Creating or improving an in-house FOSS compliance program can help reduce risks and losses for a company. Key aspects of an effective compliance program include providing internal training on common FOSS licenses, ensuring the proper use of FOSS components, and establishing mechanisms to obtain source code from partners. Past legal cases demonstrate that one violation can implicate all companies in a supply chain.

1. Creating or Improving an in-House
Free and Open Source Software (FOSS)
Compliance Program
創建或改善組織內部的
自由開源軟體
授權妥適管理計畫

2. 2014/07/20
2
Helen Tieh ( 鐵維寧 )
Director of Legal at NVIDIA Corporation
HP, Symantec, Oracle
http://www.linkedin.com/pub/helen-tieh/58/463/348
Florence T.M. Ko ( 葛冬梅 )
Legal Specialist at OSSF
Editor of "Legal Article" column
http://tw.linkedin.com/in/florencetmko

3. 2014/07/20
3
Copyright Notice
● Except where otherwise noted, content on this slide is licensed under a
CC BY-NC 3.0 Unported License.
● You are welcome to modify, reproduce and distribute any part of this file
except for commercial purposes. Name of the original author, the title and
date of this presentation must accompany the reproduction and/or distribution.
著作權聲明
● 除另有聲明外，本簡報內容採用
創用CC「姓名標示-非商業性」3.0 未本地化版本授權。
● 歡迎非商業目的的重製、散布或修改本簡報的內容，但請標明： (1) 原作者姓

4. 2014/07/20
4
search keyword ”openlegal + openfoundry”
搜尋關鍵字 ” openlegal + openfoundry”

5. 2014/07/20
5
Ctrl+F: 20140720compliance

6. 2014/07/20
6
compliance program
授權妥適管理計畫

7. 2014/07/20
7
IPR management of
commercial implementation
商業應用上的智財權管理

8. 2014/07/20
8
violation of FOSS licenses
ignorance, negligence, intention
違反自由開源授權條款
不知情、過失、故意

9. 2014/07/20
9
might be costly + bad reputation
代價可能十分昂貴 + 影響聲譽

10. 2014/07/20
10
2004, Germany, Welte vs. Sitecom
2005, Germany, Welte vs. Fortinet
2006, Germany, Welte vs. D-Link
2006, Jacobson vs. Katzer
2007, UAS, BusyBox vs. Monsoon
2007, UAS, BusyBox vs. Xterasys
2007, UAS, BusyBox vs. High-Gain Antennas
2007, UAS, BusyBox vs. Verizon
2008, Germany, Welte vs. Skype
2008, UAS, BusyBox vs. Bell Microproduct
2008, UAS, BusyBox vs. Super Micro Computer
2008, UAS, BusyBox vs. Extreme Networks
2008, USA, FSF vs. Cisco
2009, UAS, BusyBox vs. 14 companies
2011, Germany, AVM vs. Cybits
2011, Germany, adhoc dataservice vs. Buhl Data Service
2013, Germany, Welte vs. Fantec
2014, USA, Versata Software vs. Ameriprise Financial

11. 2014/07/20
11

12. 2014/07/20
12
one violation may involve
all companies in supply chain
一件侵權糾紛可能牽涉到
上下游供應鏈中的所有公司

13. 2014/07/19
13
B
ODM/OEM
A
Vendor
C
Brand Company
D
Consumer/
Copyright Holder
追究侵權責任
台灣代工
要求賠償
要求賠償

14. 2014/07/20
14
damages
+
donation to non-profit FOSS organization
損害賠償
+
對非營利自由開源軟體組織的捐款

15. 2014/07/20
15
radical cure → in-house mechanism
根本解決之道 → 內部機制

16. 2014/07/20
16
compliance program
reduce risks + reduce loss
授權妥適管理計畫
減少風險 + 減少損失

17. 2014/07/20
17
arrange internal training course,
understand the common licenses,
use the suitable FOSS components,
persuade partner to provide source code...
安排內部教育訓練課程、
了解常見授權條款、
採用適合的自由開源軟體元件、

18. 2014/07/20
18
2011 2010 2009 2008 2007 SUM
Compliance Process 46 25 26 16 5 118
Derivative Definition 29 18 18 9 0 74
Business Model 16 12 20 1 1 50
Separate Technique 12 10 12 5 0 39
Copyright Notice 16 9 9 3 0 37
License Compatibility 5 7 6 4 0 22
Font Issue 1 13 3 1 2 20
Patent Issue 9 5 2 3 0 19
Android Implementation 10 1 4 0 0 15
Infringement Issue 5 4 5 0 1 15
Dual-license 2 1 10 0 0 13
Trademark Issue 1 3 7 1 0 12
Cloud Service 2 4 3 0 0 9
MySQL Question 2 0 6 0 0 8
Governance Mechanism 5 0 2 0 0 7
Analysis Tool 2 2 1 0 0 5
Decoder Issue 2 0 1 0 0 3
Reinstate Issue 1 0 0 0 0 1
Statistics of events leading to specific issues*
諮詢事件與特定議題關聯統計表
* © CC BY-NC-ND 3.0 unported. Resource of this table is the internal statistics based on the legal consultation events from legal
team of Open Source Software Foundary (OSSF), Taiwan, 2007~2011. The complete statistic presentation slides are avaiable
at:http://www.openfoundry.org/of/download_path/openlegal/Changes_of_Taiwan_Companies_FOSS_Implementation-The_2007-
2011_Legal_Consultation_Practice_Aspect/20120412.odp.