Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Safeguarding Against the Risks of  Improper Open Source Licensing Valuable Lessons for Software and Hardware Vendors   Apr...
Introductions Greg Olson, Senior Partner Manager, IP Management Practice Bart Copeland President & CEO
Agenda <ul><li>The legal, operational and market risks associated with open source </li></ul><ul><li>Common pitfalls with ...
Why Use Open Source Software? <ul><li>Best-in-class software in some areas is OSS </li></ul><ul><li>Your product must inte...
A Software Development Revolution 90% Custom Development Commercial Software Package Commercial Software Package Negotiate...
Poll: What are the biggest challenges you face around integrating open source packages?   0% 10% 20% 30% 40% 50% 60% 70% 8...
Open Source Licenses <ul><li>Open source vs. Free software </li></ul><ul><li>Open source licensing principles </li></ul><u...
Legal Risk <ul><li>Copyright  infringement actions </li></ul><ul><ul><li>Injunction against distribution </li></ul></ul><u...
Legal Risk Is Not Theoretical <ul><li>In the last year alone </li></ul><ul><ul><li>Software Freedom Law Center has sued Be...
The Indemnification Gap <ul><li>Most commercial vendors are expected to provide intellectual property indemnification to t...
Poll: What percentage of open source projects in your organization are currently indemnified? 62% 24% 4% 2% 8% Don't know ...
New Operational Issues <ul><li>Incorporating open source adds complexity to software projects </li></ul><ul><ul><li>Multip...
Open Source Management <ul><li>Goal:   Manage the complexity and risk inherent in the use of open source software without ...
Key Elements of OSS Management <ul><li>Acquisition management </li></ul><ul><li>Use management </li></ul><ul><li>Support m...
Acquisition Management <ul><li>This ‘gate’ is your first line of defense </li></ul><ul><li>Sourcing from external trusted ...
Use Management <ul><li>Appropriate use </li></ul><ul><ul><li>How used </li></ul></ul><ul><ul><li>How combined with other s...
Support Management <ul><li>Define a support plan </li></ul><ul><ul><li>Internal support </li></ul></ul><ul><ul><ul><li>If ...
Tracking and Auditing <ul><li>OSS Repository </li></ul><ul><ul><li>Where externally-sourced OSS is archived </li></ul></ul...
Distribution Management <ul><li>Compliance Process </li></ul><ul><ul><li>Insures that license requirements of incorporated...
Managing OSS to Advantage <ul><li>Results </li></ul><ul><ul><li>Higher quality sourcing reduces costly problems down the r...
Commercial open source options for dynamic languages
#1 in Open Source Adoption: Dynamic Languages 57% of enterprises using  dynamic languages
Poll:  Which dynamic languages are you using in your enterprise development?
Drivers for Dynamic Languages Faster time to market Increase  staff productivity Uptime of customer applications Developme...
Challenges with Dynamic Languages <ul><li>Time-consuming to compile, test, maintain </li></ul><ul><li>Standardization & co...
Solutions for Dynamic Languages to Mitigate Risks <ul><li>Use commercial- or enterprise-grade dynamic language distributio...
Cost Savings <ul><li>Pricing in the table is averaged and is for example purposes </li></ul><ul><li>Refer to the True Cost...
ActiveState Solutions Confidential
Customers & Partners Software & Hardware Aerospace & Defense
About ActiveState <ul><li>Founded 1997 </li></ul><ul><li>2 million developers </li></ul><ul><li>97% of Fortune 1000 </li><...
Thank You! <ul><li>Contact Us: </li></ul><ul><li>Greg Olson </li></ul><ul><li>[email_address] </li></ul><ul><li>1- 650-493...
Upcoming SlideShare
Loading in …5
×

Safeguarding Against the Risks of Improper Open Source Licensing - Valuable Lessons for Software and Hardware Vendors

2,452 views

Published on

Greg Olson, Senior Partner at open source consulting firm Olliance Group and Bart Copeland, President and CEO of ActiveState, the dynamic languages company present an informative webinar to:

* Investigate legal, operational and market risks associated with open source
* Address common pitfalls with open source licensing
* Identify proven tips for creating an open source governance program
* Explore commercial open source options to mitigate open source legal and operational risks
* Share effective steps to protect your organization against costly infringements

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Safeguarding Against the Risks of Improper Open Source Licensing - Valuable Lessons for Software and Hardware Vendors

  1. 1. Safeguarding Against the Risks of Improper Open Source Licensing Valuable Lessons for Software and Hardware Vendors April 28, 2010
  2. 2. Introductions Greg Olson, Senior Partner Manager, IP Management Practice Bart Copeland President & CEO
  3. 3. Agenda <ul><li>The legal, operational and market risks associated with open source </li></ul><ul><li>Common pitfalls with open source licensing </li></ul><ul><li>Proven tips for creating an open source governance program </li></ul><ul><li>Effective steps to protect your organization against costly infringements </li></ul><ul><li>Commercial open source options to mitigate open source legal and operational risks </li></ul>
  4. 4. Why Use Open Source Software? <ul><li>Best-in-class software in some areas is OSS </li></ul><ul><li>Your product must interoperate with other OSS, e.g. Linux </li></ul><ul><li>Buyers favor or even require OSS </li></ul><ul><li>OSS came with a corporate acquisition </li></ul><ul><li>It is a lower cost alternative to traditional commercial packages </li></ul><ul><li>You will need to customize externally sourced software </li></ul><ul><li>Faster time to market by avoiding development and testing of new code </li></ul><ul><li>Lower development costs by using free, already de-bugged code </li></ul><ul><li>Lower code maintenance costs by taking advantage of community maintenance </li></ul><ul><li>Your code-base already contains significant OSS </li></ul>Adoption of open-source software (OSS) is becoming pervasive, with 85 percent of companies surveyed currently using OSS in their enterprises and the remaining 15 percent expecting to in the next 12 months… Gartner Group release, November 2008
  5. 5. A Software Development Revolution 90% Custom Development Commercial Software Package Commercial Software Package Negotiated Procurement 90% Integration OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS Download
  6. 6. Poll: What are the biggest challenges you face around integrating open source packages? 0% 10% 20% 30% 40% 50% 60% 70% 80% 1 Challenge % of Respondents Ensure license compliance for elements at distribution time Maintaining code and version consistency across the company Managing support for many open source elements Higher volume of code acquisition decisions Managing participation in public communities
  7. 7. Open Source Licenses <ul><li>Open source vs. Free software </li></ul><ul><li>Open source licensing principles </li></ul><ul><ul><li>Non-exclusive license </li></ul></ul><ul><ul><li>Source code included </li></ul></ul><ul><ul><li>Source code is free (except for cost) </li></ul></ul><ul><ul><li>Rights to modify and to redistribute </li></ul></ul><ul><ul><li>For full OSI definition see http://opensource.org/docs/osd </li></ul></ul><ul><li>OSI lists 65 licenses which it has approved as being “Open Source” </li></ul><ul><li>The leading code scanning companies have identified well over 500 additional licenses for downloadable source code </li></ul><ul><li>Some of these licenses are incompatible, such that code under them may not legally be combined </li></ul>
  8. 8. Legal Risk <ul><li>Copyright infringement actions </li></ul><ul><ul><li>Injunction against distribution </li></ul></ul><ul><ul><li>Order to comply by publishing your proprietary code as open source </li></ul></ul><ul><li>Negative publicity </li></ul><ul><ul><li>One of the strongest weapons available to the Open Source community is the Internet </li></ul></ul><ul><li>Possible monetary consequences </li></ul><ul><ul><li>Costly delays in product launch or a product recall </li></ul></ul><ul><ul><li>Expensive redundant development efforts </li></ul></ul><ul><ul><li>Restricted commercialization and lost profit opportunities </li></ul></ul><ul><li>Potential enforcement rights for every contributor </li></ul><ul><li>GPLv2 (most common OSS license) automatically terminated </li></ul>Potential Consequences for Violation of an Open Source License
  9. 9. Legal Risk Is Not Theoretical <ul><li>In the last year alone </li></ul><ul><ul><li>Software Freedom Law Center has sued Best Buy, Samsung, JVC and eleven other consumer electronics companies for copyright infringement (GPL license) </li></ul></ul><ul><ul><li>GPLviolations.org has pursued dozens of complaints against violators of the GPL license </li></ul></ul><ul><ul><li>Jury ruled for Jacobson on its infringement suit against Katzer (Artistic License) </li></ul></ul><ul><ul><li>In France the Paris Court of Appeals decided last week that the company Edu4 violated the terms of the GPL license </li></ul></ul>
  10. 10. The Indemnification Gap <ul><li>Most commercial vendors are expected to provide intellectual property indemnification to their customers </li></ul><ul><li>Open source software is free, but comes with no warranty and no indemnification </li></ul><ul><li>How much of an indemnification gap can your company afford to take on? </li></ul>
  11. 11. Poll: What percentage of open source projects in your organization are currently indemnified? 62% 24% 4% 2% 8% Don't know 0-25% 26-50% 51-75% 76-100%
  12. 12. New Operational Issues <ul><li>Incorporating open source adds complexity to software projects </li></ul><ul><ul><li>Multiple sources </li></ul></ul><ul><ul><li>Many different licenses </li></ul></ul><ul><ul><li>Compatibility requirements between elements </li></ul></ul><ul><ul><li>Varying levels of quality and maturity </li></ul></ul><ul><ul><li>Self-service updating and maintenance </li></ul></ul><ul><ul><li>Project directions not necessarily tied your needs </li></ul></ul><ul><li>That complexity can eat you alive if you do not manage it well </li></ul><ul><ul><li>Mistakes can seriously delay release schedules </li></ul></ul><ul><ul><li>Keeping up with bug fixes </li></ul></ul><ul><ul><li>Security issues </li></ul></ul><ul><ul><li>Chronic integration headaches </li></ul></ul><ul><ul><li>Difficulties in resolving customer support issues </li></ul></ul><ul><ul><li>Cost of maintaining and supporting many different customer stacks </li></ul></ul>
  13. 13. Open Source Management <ul><li>Goal: Manage the complexity and risk inherent in the use of open source software without reducing its productivity advantages </li></ul><ul><li>What it takes to achieve this goal </li></ul><ul><ul><li>Strategy and a clear understanding of objectives at the business level </li></ul></ul><ul><ul><li>Policy </li></ul></ul><ul><ul><li>Process </li></ul></ul><ul><ul><li>Ongoing audit and tuning </li></ul></ul><ul><li>Open Source Management works best when it is a natural part of the software development process </li></ul>&quot;Companies must have a policy for procuring OSS, deciding which applications will be supported by OSS, and identifying the intellectual property risk or supportability risk associated with using OSS. Once a policy is in place, then there must be a governance process to enforce it.&quot; Laurie Wurster, research director at Gartner Group
  14. 14. Key Elements of OSS Management <ul><li>Acquisition management </li></ul><ul><li>Use management </li></ul><ul><li>Support management </li></ul><ul><li>Tracking and auditing </li></ul><ul><li>Distribution management </li></ul>
  15. 15. Acquisition Management <ul><li>This ‘gate’ is your first line of defense </li></ul><ul><li>Sourcing from external trusted sources increases your knowledge of the software and its predictability </li></ul><ul><li>Acquisition is the critical first control point at which risks can be mitigated </li></ul><ul><ul><li>Quality of code </li></ul></ul><ul><ul><li>Availability and reliability of adequate support </li></ul></ul><ul><ul><li>Availability of indemnification </li></ul></ul><ul><ul><li>License is compatible with intended use </li></ul></ul>
  16. 16. Use Management <ul><li>Appropriate use </li></ul><ul><ul><li>How used </li></ul></ul><ul><ul><li>How combined with other software (particularly yours) </li></ul></ul><ul><ul><li>How packaged for distribution </li></ul></ul><ul><li>Modification </li></ul><ul><ul><li>When allowed </li></ul></ul><ul><ul><li>How managed </li></ul></ul><ul><li>Identify each component’s internal owner </li></ul><ul><li>Identify owner’s roles and responsibilities </li></ul>
  17. 17. Support Management <ul><li>Define a support plan </li></ul><ul><ul><li>Internal support </li></ul></ul><ul><ul><ul><li>If community support is weak or non-existant </li></ul></ul></ul><ul><ul><ul><li>An option only if sufficient expertise available in house </li></ul></ul></ul><ul><ul><li>Community support </li></ul></ul><ul><ul><ul><li>If community support is strong </li></ul></ul></ul><ul><ul><ul><li>“ Self-service” support by owner or team is acceptable </li></ul></ul></ul><ul><ul><ul><li>No SLA </li></ul></ul></ul><ul><ul><li>Purchase SLA support from commercial OSS vendor </li></ul></ul><ul><ul><ul><li>Assured technical expertise </li></ul></ul></ul><ul><ul><ul><li>Guaranteed response in guaranteed time frame </li></ul></ul></ul>
  18. 18. Tracking and Auditing <ul><li>OSS Repository </li></ul><ul><ul><li>Where externally-sourced OSS is archived </li></ul></ul><ul><ul><li>Master copy for all internal use </li></ul></ul><ul><li>Ownership and where-used tracking </li></ul><ul><li>Decision and approval tracking </li></ul><ul><ul><li>Provides audit trail when problems surface </li></ul></ul><ul><ul><li>A basis for tuning policy and process over time </li></ul></ul><ul><li>Code scan auditing </li></ul><ul><ul><li>OSS sourced (other than commercially warranteed) </li></ul></ul><ul><ul><ul><li>it is not all “clean” </li></ul></ul></ul><ul><ul><li>Internally developed code </li></ul></ul><ul><ul><ul><li>It may contain code from other places </li></ul></ul></ul><ul><ul><ul><li>Especially important for outsourced code </li></ul></ul></ul>
  19. 19. Distribution Management <ul><li>Compliance Process </li></ul><ul><ul><li>Insures that license requirements of incorporated software are met </li></ul></ul><ul><li>Customer licenses </li></ul><ul><ul><li>Downstream licensing of all incorporated software </li></ul></ul><ul><li>Customer documentation </li></ul><ul><ul><li>As required for compliance </li></ul></ul><ul><ul><li>As required for downstream use </li></ul></ul><ul><li>Commercially licensed OSS often simplifies </li></ul>
  20. 20. Managing OSS to Advantage <ul><li>Results </li></ul><ul><ul><li>Higher quality sourcing reduces costly problems down the road </li></ul></ul><ul><ul><li>Managed code base reduces duplication and incompatibilities </li></ul></ul><ul><ul><li>Well managed support heads off new problems and eliminates duplicated support activities </li></ul></ul><ul><ul><li>License compliance can be assured with minimal overhead </li></ul></ul><ul><ul><li>Customer support and IP reporting become possible </li></ul></ul>
  21. 21. Commercial open source options for dynamic languages
  22. 22. #1 in Open Source Adoption: Dynamic Languages 57% of enterprises using dynamic languages
  23. 23. Poll: Which dynamic languages are you using in your enterprise development?
  24. 24. Drivers for Dynamic Languages Faster time to market Increase staff productivity Uptime of customer applications Development Compliance with commercial support Legal risk mitigation Distribution rights Business
  25. 25. Challenges with Dynamic Languages <ul><li>Time-consuming to compile, test, maintain </li></ul><ul><li>Standardization & compatibility across all systems </li></ul><ul><li>Database connectivity </li></ul><ul><li>Perl module usage (thousands to choose from) </li></ul><ul><li>Reliance on open source community = risk to business systems </li></ul><ul><ul><li>Privacy </li></ul></ul><ul><ul><li>Wasted time & resources </li></ul></ul><ul><ul><li>Potential system downtime </li></ul></ul>Confidential
  26. 26. Solutions for Dynamic Languages to Mitigate Risks <ul><li>Use commercial- or enterprise-grade dynamic language distributions </li></ul><ul><li>Get a trusted expert in dynamic languages to provide best practices advice and how-to guidance </li></ul><ul><li>Opt in for turn-key dynamic languages licensing </li></ul><ul><li>Secure guaranteed redistribution rights </li></ul><ul><li>Enlist consulting services to help out with your unique deployments </li></ul>
  27. 27. Cost Savings <ul><li>Pricing in the table is averaged and is for example purposes </li></ul><ul><li>Refer to the True Cost of Open Source Software whitepaper by ActiveState for the full case study </li></ul>$ 147,950 $ 14,000 $ 25,000 $ 1,895 $ 90,000 (development accelerated with ActiveState support) $ 0 Enterprise Dynamic Language Solution 18% Plus licensing costs could explode by 200%+ with an IP lawsuit $ 17,000 + the cost of potential IP lawsuit fees Legal (Distribution Rights and Indemnification) $ 86,950 $ 234,900 Total 59 % $ 60,000 Maintenance and Support 50 % $ 3,790 Training Costs Open Source Dynamic Language Savings with ActiveState Acquisition Cost $0 None Development $ 120,000 25%
  28. 28. ActiveState Solutions Confidential
  29. 29. Customers & Partners Software & Hardware Aerospace & Defense
  30. 30. About ActiveState <ul><li>Founded 1997 </li></ul><ul><li>2 million developers </li></ul><ul><li>97% of Fortune 1000 </li></ul><ul><li>Core Languages: Perl, Python,Tcl </li></ul><ul><li>Secondary Languages: PHP, Ruby, Javascript </li></ul>
  31. 31. Thank You! <ul><li>Contact Us: </li></ul><ul><li>Greg Olson </li></ul><ul><li>[email_address] </li></ul><ul><li>1- 650-493-3800 x207 </li></ul><ul><li>www.olliancegroup.com </li></ul><ul><li>Bart Copeland </li></ul><ul><li>[email_address] </li></ul><ul><li>[email_address] </li></ul><ul><li>Twitter: @activestate </li></ul><ul><li>1-866-510-2914 </li></ul><ul><li>www.activestate.com </li></ul>

×