Open Source in the Enterprise: Compliance and Risk Management


Published on

new compliance obligations and risk management issues arising from the adoption of open source software in the Enterprise

Published in: Technology
1 Comment
  • Last 5 days ago i have tried Pro Robot & got good results. I saw some new updated features... I like its support and user friendly interface. its pretty good!! Watch This video to know details about fully automated Pro Robot software system >>>>
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Open Source in the Enterprise: Compliance and Risk Management

  1. 1. <ul><li>Open Source in the Enterprise </li></ul><ul><li>Compliance and Risk Management </li></ul>Sebastiano Cobianco CEO and CTO Ex Machina SAGL 6900 Lugano
  2. 2. Copyright protection for Proprietary Software <ul><li>1889 – the Berne Convention defined copyright and other moral rights for authors of publicly distributed materials: copy, distribute, and prepare derivative works </li></ul><ul><li>1976 – US Copyright Law went through a major revision, which included: </li></ul><ul><ul><li>Software and hardware are separate products </li></ul></ul><ul><ul><li>Software is copyrightable </li></ul></ul><ul><li> IT companies began to recruit developers from research institutes to develop software, and asked these individuals to sign confidentiality agreements upon recruitment </li></ul><ul><li>FOSS as a reaction to IT industry transition and legal definition of software copyright. Access to source code is a prerequisite to exercise rights bundled in copyright. </li></ul>
  3. 3. Defining Open Source <ul><li>What exactly is Free and Open Source Software? </li></ul><ul><li>Free software is about granting users the freedom to run, copy, distribute, study, change and improve the software. Free software is any software that provided the following freedoms. The freedom to: </li></ul><ul><ul><li>Run the program, for any purpose (freedom 0) </li></ul></ul><ul><ul><li>Study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this </li></ul></ul><ul><ul><li>Redistribute copies so you can help your neighbour (freedom 2) </li></ul></ul><ul><ul><li>Improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this </li></ul></ul><ul><li>The FOSS makes sure that free software and their derivative works stay free through adequate licence obligations. </li></ul>
  4. 4. An epochal change in IT <ul><li>Open Source technology is an idea whose time has finally come. For twenty years it has been building momentum in the technical cultures that built the Internet and the World Wide Web. Now it's breaking out into the commercial world, growing from opportunistic cost-saving tactics to a strategic part of modern IT. </li></ul><ul><ul><li>Open Source has permanently disrupted the software industry </li></ul></ul><ul><ul><li>Open source development has gone mainstream. 70% of open source developers are corporate developers (Red Hat, Novell, IBM, HP, Sun….) </li></ul></ul><ul><ul><li>170,000+ open source projects covering every major software category and rapidly growing in number and features </li></ul></ul>
  5. 5. Open Source Adoption <ul><li>170,000+ of open source projects </li></ul><ul><li>3,800+ websites </li></ul><ul><li>10+ GB of new code each day </li></ul>“ 85% of companies are already using open-source software, with most of the remaining 15% expecting to do so within the next year .” – Gartner Research, Nov. 2008
  6. 6. Open Source: a business enabler! Accelerate Time to Market Use open source software to avoid reinventing the wheel Increase Innovation & Product Capability Readily available to fill out feature list Focus internal resources on valuable new features that provide strong value to customers or differentiation against competitors Control Development Costs Reuse to lower development and licensing costs Improve development and group productivity Used by permission of Black Duck Software, Inc.
  7. 7. Evolution in software development Reuse Component-Based Development 1980’s 1990’s 2000’s Focus Scope Development Ecosystem Used by permission of Black Duck Software, Inc. Code Design Individual Software Developer Application Life Cycle Management Single Enterprise Project Team Collaboration
  8. 8. The hybrid development ecosystem Used by permission of Black Duck Software, Inc.
  9. 9. Hybrid Development Challenges <ul><li>Multitude of licenses </li></ul><ul><li>License conflicts </li></ul><ul><li>Security vulnerabilities </li></ul><ul><li>Cross functional approval process </li></ul>Who owns your code? <ul><li>Open Source Developers </li></ul><ul><li>Avoid proprietary code in open source applications </li></ul><ul><li>Code must remain freely available </li></ul><ul><li>Corporate Developers </li></ul><ul><li>Development productivity </li></ul><ul><li>Software is a competitive advantage and a valued asset </li></ul><ul><li>Avoid unlicensed 3rd party code </li></ul>Used by permission of Black Duck Software, Inc.
  10. 10. Hybrid Development Risks Used by permission of Black Duck Software, Inc. Loss of Intellectual Property Export Regulations Injunctions Security Vulnerabilities Software Defects License Rights and Restrictions Contractual Obligations Escalating Support Costs
  11. 11. Open Source Licences: a closer look <ul><li>Permissive Licences </li></ul><ul><li>you can ship the OS component under a Proprietary Licence </li></ul><ul><ul><li>Apache </li></ul></ul><ul><ul><li>BSD </li></ul></ul><ul><ul><li>MIT </li></ul></ul><ul><li>Reciprocal Licences </li></ul><ul><li>you can ship the OS component, but you may be required to distribute your source code </li></ul><ul><ul><li>GPL (70% of all OSS) </li></ul></ul><ul><ul><li>LGPL </li></ul></ul>GPL LGPL/ Mozilla BSD/ MIT/X11
  12. 12. Examples of Licences: GPL <ul><li>The GNU General Public License (GPL) </li></ul><ul><li>Version 2, June 1991 </li></ul><ul><li>Copyright (C) 1989, 1991 Free Software Foundation, Inc. </li></ul><ul><li>59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies </li></ul><ul><li>… .. </li></ul><ul><li>The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The &quot;Program&quot;, below, refers to any such program or work, and a &quot;work based on the Program&quot; means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.) Each licensee is addressed as &quot;you&quot;. ….. </li></ul><ul><li>This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. </li></ul>
  13. 13. Examples of Licences: other examples <ul><li>Animal Rights License </li></ul><ul><li>This software is under animal rights license, for every commercial usage you have to donate $25 for dogs and cats in need. Mail me for a proof of donation, otherwise if I find out , that you use this software/source code/source code fragments commercially I sue you when I find out, think about these nice little puppies/kitties who do not have a home :-) </li></ul>Corona License License Agreement Released under the 'Corona License' You are free to use this SW for any purpose you see fit under 2 conditions: 1) Keep my name on it 2) If you find it useful, send me a sixpack of Coronoa or the $$ equiv via paypal (
  14. 14. Legal actions against infringement <ul><li>Robert Jacobsen , a model train hobbyist, holds a copyright to software code that he makes available to the public free of charge under an open source license, the Artistic License. </li></ul>Matthew Katzer and Kamind Associates, develop commercial software products for the model train industry and hobbyists. Jacobsen brought an action for copyright infringement against Katzer, accusing them of copying certain portions of his software code and incorporating it into their own commercially available software products without abiding by the terms of the Artistic License. On Aug. 13, 2008 the NY Court of Appeal ruled that violations of open source licenses can constitute copyright infringement, because the language in the licenses imposes &quot;conditions&quot; of use, such as the notice and other requirements. Violation of a condition of a license constitutes copyright infringement!
  15. 15. Licence violation: Cisco’s Software SCM FSF accused Cisco of a license violation Major loss of Cisco’s Intellectual Property rights and competitive advantage. Loss of revenue est. $50M Developers modified firmware turning a low-end $60 device into a high-function $399 router How did this story end up? Used by permission of Black Duck Software, Inc. After much bad press, source code was made available by adopted this technology into its WRT54G wireless broadband router bought for $500M in 2003 used GPL code to customize Broadcom’s standard Linux distribution embedded the code in one of its chipsets
  16. 16. Licence violation: more examples … and more to be found at
  17. 17. The name of the game is Governance <ul><li>Tight deadlines </li></ul><ul><li>Cost reductions </li></ul><ul><li>Distributed teams, off-shore teams </li></ul><ul><li>High turnover, Sub-contractors </li></ul>Knowledge of Code is paramount to prevent Compliance and Security issues! <ul><li>Assess current Code Base </li></ul><ul><li>Set up Policy and Governance </li></ul><ul><li>Enforce Governance with tools </li></ul><ul><li>170,000+ OSS projects </li></ul><ul><li>3,800+ download websites </li></ul><ul><li>400+ million files </li></ul><ul><li>1,400+ unique OSS licenses </li></ul><ul><li>28,000+ security vulnerabilities </li></ul><ul><li>Tens of billions of lines of code </li></ul>
  18. 18. Who should care about Compliance? <ul><li>Poor management of OSS Compliance may result in </li></ul><ul><li>Bad press </li></ul><ul><li>Loss of valuable Intellectual Property rights/competitive advantage (open source your code) </li></ul><ul><li>Loss of control over a code base (security vulnerabilities) </li></ul><ul><li>Legal complications (stop ship, product recall, remediation work, monetary compensation, etc.) </li></ul>Software Vendors Technology transfer Companies Embedded software products Financial Services Public Administration Government (Serial) Acquirers Venture Capitals Private Equities Proper management of full software lifecycle ensures compliance and full exploitation of benefits brought by OSS to Companies of any type
  19. 19. <ul><li>Sebastiano Cobianco </li></ul><ul><li>[email_address] </li></ul><ul><li>Ex Machina SAGL </li></ul><ul><li>6900 Lugano </li></ul>Thank you in <code> we trust