SlideShare a Scribd company logo

Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software

Mary Lou Wakimura
Mary Lou Wakimura

Commercial software developers are often drawn to open source code to help deliver a low cost and flexible product that can quickly be brought to market. While there are benefits, there are also risks and pitfalls. With the growth and influence of free software licensing, some have been asserting the General Public License (GPL) violations in litigation to attempt to gain an advantage. Please join us as we explore these issues and discuss strategies to protect your product from litigation and to evaluate whether your new product will be strengthened or weakened by the integration of open source software, and in particular the GPL. Gain insight into: - Reach of the influential free software license GPL; - Emerging risk of copyright trolls in open source; - Risk of Free Software Foundation sponsored litigation in response to GPL violations; - Contours of what constitutes a derivative work employing Linux code in the context of the GPL; and - Lessons learned from the Hellwig vs. VMware case.

Software
1 of 15
Download to read offline
Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software October 4, 2016
2 Offices Boston Seaport Innovation District Concord Route 128 Technology Corridor By the Numbers 1980 Year Founded 22 Technology Specialties Bioinformatics Biotechnology & Life Sciences Biologics & Immunotherapeutics Chemical Engineering Pharmaceuticals Chemistry Material Sciences Clean Technology Medical Devices Medical Imaging Mechanical Engineering Electrical Engineering Semiconductors Optics Robotics Mobile Internet of Things Network Infrastructure Telecommunications Computer Hardware Computer Software Business Methods 37 Attorneys, Patents Agents, Technology Specialists 19 Firm accolades since 2010, including: 4
5 Mary Lou Wakimura Principal Hamilton Brook Smith Reynolds Giovanna Fessenden Of Counsel Hamilton Brook Smith Reynolds Thomas Schubert Lead Counsel Software Licensing Siemens AG
Background of Open Source Licensing and IP Law Open Source Software (OSS)  Copyrighted but access to source code with rights to modify  Licensee may copy and make derivative works  If distribute derivative works, then perpetuate original OSS terms 6
Key Goals of Commercial Software Vendors Who Use OSS  Maintain ability to deliver  Protect IP from devaluation  Mitigate security vulnerabilities  Control contributions to OSS community  Avoid exposure to Copyright Trolls 7
Main Challenges:  Most of today’s commercial software contains Open Source  A typical complex application contains 30-80 OSS components  Each OSS component contains one or several licenses • Example: Linux Kernel has about 95 different licenses and license combinations  Minor license violation may terminate your right to use • Example: You must ship a copy of the GPL license with your product Maintain Ability to Sell Products
Strategies to consider: 1. Pass OSS usage policy and enforce it without imposing unnecessary bureaucracy on the organization 2. Build the right team (lawyers with software knowhow, engineers with licensing expertise) 3. Procure the right clearing platform 4. Install a high-performance process close to the engineering operation 5. Don’t forget to also tackle commercial standard software (COTS) 6. Be aware of potential OSS license incompatibilities (rarely a problem) 7. Ensuring compliance throughout the supply chain is difficult • Actively solicit OSS information from your suppliers • Treat absence of OSS information like a product defect • Secure your position by including contractual language around OSS matters Maintain Ability to Sell Products
Main Challenges:  Uncontrolled use of OSS with viral licenses may devalue your software assets • Example: The use of code under viral licenses (e.g. GPL) may require you to provide any derivative works (this could be your product) free of charge to the OSS community (worst case)  Asset devaluation may require asset write-downs Strategies to consider:  Make software clearing an integral part of the software development process  Continuously monitor your software code for Copyleft code  When buying a software company, spend some money on an OSS assessment Protect IP From Devaluation
Mitigate Security Vulnerabilities Main Challenges:  You can only manage vulnerabilities that you know  To know what’s in your code, you must monitor usage of OSS Strategies to consider:  Obtain Common Criteria (CC) certification /evaluation  Analyze the application environment for possible threats  Enable users and the software to self-report detected issues  Use special scanners to identify security issues in real time  Require developers to use OSS only from trusted sites 11
Control Contributions to the Open Source Community Main Challenges:  Most companies take OSS without giving (enough) back Strategies to consider:  Define your level of interaction with the OSS community  Can you afford not contributing to the OSS community?  Consider contributing to projects of strategic importance  Avoid unnecessary OSS forks in your company 12
Open Source software: A promising arena for IP litigators?  Next wave of industrial progress is software-driven  Software patents can be difficult to obtain  Legislators have started to discourage Patent Trolls Avoid Exposure to Copyright Trolls © Hugh D’Andrade, CC BY 2.0
Two main types of Open Source enforcers:  “Good Guys”: E.g. Free Software Foundation • Community-oriented enforcement • Goal: Compliance through education and assistance • “Legal action is a last resort”  The “bad guys”: Trolls • A few individuals • Goal: Making money Strategy to consider:  Do not “blindly” accept a troll’s claim  Try settling on favorable terms Avoid Exposure to Copyright Trolls
Basics:  If you have no OSS policy, create one  If your developers are unaware of OSS pitfalls, train them Next steps:  Assess your demand for software clearing  Develop an appropriate clearing process  Consider a make/buy decision: • Outsource the whole clearing process to a supplier, or • Build up a clearing team (considering offshore options)  Start before commercially licensing out your IP OSS Strategies for Smaller Entities
16 Ask the Panel
17 Thank you! Mary Lou Wakimura Hamilton Brook Smith Reynolds MaryLou.Wakimura@hbsr.com 978.341.0036 x 3214 Giovanna Fessenden Hamilton Brook Smith Reynolds Giovanna.Fessenden@hbsr.com 978.341.0036 x 3466 Thomas Schubert Siemens AG Thomas.Schubert@siemens.com

Recommended

Developing Mixed-Source Commercial Products - OSS Risks and Mitigation
Developing Mixed-Source Commercial Products - OSS Risks and MitigationDeveloping Mixed-Source Commercial Products - OSS Risks and Mitigation
Developing Mixed-Source Commercial Products - OSS Risks and MitigationJim Markwith
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installationOm Kumar
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensingtravellingpolander
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project CategoriesMark Ritchie
 

Recommended

Developing Mixed-Source Commercial Products - OSS Risks and Mitigation
Developing Mixed-Source Commercial Products - OSS Risks and MitigationDeveloping Mixed-Source Commercial Products - OSS Risks and Mitigation
Developing Mixed-Source Commercial Products - OSS Risks and MitigationJim Markwith
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installationOm Kumar
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensingtravellingpolander
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
Compliance IT Project Categories
Compliance IT Project CategoriesCompliance IT Project Categories
Compliance IT Project CategoriesMark Ritchie
 
M7 internet security
M7 internet securityM7 internet security
M7 internet securityJosep Bardallo
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune SystemJustin Hayward
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internetJosep Bardallo
 
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...ActiveState
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governancePrabir Kr Sarkar
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullGreat Wide Open
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBlack Duck by Synopsys
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
IP and WTP for digital products
IP and WTP for digital productsIP and WTP for digital products
IP and WTP for digital productsMIPLM
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
My Seminar
My SeminarMy Seminar
My SeminarEsha Bindra
 
Open Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated CompaniesOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companiesiasaglobal
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Mindtrek
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...South Tyrol Free Software Conference
 

More Related Content

What's hot

Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune SystemJustin Hayward
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internetJosep Bardallo
 

What's hot (7)

M7 internet security
M7 internet securityM7 internet security
M7 internet security
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
 
M8 privacy & regulatory in internet
M8 privacy & regulatory in internetM8 privacy & regulatory in internet
M8 privacy & regulatory in internet
 

Similar to Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software

Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...ActiveState
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governancePrabir Kr Sarkar
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullGreat Wide Open
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBlack Duck by Synopsys
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
IP and WTP for digital products
IP and WTP for digital productsIP and WTP for digital products
IP and WTP for digital productsMIPLM
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated CompaniesOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companiesiasaglobal
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Mindtrek
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...South Tyrol Free Software Conference
 
An Introduction To The Red Hat Model
An Introduction To The Red Hat ModelAn Introduction To The Red Hat Model
An Introduction To The Red Hat ModelJeremy Brown
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceRogue Wave Software
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Protecode
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
 

Similar to Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software (20)

Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governance
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational Pull
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
IP and WTP for digital products
IP and WTP for digital productsIP and WTP for digital products
IP and WTP for digital products
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
My Seminar
My SeminarMy Seminar
My Seminar
 
Open Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated CompaniesOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companies
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
 
An Introduction To The Red Hat Model
An Introduction To The Red Hat ModelAn Introduction To The Red Hat Model
An Introduction To The Red Hat Model
 
Osbi Sesame?
Osbi Sesame?Osbi Sesame?
Osbi Sesame?
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open source
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 

Recently uploaded

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 

Recently uploaded (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 

Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software

  • 1. Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software October 4, 2016
  • 2. 2 Offices Boston Seaport Innovation District Concord Route 128 Technology Corridor By the Numbers 1980 Year Founded 22 Technology Specialties Bioinformatics Biotechnology & Life Sciences Biologics & Immunotherapeutics Chemical Engineering Pharmaceuticals Chemistry Material Sciences Clean Technology Medical Devices Medical Imaging Mechanical Engineering Electrical Engineering Semiconductors Optics Robotics Mobile Internet of Things Network Infrastructure Telecommunications Computer Hardware Computer Software Business Methods 37 Attorneys, Patents Agents, Technology Specialists 19 Firm accolades since 2010, including: 4
  • 3. 5 Mary Lou Wakimura Principal Hamilton Brook Smith Reynolds Giovanna Fessenden Of Counsel Hamilton Brook Smith Reynolds Thomas Schubert Lead Counsel Software Licensing Siemens AG
  • 4. Background of Open Source Licensing and IP Law Open Source Software (OSS)  Copyrighted but access to source code with rights to modify  Licensee may copy and make derivative works  If distribute derivative works, then perpetuate original OSS terms 6
  • 5. Key Goals of Commercial Software Vendors Who Use OSS  Maintain ability to deliver  Protect IP from devaluation  Mitigate security vulnerabilities  Control contributions to OSS community  Avoid exposure to Copyright Trolls 7
  • 6. Main Challenges:  Most of today’s commercial software contains Open Source  A typical complex application contains 30-80 OSS components  Each OSS component contains one or several licenses • Example: Linux Kernel has about 95 different licenses and license combinations  Minor license violation may terminate your right to use • Example: You must ship a copy of the GPL license with your product Maintain Ability to Sell Products
  • 7. Strategies to consider: 1. Pass OSS usage policy and enforce it without imposing unnecessary bureaucracy on the organization 2. Build the right team (lawyers with software knowhow, engineers with licensing expertise) 3. Procure the right clearing platform 4. Install a high-performance process close to the engineering operation 5. Don’t forget to also tackle commercial standard software (COTS) 6. Be aware of potential OSS license incompatibilities (rarely a problem) 7. Ensuring compliance throughout the supply chain is difficult • Actively solicit OSS information from your suppliers • Treat absence of OSS information like a product defect • Secure your position by including contractual language around OSS matters Maintain Ability to Sell Products
  • 8. Main Challenges:  Uncontrolled use of OSS with viral licenses may devalue your software assets • Example: The use of code under viral licenses (e.g. GPL) may require you to provide any derivative works (this could be your product) free of charge to the OSS community (worst case)  Asset devaluation may require asset write-downs Strategies to consider:  Make software clearing an integral part of the software development process  Continuously monitor your software code for Copyleft code  When buying a software company, spend some money on an OSS assessment Protect IP From Devaluation
  • 9. Mitigate Security Vulnerabilities Main Challenges:  You can only manage vulnerabilities that you know  To know what’s in your code, you must monitor usage of OSS Strategies to consider:  Obtain Common Criteria (CC) certification /evaluation  Analyze the application environment for possible threats  Enable users and the software to self-report detected issues  Use special scanners to identify security issues in real time  Require developers to use OSS only from trusted sites 11
  • 10. Control Contributions to the Open Source Community Main Challenges:  Most companies take OSS without giving (enough) back Strategies to consider:  Define your level of interaction with the OSS community  Can you afford not contributing to the OSS community?  Consider contributing to projects of strategic importance  Avoid unnecessary OSS forks in your company 12
  • 11. Open Source software: A promising arena for IP litigators?  Next wave of industrial progress is software-driven  Software patents can be difficult to obtain  Legislators have started to discourage Patent Trolls Avoid Exposure to Copyright Trolls © Hugh D’Andrade, CC BY 2.0
  • 12. Two main types of Open Source enforcers:  “Good Guys”: E.g. Free Software Foundation • Community-oriented enforcement • Goal: Compliance through education and assistance • “Legal action is a last resort”  The “bad guys”: Trolls • A few individuals • Goal: Making money Strategy to consider:  Do not “blindly” accept a troll’s claim  Try settling on favorable terms Avoid Exposure to Copyright Trolls
  • 13. Basics:  If you have no OSS policy, create one  If your developers are unaware of OSS pitfalls, train them Next steps:  Assess your demand for software clearing  Develop an appropriate clearing process  Consider a make/buy decision: • Outsource the whole clearing process to a supplier, or • Build up a clearing team (considering offshore options)  Start before commercially licensing out your IP OSS Strategies for Smaller Entities
  • 15. 17 Thank you! Mary Lou Wakimura Hamilton Brook Smith Reynolds MaryLou.Wakimura@hbsr.com 978.341.0036 x 3214 Giovanna Fessenden Hamilton Brook Smith Reynolds Giovanna.Fessenden@hbsr.com 978.341.0036 x 3466 Thomas Schubert Siemens AG Thomas.Schubert@siemens.com