? Internal & External Legal Counsel opinions / requirements Business needs Community needs Enforcers, whistle blowers It’s easier to make enemies than to make friends. 7 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 8. Sweet Spot Legal Business Community Enforcers 8 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 9. How to balance? Welcome to the Art & Science of Compliance. 9 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 10. The Art & Science Compliance Meter Art (Creative Activity) Science (Systematic Approach) 10 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 11. Policy • The 1 line compliance policy. We must ensure that all of <COMPANY NAME>’s incoming software (in house, 3rd party commercial, open source, other) is compliant with the license it is provided under by following the open source compliance process defined in <URL>. 11 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 12. Policy • The 72 pages master policy 72 pages policy + various mini policies ranging from 10 to 22 pages. [The largest mini policy at 22 pages is on “Open Source Compliance Practices When Engaging With Business Partners] Fun Fact: 1 policy page per 1000 employee! 12 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 13. Policy: Art / Science Meter Art Science 13 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 14. Process The way we ensure the policy is applied. Simple process: - Check all incoming software - Identify origin, license, obligations, notices, etc. - Upon product release, meet the conditions of the licenses Incoming Software Released code Notices Written offer identificatio n Audit Approvals Distribution 14 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 15. Do you think all engineers request approval? 15 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 16. Process Story (1) • What to do when you are severely understaffed? • 1 JIRA ticket – 5 milestones in the JIRA process (identification, auditing, reviews, approval, fulfillment). Identify incoming code Audit Review Results & Fix Issues Approve Publish JIRA ticket linear lifecycle; does not assume iterations between different phases. 16 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 17. Process Story (2) • Bring people into your world: Palm story. • Palm Pre compliance story. 17 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 18. Process: Art / Science Meter Art Science 18 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 19. Guidelines (Balancing with Legal Staff) License Compatibility Matrix License Playbooks Legal Best Practices Compliance 911 19 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 20. Guidelines (Balancing with Engineering Staff) HOW-TOs Do’s and Don’t’s Engineering best practices 20 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 21. Guidelines Story • Example comment found in source code while auditing it: “I stole this code from >URL<” 21 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 22. Guidelines: Art / Science Meter License Playbooks Art Science 22 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 23. Guidelines: Art / Science Meter Engineering Guidelines Art Science 23 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 24. Guidelines: Art / Science Meter Compatibility Matrix How-To Do’s & Don’t’s911 Art Science 24 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 25. Compliance Staffing: Art / Science Meter Building Compliance Team Art Science Right Mindset Easy To Find/Hire Hard To Find 25 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 26. Staffing Story Ibrahim, I am not convinced we need to do any of this compliance stuff and we need to transfer the compliance resources to development. Can you figure out a plan for this? Compliance requires an executive sponsor. 26 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 27. Training Crucial to the adoption of compliance. Ranges from a brown bag talk to a 3-days workshop. STORY: Compliance Seminar #1 - Less than 10 people attended. Compliance Seminar #2 (a week later) – Full house Any guess on what influenced the increased attendance? (2 factors) 27 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co. Must provide proper motivation!
  • 28. Audits and Tools • Tools • Project management • Auditing • Linkage analysis • BoM diff tool 28 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 29. Running the Audits Art Science 29 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 30. Interpreting the Audit Results Art Science 30 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 31. Automation • We ship 100s of products every year, many with multiple firmware and OTA updates. • How to deal with this industrial scale compliance? 31 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 32. Coming up with a solution Art Science 32 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 33. The Automation Solution Art Science 33 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 34. Inquiries / Challenges Acknowledge Inform Investigate Report Rectify Improve Incoming Inquiry These steps are taken only if a violation was found Close Inquiry 34 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 35. Managing Inquiries – Process Art Science 35 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 36. Resolving Rightful Inquiries Art Science 36 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 37. Closing 37 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 38. Relationships Matter 38 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 39. How good is good enough? Cost Very High Risk Acceptable Safe Level 0% Risk Optimal Point? • IP Leakage • Product Recall • Compensation • Public Apology • Opening code • $ Settlement • Reputation damage • Compliance Infra • Education & Training • Code Scanning • Legal Due Diligence • Automation Source: Yunjae Jung, Samsung SDS 39 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 40. Final Thoughts We’ve come a long way in compliance and we learned a lot. Compliance today is now more of a scalability and a cost issue, not as much of a license interpretation debate. The Next Frontier: How can we take cost out of compliance and provide a consistent , bullet proof and repeatable approach that helps companies avoid compliance hiccups? We need Artists & Scientists to attack the Scaling, Automation and Cost challenges. 40 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.
  • 41. Thank you! Ibrahim Haddad, Ph.D. Head of Open Source Innovation Group Samsung Research America – Silicon Valley @IbrahimAtLinux 41 © 2014 Open Source Group – Silicon Valley Samsung Electronics Co.