SlideShare a Scribd company logo

Optimizing The Cost Of Open Source Software Management

Download as PPTX, PDF
Protecode
Protecode

Tips for streamlining the open source license management process and maximizing your return on investment.

Software
1 of 21
Protecode Inc. 2014 Optimizing The Cost Of OSS Management Leveraging OSS while managing your governance costs February 26th 2014 1
Protecode Inc. 2014 Agenda  The Challenge – The depth of OSS increases governance costs  OSS Management Effort & Cost – Discovering what’s in your code – Compliance to your policy – Security Vulnerabilities and other attributes – Complying to license obligations  Automating OSS Management – Minimizing risks – OSS Adoption process and the maturity model – Automating OSS Adoption  Wrap up and Q/A 2 Normand Glaude, COO nglaude@protecode.com
Protecode Inc. 2014 Open Source Software  Enables rapid software development – Easy access to code – Hundreds of thousands of projects – Enables new business models – The original crowd sourcing model (and most successful)  The good: – Faster, more functional – Improves interoperability, adoption of standards  The bad: – Uncertain ownership structure • Intellectual property - copyright, license • Maintenance and support – Perceived uncertain quality and security – Requires due diligence – and a managed adoption process 3 Why OSS?
Protecode Inc. 2014 How much Open Source do I use? 4 Proprietary Application Common Data Layer Abstraction Layers GUI Toolkit Plugins GUI Framework Artwork Widget Library ORM Scheduler Communications Installer Configurator Script Protocol & Marshalling Encryption Compression Modeler Database Server Cache DB Engine DB Management Application Server Framework
Protecode Inc. 2014 OSS Procurement Involves…  Taking inventory of 3rd party components  Clarification of IP ownership and licensing  Ensuring license models meet business expectations  Minimizing Security Risks  Eligibility to export (encryption)  Compliance to license obligations 5
Protecode Inc. 2014 An example  A Hypothetical Organization – Less than 200 people – 3 releases per year – 5 years of cumulative development  Other Assumptions: – A open source policy is already in place – No corrective actions are required  OSS Management Effort – Discovery of 3rd party components – Analysis – Compliance to obligations 6
Protecode Inc. 2014 Discovery: Creating the BOM  Objective: Identify all 3rd party content and identify licensing attributes  Tasks: – Inspect all source code and build ingredients to create Bill of Materials (BOM). – Key files: • Build files (makefile, POM files, etc.) • Text files containing license text • Text files that may make reference to licenses • Any other documentation – Determine the distribution method • Source? Binary? Deployment?  Effort: between 2-5 days, depending on the portfolio size 7 Creating the BOM _
Protecode Inc. 2014 License Analysis  Objective: Identify licensing implications  Tasks: – Interpret the license references and text to determine • A list of all obligations associated with each license • A list of license compatibility issues between licenses in the portfolio – Cross-reference BOM components, distribution, licenses to determine: • The licensing options for each open source component • Applicable obligations per 3rd party component • Compatibility issues that need to be rectified  Effort: 1-3 days 8 License Analysis _
Protecode Inc. 2014 Security Vulnerabilities  Objective: use BOM to uncover published vulnerabilities  Tasks: – Cross-reference 3rd party components (BOM) with NVD and other databases – Discover which ones apply to your product – Available through web sites searches and in downloadable XML formats.  Effort: 1-3 days 9 Security Vulnerabilities _
Protecode Inc. 2014 Export Restrictions (Encryption)  Objective: identify all encryption software content to file for export permits  Tasks: – Identify all proprietary and 3rd party components using or implementing encryption algorithms – Examples: password protection, security certificates, secure communications (https), encoding, etc. – Prepare a list to apply for export permits  Effort: 1-3 days 10 Export Restrictions _
Protecode Inc. 2014 Attribution and Documentation  Objective: Compliance with License Obligations – Most open source licenses have an attribution clause  Task: – Produce a list of Open Source components in the product (BOM) – Prepare a list of licenses (complete text) for each license present in the product – Package with distribution and with printed documentation  Effort: 0.5-2 days 11 Attribution and Documentation _
Protecode Inc. 2014 Summary of the cost Cost for 1 release. Consider that subsequent releases will partially leverage existing information. 12 Activity Manual Create BOM License Analysis Security Vulnerabilities Encryption Content Attribution and Documentation TOTAL
Protecode Inc. 2014 Other Potential Costs and Risks 13 Discovery Corrective Action OSS License Against Policy • Seek commercial arrangement • Change distribution model • Replace component and refactor code Incompatible Licenses • Seek commercial arrangement • Change distribution model • Replace component and refactor code Ambiguous Licensing Terms • Seek clarification from IP owner • Seek commercial arrangement • Replace component and refactor code Security Vulnerabilities • Upgrade to latest version, fix problem • Replace component and refactor code Encryption Content • Update export control application
Protecode Inc. 2014 When to do an OSS checkup? 14  A transaction trigger  M&A event  Tech transfer or commercialization  Collaboration (establishing background IP)  Product shipment  Preferably, regularly as part of a Quality Development Process  Release checklist – at a minimum  Integrated into the development cycle - optimal License Management is most effective when applied early in development life cycle Development | Build/QA | In The Market Real-Time Preventative Measures Periodic Analysis Build-Time & Pre- Launch Analysis Post-Launch Correction Cost of Compliance At Different Stages Of Development
Protecode Inc. 2014 OSS Adoption Process (OSSAP) Maturity Model Voluntary policy compliance with Legal Advice Manual search and code review In-house Tools Automated Scanning with Reference Database Integrated tool suite within Software Development Cycle 15
Protecode Inc. 2014 Activity Manual Automated Create BOM License Analysis Security Vulnerabilities Encryption Content Attribution and Documentation TOTAL Introducing Automation Lowers Costs Actual cost varies with local labor rate. 16
Protecode Inc. 2014 Automate your Workflow Write Code Commit Code Build Libraries Release Software Define Sprint 17 Use CA to Pre-approve Code Use DA to Monitor in Real-time Use CI tool to Trigger EA Scan, Consume CSV File Use CI tool to Trigger Artifact Scan Use ES to Produce Reports
Protecode Inc. 2014 Reporting Options  Summary report – High level view of the findings – Highlight key findings, areas requiring attention – Reference material on licenses found, best practices  Detailed reports – Detailed file-by-file – CSV Export – License obligations – License incompatibilities – Text of all licenses applicable to software packages – Security vulnerabilities – Export Control Classification Numbers (ECCN) 18 The first scan and review becomes a baseline. Subsequent scans are much quicker since they leverage existing data.
Protecode Inc. 2014 Q&A Please type your questions into the chat box to the right 19  OSS adoption has increased development pace – OSS is everywhere, and runs deep  OSS Management – Big task, especially when portfolios are large and done manually  Automated OSS Management Tools – Are effective in reducing the time spend on OSS management – More thorough, especially when used continuously – Provide an opportunity to minimize licensing ambiguity earlier in the development cycle. Recap
Protecode Inc. 2014 20 Protecode Corporate Summary  Overview – Software Attributes Management – Established in 2006 – World-wide partner network  Products & Services for software adoption – Products: • On-premises: Protecode System 4TM , Protecode CompactTM • Hosted: ProtecodeCloud, – Services: • Software Audit Services, • Code Portfolio Similarity Assessments Services  Value of Protecode Solutions – Reduce IP uncertainties, highlight security vulnerabilities and ensure compliance – Accelerate time to market and reduce development cost
Protecode Inc. 2014 21 info@protecode.com www.protecode.com

Recommended

nexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due DiligencenexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due Diligence
nexB Inc.
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
Protecode
 
Software audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBSoftware audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexB
nexB Inc.
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software Compliance
nexB Inc.
 
Guide to Open Source Compliance
Guide to Open Source ComplianceGuide to Open Source Compliance
Guide to Open Source Compliance
Samsung Open Source Group
 
Open source software governance with DejaCode
Open source software governance with DejaCodeOpen source software governance with DejaCode
Open source software governance with DejaCode
nexB Inc.
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
nexB Inc.
 
nexB Software Audit M&A: What to expect as a Seller
nexB Software Audit M&A: What to expect as a SellernexB Software Audit M&A: What to expect as a Seller
nexB Software Audit M&A: What to expect as a Seller
nexB Inc.
 

Recommended

nexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due DiligencenexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due Diligence
nexB Inc.
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
Protecode
 
Software audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBSoftware audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexB
nexB Inc.
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software Compliance
nexB Inc.
 
Guide to Open Source Compliance
Guide to Open Source ComplianceGuide to Open Source Compliance
Guide to Open Source Compliance
Samsung Open Source Group
 
Open source software governance with DejaCode
Open source software governance with DejaCodeOpen source software governance with DejaCode
Open source software governance with DejaCode
nexB Inc.
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
nexB Inc.
 
nexB Software Audit M&A: What to expect as a Seller
nexB Software Audit M&A: What to expect as a SellernexB Software Audit M&A: What to expect as a Seller
nexB Software Audit M&A: What to expect as a Seller
nexB Inc.
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software audits
Tiberius Forrester
 
Managing Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EraManaging Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub Era
nexB Inc.
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS Introduction
nexB Inc.
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Jason Haislmaier
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product release
nexB Inc.
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
David Morris
 
How to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodeHow to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCode
nexB Inc.
 
Open source governance with Dejacode
Open source governance with DejacodeOpen source governance with Dejacode
Open source governance with Dejacode
nexB Inc.
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Shane Coughlan
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
Aaron G. Sauers, CLP
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligations
nexB Inc.
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.pptGaurav Nigam
 
Open source tools for building social networks - Ismayil Khayredinov
Open source tools for building social networks - Ismayil KhayredinovOpen source tools for building social networks - Ismayil Khayredinov
Open source tools for building social networks - Ismayil Khayredinov
UNICORNS IN TECH
 
Open-source and no-cost tools for collaboration
Open-source and no-cost tools for collaborationOpen-source and no-cost tools for collaboration
Open-source and no-cost tools for collaboration
Four Kitchens
 
Enterprise It On A Shoestring Solstice Consulting 2009
Enterprise It On A Shoestring Solstice Consulting 2009Enterprise It On A Shoestring Solstice Consulting 2009
Enterprise It On A Shoestring Solstice Consulting 2009
guest0ecccf7
 
Free and Open Libraries
Free and Open LibrariesFree and Open Libraries
Free and Open Libraries
Nicole C. Engard
 
How to leverage social media technologies on a low budget
How to leverage social media technologies on a low budgetHow to leverage social media technologies on a low budget
How to leverage social media technologies on a low budgetNicole C. Engard
 
The Case for Open Source Enterprise Content Management
The Case for Open Source Enterprise Content ManagementThe Case for Open Source Enterprise Content Management
The Case for Open Source Enterprise Content Management
CITYTECH, Inc.
 
Union Budget 2015 - A Social Media Analysis
Union Budget 2015 - A Social Media AnalysisUnion Budget 2015 - A Social Media Analysis
Union Budget 2015 - A Social Media Analysis
Germin8
 
Adopt Open Source To Beat Tight Budgets
Adopt Open Source To Beat Tight BudgetsAdopt Open Source To Beat Tight Budgets
Adopt Open Source To Beat Tight BudgetsZoNIX Systems
 
Open Source
Open SourceOpen Source
Open SourceJohn Gs
 
OpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnOpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic Downturn
Rogue Wave Software
 

More Related Content

What's hot

Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software audits
Tiberius Forrester
 
Managing Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EraManaging Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub Era
nexB Inc.
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS Introduction
nexB Inc.
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Jason Haislmaier
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product release
nexB Inc.
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
David Morris
 
How to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodeHow to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCode
nexB Inc.
 
Open source governance with Dejacode
Open source governance with DejacodeOpen source governance with Dejacode
Open source governance with Dejacode
nexB Inc.
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Shane Coughlan
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
Aaron G. Sauers, CLP
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligations
nexB Inc.
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.pptGaurav Nigam
 

What's hot (12)

Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software audits
 
Managing Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EraManaging Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub Era
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS Introduction
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product release
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
 
How to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodeHow to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCode
 
Open source governance with Dejacode
Open source governance with DejacodeOpen source governance with Dejacode
Open source governance with Dejacode
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligations
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.ppt
 

Viewers also liked

Open source tools for building social networks - Ismayil Khayredinov
Open source tools for building social networks - Ismayil KhayredinovOpen source tools for building social networks - Ismayil Khayredinov
Open source tools for building social networks - Ismayil Khayredinov
UNICORNS IN TECH
 
Open-source and no-cost tools for collaboration
Open-source and no-cost tools for collaborationOpen-source and no-cost tools for collaboration
Open-source and no-cost tools for collaboration
Four Kitchens
 
Enterprise It On A Shoestring Solstice Consulting 2009
Enterprise It On A Shoestring Solstice Consulting 2009Enterprise It On A Shoestring Solstice Consulting 2009
Enterprise It On A Shoestring Solstice Consulting 2009
guest0ecccf7
 
Free and Open Libraries
Free and Open LibrariesFree and Open Libraries
Free and Open Libraries
Nicole C. Engard
 
How to leverage social media technologies on a low budget
How to leverage social media technologies on a low budgetHow to leverage social media technologies on a low budget
How to leverage social media technologies on a low budgetNicole C. Engard
 
The Case for Open Source Enterprise Content Management
The Case for Open Source Enterprise Content ManagementThe Case for Open Source Enterprise Content Management
The Case for Open Source Enterprise Content Management
CITYTECH, Inc.
 
Union Budget 2015 - A Social Media Analysis
Union Budget 2015 - A Social Media AnalysisUnion Budget 2015 - A Social Media Analysis
Union Budget 2015 - A Social Media Analysis
Germin8
 
Adopt Open Source To Beat Tight Budgets
Adopt Open Source To Beat Tight BudgetsAdopt Open Source To Beat Tight Budgets
Adopt Open Source To Beat Tight BudgetsZoNIX Systems
 
Open Source
Open SourceOpen Source
Open SourceJohn Gs
 
OpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnOpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic Downturn
Rogue Wave Software
 
Agile Software Estimation
Agile Software EstimationAgile Software Estimation
Agile Software Estimation
Sunil Jakkaraju
 
Software Cost Estimation in Software Engineering SE23
Software Cost Estimation in Software Engineering SE23Software Cost Estimation in Software Engineering SE23
Software Cost Estimation in Software Engineering SE23koolkampus
 
]project-open[ OSS Project Mangement
]project-open[ OSS Project Mangement]project-open[ OSS Project Mangement
]project-open[ OSS Project Mangement
Klaus Hofeditz
 
Savvy Social Media for Open Source Communities
Savvy Social Media for Open Source CommunitiesSavvy Social Media for Open Source Communities
Savvy Social Media for Open Source Communities
All Things Open
 
Budget and Budgetary Control
Budget and Budgetary ControlBudget and Budgetary Control
Budget and Budgetary Control
Ashish Nangla
 
Project Cost Management
Project Cost ManagementProject Cost Management
Project Cost Management
mohamed elashri
 

Viewers also liked (16)

Open source tools for building social networks - Ismayil Khayredinov
Open source tools for building social networks - Ismayil KhayredinovOpen source tools for building social networks - Ismayil Khayredinov
Open source tools for building social networks - Ismayil Khayredinov
 
Open-source and no-cost tools for collaboration
Open-source and no-cost tools for collaborationOpen-source and no-cost tools for collaboration
Open-source and no-cost tools for collaboration
 
Enterprise It On A Shoestring Solstice Consulting 2009
Enterprise It On A Shoestring Solstice Consulting 2009Enterprise It On A Shoestring Solstice Consulting 2009
Enterprise It On A Shoestring Solstice Consulting 2009
 
Free and Open Libraries
Free and Open LibrariesFree and Open Libraries
Free and Open Libraries
 
How to leverage social media technologies on a low budget
How to leverage social media technologies on a low budgetHow to leverage social media technologies on a low budget
How to leverage social media technologies on a low budget
 
The Case for Open Source Enterprise Content Management
The Case for Open Source Enterprise Content ManagementThe Case for Open Source Enterprise Content Management
The Case for Open Source Enterprise Content Management
 
Union Budget 2015 - A Social Media Analysis
Union Budget 2015 - A Social Media AnalysisUnion Budget 2015 - A Social Media Analysis
Union Budget 2015 - A Social Media Analysis
 
Adopt Open Source To Beat Tight Budgets
Adopt Open Source To Beat Tight BudgetsAdopt Open Source To Beat Tight Budgets
Adopt Open Source To Beat Tight Budgets
 
Open Source
Open SourceOpen Source
Open Source
 
OpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnOpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic Downturn
 
Agile Software Estimation
Agile Software EstimationAgile Software Estimation
Agile Software Estimation
 
Software Cost Estimation in Software Engineering SE23
Software Cost Estimation in Software Engineering SE23Software Cost Estimation in Software Engineering SE23
Software Cost Estimation in Software Engineering SE23
 
]project-open[ OSS Project Mangement
]project-open[ OSS Project Mangement]project-open[ OSS Project Mangement
]project-open[ OSS Project Mangement
 
Savvy Social Media for Open Source Communities
Savvy Social Media for Open Source CommunitiesSavvy Social Media for Open Source Communities
Savvy Social Media for Open Source Communities
 
Budget and Budgetary Control
Budget and Budgetary ControlBudget and Budgetary Control
Budget and Budgetary Control
 
Project Cost Management
Project Cost ManagementProject Cost Management
Project Cost Management
 

Similar to Optimizing The Cost Of Open Source Software Management

Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Protecode
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Source Code Control Limited
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
Source Code Control Limited
 
Streamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-ApprovalStreamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-Approval
Protecode
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
Tiberius Forrester
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
Protecode
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
Tiberius Forrester
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
jeff cheng
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply Chains
nexB Inc.
 
OWF14 - Open Source & Software Supply Chain
OWF14 - Open Source & Software Supply ChainOWF14 - Open Source & Software Supply Chain
OWF14 - Open Source & Software Supply Chain
Paris Open Source Summit
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Black Duck by Synopsys
 
O2 Presentation Sdp Event
O2 Presentation Sdp EventO2 Presentation Sdp Event
O2 Presentation Sdp Event
jameskenney
 
Where’s the license?
Where’s the license?Where’s the license?
Where’s the license?
Protecode
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Emerasoft, solutions to collaborate
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps Next
Perfecto by Perforce
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at Docusign
Synopsys Software Integrity Group
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 
FOSSology and OSS-Tools for License Compliance and Automation
FOSSology and OSS-Tools for License Compliance and AutomationFOSSology and OSS-Tools for License Compliance and Automation
FOSSology and OSS-Tools for License Compliance and Automation
Gaurav Mishra
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2
 

Similar to Optimizing The Cost Of Open Source Software Management (20)

Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Streamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-ApprovalStreamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-Approval
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply Chains
 
OWF14 - Open Source & Software Supply Chain
OWF14 - Open Source & Software Supply ChainOWF14 - Open Source & Software Supply Chain
OWF14 - Open Source & Software Supply Chain
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
 
O2 Presentation Sdp Event
O2 Presentation Sdp EventO2 Presentation Sdp Event
O2 Presentation Sdp Event
 
Where’s the license?
Where’s the license?Where’s the license?
Where’s the license?
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps Next
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at Docusign
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
FOSSology and OSS-Tools for License Compliance and Automation
FOSSology and OSS-Tools for License Compliance and AutomationFOSSology and OSS-Tools for License Compliance and Automation
FOSSology and OSS-Tools for License Compliance and Automation
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 

Recently uploaded

Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 

Recently uploaded (20)

Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 

Optimizing The Cost Of Open Source Software Management

  • 1. Protecode Inc. 2014 Optimizing The Cost Of OSS Management Leveraging OSS while managing your governance costs February 26th 2014 1
  • 2. Protecode Inc. 2014 Agenda  The Challenge – The depth of OSS increases governance costs  OSS Management Effort & Cost – Discovering what’s in your code – Compliance to your policy – Security Vulnerabilities and other attributes – Complying to license obligations  Automating OSS Management – Minimizing risks – OSS Adoption process and the maturity model – Automating OSS Adoption  Wrap up and Q/A 2 Normand Glaude, COO nglaude@protecode.com
  • 3. Protecode Inc. 2014 Open Source Software  Enables rapid software development – Easy access to code – Hundreds of thousands of projects – Enables new business models – The original crowd sourcing model (and most successful)  The good: – Faster, more functional – Improves interoperability, adoption of standards  The bad: – Uncertain ownership structure • Intellectual property - copyright, license • Maintenance and support – Perceived uncertain quality and security – Requires due diligence – and a managed adoption process 3 Why OSS?
  • 4. Protecode Inc. 2014 How much Open Source do I use? 4 Proprietary Application Common Data Layer Abstraction Layers GUI Toolkit Plugins GUI Framework Artwork Widget Library ORM Scheduler Communications Installer Configurator Script Protocol & Marshalling Encryption Compression Modeler Database Server Cache DB Engine DB Management Application Server Framework
  • 5. Protecode Inc. 2014 OSS Procurement Involves…  Taking inventory of 3rd party components  Clarification of IP ownership and licensing  Ensuring license models meet business expectations  Minimizing Security Risks  Eligibility to export (encryption)  Compliance to license obligations 5
  • 6. Protecode Inc. 2014 An example  A Hypothetical Organization – Less than 200 people – 3 releases per year – 5 years of cumulative development  Other Assumptions: – A open source policy is already in place – No corrective actions are required  OSS Management Effort – Discovery of 3rd party components – Analysis – Compliance to obligations 6
  • 7. Protecode Inc. 2014 Discovery: Creating the BOM  Objective: Identify all 3rd party content and identify licensing attributes  Tasks: – Inspect all source code and build ingredients to create Bill of Materials (BOM). – Key files: • Build files (makefile, POM files, etc.) • Text files containing license text • Text files that may make reference to licenses • Any other documentation – Determine the distribution method • Source? Binary? Deployment?  Effort: between 2-5 days, depending on the portfolio size 7 Creating the BOM _
  • 8. Protecode Inc. 2014 License Analysis  Objective: Identify licensing implications  Tasks: – Interpret the license references and text to determine • A list of all obligations associated with each license • A list of license compatibility issues between licenses in the portfolio – Cross-reference BOM components, distribution, licenses to determine: • The licensing options for each open source component • Applicable obligations per 3rd party component • Compatibility issues that need to be rectified  Effort: 1-3 days 8 License Analysis _
  • 9. Protecode Inc. 2014 Security Vulnerabilities  Objective: use BOM to uncover published vulnerabilities  Tasks: – Cross-reference 3rd party components (BOM) with NVD and other databases – Discover which ones apply to your product – Available through web sites searches and in downloadable XML formats.  Effort: 1-3 days 9 Security Vulnerabilities _
  • 10. Protecode Inc. 2014 Export Restrictions (Encryption)  Objective: identify all encryption software content to file for export permits  Tasks: – Identify all proprietary and 3rd party components using or implementing encryption algorithms – Examples: password protection, security certificates, secure communications (https), encoding, etc. – Prepare a list to apply for export permits  Effort: 1-3 days 10 Export Restrictions _
  • 11. Protecode Inc. 2014 Attribution and Documentation  Objective: Compliance with License Obligations – Most open source licenses have an attribution clause  Task: – Produce a list of Open Source components in the product (BOM) – Prepare a list of licenses (complete text) for each license present in the product – Package with distribution and with printed documentation  Effort: 0.5-2 days 11 Attribution and Documentation _
  • 12. Protecode Inc. 2014 Summary of the cost Cost for 1 release. Consider that subsequent releases will partially leverage existing information. 12 Activity Manual Create BOM License Analysis Security Vulnerabilities Encryption Content Attribution and Documentation TOTAL
  • 13. Protecode Inc. 2014 Other Potential Costs and Risks 13 Discovery Corrective Action OSS License Against Policy • Seek commercial arrangement • Change distribution model • Replace component and refactor code Incompatible Licenses • Seek commercial arrangement • Change distribution model • Replace component and refactor code Ambiguous Licensing Terms • Seek clarification from IP owner • Seek commercial arrangement • Replace component and refactor code Security Vulnerabilities • Upgrade to latest version, fix problem • Replace component and refactor code Encryption Content • Update export control application
  • 14. Protecode Inc. 2014 When to do an OSS checkup? 14  A transaction trigger  M&A event  Tech transfer or commercialization  Collaboration (establishing background IP)  Product shipment  Preferably, regularly as part of a Quality Development Process  Release checklist – at a minimum  Integrated into the development cycle - optimal License Management is most effective when applied early in development life cycle Development | Build/QA | In The Market Real-Time Preventative Measures Periodic Analysis Build-Time & Pre- Launch Analysis Post-Launch Correction Cost of Compliance At Different Stages Of Development
  • 15. Protecode Inc. 2014 OSS Adoption Process (OSSAP) Maturity Model Voluntary policy compliance with Legal Advice Manual search and code review In-house Tools Automated Scanning with Reference Database Integrated tool suite within Software Development Cycle 15
  • 16. Protecode Inc. 2014 Activity Manual Automated Create BOM License Analysis Security Vulnerabilities Encryption Content Attribution and Documentation TOTAL Introducing Automation Lowers Costs Actual cost varies with local labor rate. 16
  • 17. Protecode Inc. 2014 Automate your Workflow Write Code Commit Code Build Libraries Release Software Define Sprint 17 Use CA to Pre-approve Code Use DA to Monitor in Real-time Use CI tool to Trigger EA Scan, Consume CSV File Use CI tool to Trigger Artifact Scan Use ES to Produce Reports
  • 18. Protecode Inc. 2014 Reporting Options  Summary report – High level view of the findings – Highlight key findings, areas requiring attention – Reference material on licenses found, best practices  Detailed reports – Detailed file-by-file – CSV Export – License obligations – License incompatibilities – Text of all licenses applicable to software packages – Security vulnerabilities – Export Control Classification Numbers (ECCN) 18 The first scan and review becomes a baseline. Subsequent scans are much quicker since they leverage existing data.
  • 19. Protecode Inc. 2014 Q&A Please type your questions into the chat box to the right 19  OSS adoption has increased development pace – OSS is everywhere, and runs deep  OSS Management – Big task, especially when portfolios are large and done manually  Automated OSS Management Tools – Are effective in reducing the time spend on OSS management – More thorough, especially when used continuously – Provide an opportunity to minimize licensing ambiguity earlier in the development cycle. Recap
  • 20. Protecode Inc. 2014 20 Protecode Corporate Summary  Overview – Software Attributes Management – Established in 2006 – World-wide partner network  Products & Services for software adoption – Products: • On-premises: Protecode System 4TM , Protecode CompactTM • Hosted: ProtecodeCloud, – Services: • Software Audit Services, • Code Portfolio Similarity Assessments Services  Value of Protecode Solutions – Reduce IP uncertainties, highlight security vulnerabilities and ensure compliance – Accelerate time to market and reduce development cost
  • 21. Protecode Inc. 2014 21 info@protecode.com www.protecode.com