The Role of Legal Counsels in Focusing Compliance on Scaling and Execution

392 views

Published on

Dr. Ibrahim Haddad, Head of the Samsung OSG, speaks on the role of legal counsels and their staffs in scaling open source compliance efforts within large organizations.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
392
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Role of Legal Counsels in Focusing Compliance on Scaling and Execution

  1. 1. The Role of Legal Counsels in Focusing Open Source Compliance on Scaling and Execution Ibrahim Haddad, Ph.D. Head of Open Source Group Samsung Research America (Silicon Valley) Ibrahim.H@Samsung.com @IbrahimAtLinux Open Source Group – Silicon Valley 1 © 2013 SAMSUNG Electronics Co.
  2. 2. Abstract Open Source initiatives and projects provide companies with a vehicle to accelerate innovation through collaboration with the global community of open source developers. However, accompanying the benefits of teaming with the open source commun ity are important responsibilities: Companies must ensure compliance with appl icable open source license obligations. In this talk, we look closely at the role of the Legal Counsel in ensuring open source compliance and discuss a number of practical advice that a Legal Counsel can provide to the software development team. Such practical advice will enable software developers to make daily decisions related to open source licenses without having to go back to the Legal Counsel for every single question. Open Source Group – Silicon Valley 2 © 2013 SAMSUNG Electronics Co.
  3. 3. Disclaimers IANAL + TINLA Open Source Group – Silicon Valley 3 © 2013 SAMSUNG Electronics Co.
  4. 4. Smart Companies Have an Open Source Strategy They also have proper soft infrastructure to support working with open source communities. Open Source Group – Silicon Valley 4 © 2013 SAMSUNG Electronics Co.
  5. 5. Example of a Usage / Compliance Process FOSS Verifications Distribution Notices Registration Approvals Reviews 3rd Party Software Audit Proprietary Software Identification Incoming Software Resolve Issues (Used to approve the inclusion of open source code in a commercial product) Outgoing Software Open Source BoM: Notices & Attributions Written Offer For a detailed discussion about the compliance process, please refer to the Linux Foundation compliance publications available from http://compliance.linuxfoundation.org. Open Source Group – Silicon Valley 5 © 2013 SAMSUNG Electronics Co.
  6. 6. People Involved in the Compliance Process Developers / Software Architects Open Source Compliance Staff Software Development Managers Legal Counsel Compliance Officer (aka Director or Manager of Open Source) Open Source Group – Silicon Valley 6 © 2013 SAMSUNG Electronics Co.
  7. 7. Role of Legal Counsel in the Compliance Process Core responsibilities include: 1. Advise on open source licensing 2. Provide approval around the use of open source in products 3. Contribute to establishing and running the compliance program 4. Provide training around open source licenses, policies and guidelines Open Source Group – Silicon Valley 7 © 2013 SAMSUNG Electronics Co.
  8. 8. How can the Legal Counsel scale support for open source in their org? Open Source Group – Silicon Valley 8 © 2013 SAMSUNG Electronics Co.
  9. 9. Practical Legal Advice at Your Fingertips License playbooks License compatibility information License classification information Approved software interaction methods Checklists Open Source Group – Silicon Valley 9 © 2013 SAMSUNG Electronics Co.
  10. 10. 1. License Playbooks An easy to read and understand summary of licenses intended for software developers. For each commonly used license provide a playbook that includes: - Name / Version / URL - Executive Summary - Grant - Limitations - Warranty - Obligations - Patent Notes - Etc. Open Source Group – Silicon Valley 10 © 2013 SAMSUNG Electronics Co.
  11. 11. This example is provided for illustration purposes only. This is not an endorsement. License Playbook – Example from tldrlegal.com Open Source Group – Silicon Valley 11 © 2013 SAMSUNG Electronics Co.
  12. 12. This example is provided for illustration purposes only. This is not an endorsement. License Playbook – Example from tldrlegal.com Open Source Group – Silicon Valley 12 © 2013 SAMSUNG Electronics Co.
  13. 13. 2. Compatibility Matrix License compatibility issues arises when developers combine code from different sources into a single work. License License A B Incoming Licenses = A + B + C Outgoing License(s) = ? License C License(s) ? Open Source Group – Silicon Valley 13 © 2013 SAMSUNG Electronics Co.
  14. 14. License Compatibility Matrix A license compatibility matrix is an easy visual method to identify if License-A is compatible with License-B. A license compatibility matrix is prepared by Legal Counsels for the 10-15 most commonly-used licenses. Open Source Group – Silicon Valley 14 © 2013 SAMSUNG Electronics Co.
  15. 15. License Compatibility Matrix – Simple View Is Compatible With: License-A License-A License-B License-C License-D License-B X X License-D X X License-E X X License-F Open Source Group – Silicon Valley License-G X License-C License-G License-F X X License-E X X X X 15 © 2013 SAMSUNG Electronics Co.
  16. 16. License Compatibility Matrix: Elaborate Example Open Source Group – Silicon Valley 16 © 2013 SAMSUNG Electronics Co.
  17. 17. License Compatibility Matrix: Look at the Sources GNU.org Apache.org CreativeCommons.org Etc. Open Source Group – Silicon Valley 17 © 2013 SAMSUNG Electronics Co.
  18. 18. 3. Classification An easy way to understand the approval process for different licenses and the course of action needed when using these licenses. Open Source Group – Silicon Valley 18 © 2013 SAMSUNG Electronics Co.
  19. 19. License Classification – Example 1 Example of classification system is to rank licenses from 0 to 5 where: - 5 4 3 2 1 Pre-approved High chance of approval Medium chance of approval Low chance of approval Not approved – against policy Open Source Group – Silicon Valley [Licenses: A, B, E, K] [Licenses: C, G,J] [etc.] [etc.] [Licenses: F, L] 19 © 2013 SAMSUNG Electronics Co.
  20. 20. License Classification – Example 2 Another example of classification system: Permissive License-A License-B License-C License-D Notes: Source code licensed under these licenses is pre-approved and can be combined with proprietary software. Pre-approved Open Source Group – Silicon Valley Modifications to be released License-E License-F License-G Patent Clause Not Allowed License-H License-I License-K License-L License-M Notes: Modifications made to source code licensed under these license must be released back Notes: Notes: Company policy prohibits use of source code under these licenses. Due to patent clause, you must discuss with legal counsel about your planned usage. Requires approval of e ngineering manager Requires Legal C ounsel approval 20 Not approved © 2013 SAMSUNG Electronics Co.
  21. 21. 4. Approved Software (License) Interactions The goal is to understand how a specific software component interacts with other software components and the method of interaction: - Components that are Open Source (used “as is” or modified) Components that are proprietary Components originating from third party software providers Component dependencies Communication protocols Linkage method Dynamic versus static linking Components that live in kernel space versus user space Use of shared header files Etc. Open Source Group – Silicon Valley 21 © 2013 SAMSUNG Electronics Co.
  22. 22. Software Interactions Open Source Group – Silicon Valley 22 © 2013 SAMSUNG Electronics Co.
  23. 23. Software Interactions Can Dynamically Li nk To License-A License-B License-C License-D X X X X License-A License-B X License-C X X License-D Can Statically nk To X X Li License-A License-A [Requires approval] License-B License-C X License-B [Requires approval] X License-D [Requires approval] Open Source Group – Silicon Valley License-D X X License-C X X X 23 © 2013 SAMSUNG Electronics Co.
  24. 24. 5. Checklists Establish a checklist for most milestones: - A checklist before approving/integrating incoming code into your - product’s source code repository A checklist to ensure you fulfilled the obligations A checklist for developers A checklist for engineer managers A checklist for compliance staff Etc. After regular use, checklists become a default behavior. Open Source Group – Silicon Valley 24 © 2013 SAMSUNG Electronics Co.
  25. 25. Checklists – Example Checklist for use before posting code on the web site (license obligation fulfillment): - All source code components have a corresponding compliance ticket All compliance tickets have been approved by engineering and legal All compliance tickets are clear from any sub-tasks attached to them Notices for all of the software components have been sent to Documentation team and included in product documentation (including written offer) - Legal has approved the written offer notice and overall compliance documentation - Source code packages have been prepared and tested to compile on a standard development machine - Source code provided is complete and corresponds to the binaries in the product Open Source Group – Silicon Valley 25 © 2013 SAMSUNG Electronics Co.
  26. 26. Benefits Open Source Group – Silicon Valley 26 © 2013 SAMSUNG Electronics Co.
  27. 27. Benefits to Providing Practical Legal Advice Easy access to commonly asked questions / use cases / scenarios Increase bandwidth of Legal Counsel supporting open source Fewer legal bottlenecks in enabling open source adoption and usage Documented open source legal practical guidelines, Do’s and Don'ts Minimize engineering frustration surrounding open source legal stuff Open Source Group – Silicon Valley 27 © 2013 SAMSUNG Electronics Co.
  28. 28. Benefits to Providing Practical Legal Advice Members of the Legal Staff supporting open source activities can act as key enablers to the adoption and use of open source software. Focusing on practical open source legal advice. Open Source Group – Silicon Valley 28 © 2013 SAMSUNG Electronics Co.
  29. 29. Thank you. Ibrahim Haddad, Ph.D. Head of Open Source Group Samsung Research America (Silicon Valley) Ibrahim.H@Samsung.com | @IbrahimAtLinux Open Source Group – Silicon Valley 29 © 2013 SAMSUNG Electronics Co.

×