Presented by Mark Radcliffe on October 12, 2016
This webinar examined the implications of recent developments in open source compliance and litigation. It touched on a series of Linux-related cases and stepped up compliance activity in Germany, in addition to current patent suits against Apache projects. The new litigation was discussed in the context of prior similar cases such as the Versata-Ameriprise case. Additionally, the webinar provided an overview of compliance best practices and how to reduce the risk of open source compliance and litigation.
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Lee Myring
A quick introduction to log aggregation in a local Docker development environment using Fluentd followed by a demonstration using a publicly available GitHub repo.
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Lee Myring
A quick introduction to log aggregation in a local Docker development environment using Fluentd followed by a demonstration using a publicly available GitHub repo.
Multi-Tenancy Kafka cluster for LINE services with 250 billion daily messagesLINE Corporation
Yuto Kawamura
LINE / Z Part Team
At LINE we've been operating Apache Kafka to provide the company-wide shared data pipeline for services using it for storing and distributing data.
Kafka is underlying many of our services in some way, not only the messaging service but also AD, Blockchain, Pay, Timeline, Cryptocurrency trading and more.
Many services feeding many data into our cluster, leading over 250 billion daily messages and 3.5GB incoming bytes in 1 second which is one of the world largest scale.
At the same time, it is required to be stable and performant all the time because many important services uses it as a backend.
In this talk I will introduce the overview of Kafka usage at LINE and how we're operating it.
I'm also going to talk about some engineerings we did for maximizing its performance, solving troubles led particularly by hosting huge data from many services, leveraging advanced techniques like kernel-level dynamic tracing.
Building Cloud-Native App Series - Part 2 of 11
Microservices Architecture Series
Event Sourcing & CQRS,
Kafka, Rabbit MQ
Case Studies (E-Commerce App, Movie Streaming, Ticket Booking, Restaurant, Hospital Management)
Navigate the universe of CI/CD tools.
As the fastest way to production, the CI/CD pipeline is now mainstream among software companies, forming the backbone of the modern DevOps environment. While DevOps handles the culture aspect, CI/CD focuses on the process and tools.
With this guide, we hope to provide a clear overview of the various CI/CD tools categories and give a broad sampling of the various tools that are available.
Free and Open Source Software Litigation in 2016 Mark Radcliffe
This presentation was made for the Practicing Law Institute in December, 2016. After many years of harmony, litigation about Free and Open Source Software ("FOSS") licenses have increased significantly in the last two years. The litigation is shifting from a focus on compliance to a focus on commercial remedies, such as damages. This presentation summarizes these changes and included a detailed discussion of the decision in the Hellwig v. VMware case and the litigation by Patrick McHardy ("McHardy") in Germany .McHardy is believed to have asserted violation of the General Public License version 2 ("GPLv2") against over 80 companies in the last three years. Unlike traditional "community enforcers", McHardy is primarily seeking monetary damages rather then compliance. His strategy is similar to "patent trolls" and he is frequently described as a copyright troll.
Multi-Tenancy Kafka cluster for LINE services with 250 billion daily messagesLINE Corporation
Yuto Kawamura
LINE / Z Part Team
At LINE we've been operating Apache Kafka to provide the company-wide shared data pipeline for services using it for storing and distributing data.
Kafka is underlying many of our services in some way, not only the messaging service but also AD, Blockchain, Pay, Timeline, Cryptocurrency trading and more.
Many services feeding many data into our cluster, leading over 250 billion daily messages and 3.5GB incoming bytes in 1 second which is one of the world largest scale.
At the same time, it is required to be stable and performant all the time because many important services uses it as a backend.
In this talk I will introduce the overview of Kafka usage at LINE and how we're operating it.
I'm also going to talk about some engineerings we did for maximizing its performance, solving troubles led particularly by hosting huge data from many services, leveraging advanced techniques like kernel-level dynamic tracing.
Building Cloud-Native App Series - Part 2 of 11
Microservices Architecture Series
Event Sourcing & CQRS,
Kafka, Rabbit MQ
Case Studies (E-Commerce App, Movie Streaming, Ticket Booking, Restaurant, Hospital Management)
Navigate the universe of CI/CD tools.
As the fastest way to production, the CI/CD pipeline is now mainstream among software companies, forming the backbone of the modern DevOps environment. While DevOps handles the culture aspect, CI/CD focuses on the process and tools.
With this guide, we hope to provide a clear overview of the various CI/CD tools categories and give a broad sampling of the various tools that are available.
Free and Open Source Software Litigation in 2016 Mark Radcliffe
This presentation was made for the Practicing Law Institute in December, 2016. After many years of harmony, litigation about Free and Open Source Software ("FOSS") licenses have increased significantly in the last two years. The litigation is shifting from a focus on compliance to a focus on commercial remedies, such as damages. This presentation summarizes these changes and included a detailed discussion of the decision in the Hellwig v. VMware case and the litigation by Patrick McHardy ("McHardy") in Germany .McHardy is believed to have asserted violation of the General Public License version 2 ("GPLv2") against over 80 companies in the last three years. Unlike traditional "community enforcers", McHardy is primarily seeking monetary damages rather then compliance. His strategy is similar to "patent trolls" and he is frequently described as a copyright troll.
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Learn how this Black Duck customer tracks the potential impact of open source security vulnerabilities in all its products while ensuring the SDLC remains fast and agile.
Just as the roles of CIOs and CTOs have needed to rapidly evolve along with the pace of technology, it is now becoming critically important for lawyers to understand emerging software security challenges.
Integration and automation are cornerstones of DevOps. Black Duck Hub provides integrations to CI/CD solutions like Jenkins and TeamCity, but what if you are using a different solution or maybe even your own custom tools? Never fear! Black Duck Hub API's allow you to leverage Black Duck open source scanning and policies into your environment. In this session we'll roll up our sleeves and dig into some coding examples to show you how to do it.
Organizations of all sizes using automation and agile methodologies to improve the speed and reliability of their software development initiatives. In this session we will provide an overview and demonstrations of the various ways you can integrate Black Duck Hub with your CI/CD tools to manage open source risks throughout development.
Managing Open Source in Application Security and Software Development LifecycleBlack Duck by Synopsys
Presented September 15, 2016 by John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck
Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security.
Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code.
In this webinar by Cigital and Black Duck security experts, you’ll learn:
- The current state of application security management within the Software Development Lifecycle (SDLC)
- New security considerations organizations face in testing applications that combine open source and in-house written software.
- Steps you can take to automate and manage open source security as part of application development
Docker is revolutionizing the way organizations build and deploy applications. But while containers make it easier to development teams to package applications with all their dependencies, they make it harder for operations teams to control what software is deployed into production. In this session you will see how Black Duck Hub helps development and operations teams maintain complete visibility and control of the open source in their containers.
Many future challenges will require complex technical solutions. Open source development models and open technical collaboration provide a model to harness disperse resources and technical expertise on a mass scale to leverage resources and talent in ways never known before. We'll discuss these models, how open source projects are deploying them and consider applications of these models to other challenges
You need to establish clear operational and security processes around your app and container usage. Join this session to see how enterprise IT can use accelerate business agility, implement DevOps processes, and achieve greater security and control.
This session examines how Legal Counsel can help software development teams create an automated compliance process to make daily decisions related to open source licenses.
The Hub builds on all the great technology developed in the Black Duck Suite over the past 10 years combined with a revamped UI and an integrated set of features. It's much easier than you would think to make the move from the Suite to the Hub. Learn how in this revealing session.
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck
Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.
The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.
In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
• Why container environments present new application security challenges, including those posed by ever-increasing open source use.
• How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
• Best practices and methodologies for deploying secure containers with trust and confidence.
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
According to SAP 85% of cybersecurity attacks target the application layer. To be successful in defending against these attacks you need to use a variety of tools. In session we'll go into the various types application security tools and approaches, including SAST, DAST, RASP, PEN, as well as Open Source Vulnerability Management. We'll help you understand the differences between these tools and help you develop a plan for filling your application security toolbox.
While vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization's attack surface: known vulnerabilities in applications that are built in-house.
Proactive sell side due diligence to identify, inventory, assess, and, when necessary, remediate open source risks helps ensure the target company receives the best value for its products in an M&A event (and avoid lawsuits). Discovering these problems late in the game can dramatically affect the final purchase price, trigger the need for additional/longer/enhanced escrows, delay closing or even cause an acquisition to be called off altogether.
Where does your organization stand with open source risk management? How are you identifying and securing open source used in your code? Measure your organization against these four levels to find out.
US-Jpan Innovation and Entrepreneurship Council ReportMark Radcliffe
The U.S.-Japan Innovation and Entrepreneurship Council was formed in 2011 by the Department of State of the United States of America and the Ministry of Economy, Trade and Industry of Japan under the umbrella of the U.S.-Japan Dialogue on Innovation, Entrepreneurship, and Job Creation. By promoting cooperation among representatives of government agencies and the business, venture capital and scientific communities of the United States and Japan, the purpose of the Council is to help cultivate a bilateral ecosystem of innovation and entrepreneurship. Among the Council's primary objectives is to develop recommendations concerning policy options and prevailing practice in the field of innovation and entrepreneurial activities, including those involved in U.S.-Japan cooperation. To that end, the members of the Council have elaborated and submitted this Report to Leaders.
Unintended Consequences of Joint Patent OwnershipRodney Sparks
PowerPoint Presentation describing the unintended consequences on patentability and licensing of technologies that can result from unplanned, or even planned collaborations, when there is more than one inventor/owner of a technology
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
Summary of legal developments in open source for Open Source Think Tank 2009. For more recent information on open source legal issues, you can read my blog at http://lawandlifesiliconvalley.com/blog/
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Black Duck by Synopsys
A blow-by-blow discussion of key open source software-related issues and deal points from the point of view of buyer/investor vs. seller/investee. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to speed and smooth negotiations, avoid protracted due diligence and get better deal terms, increasing overall value.
2011 Silicon Flatirons IP (Crash Course) For EntrepreneurersJason Haislmaier
Intellectual Property Crash Course for Entrepreneurs (February 22, 2011) presentation at the Wolf Law Building at the University of Colorado (Boulder, CO)
Part 1 (of 3) deals with IP legal landmines that caused pretty severe problems for scaleups--this presentation is from the perspective of a scaleup team, i.e., it is not dense legalese.
PGRT Basics (Series: IP 301 Post-Grant Review Trials 2020)Financial Poise
This segment will discuss the statutory and procedural background of post-grant review proceedings. It will discuss the types of proceedings available and provide a high-level discussion of how the proceedings are conducted.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/pgrt-basics-2020/
With the rise of entrepreneurship, intellectual property is booming. This creates a wealth of opportunities for attorneys to start or grow their IP practice. But, like with any area of law, IP requires specialized knowledge to succeed and comply with best practices. Technology is an essential element to minimizing risk in any practice, but particularly, in the deadline-driven world of IP.
IP rights are an important class of intangible assets that can be assigned or licensed to generate revenue. Indeed, some companies do not make or sell products; their entire revenue is derived from the licensing of their patents. Suffice it to say, licensing revenue has become a significant source of value in the global intellectual property economy. This webinar will help you better understand the complex legal issues associated with IP transactions.
To listen to this webinar on-demand, go to: https://www.financialpoise.com/financial-poise-webinars/buying-selling-ip-2020/
Similar to Litigation and Compliance in the Open Source Ecosystem (20)
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Principal engineer at MITRE, Bob Martin, examines the potential security issues introduced by the Internet of Things and proactive measures you can take to address those issues.
Open Source Insight:IoT Security, Tech Due Diligence, and Software Security ...Black Duck by Synopsys
A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin. Learn how open source tech due diligence helped one company close a deal securely. Should “Privacy Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR LoomingBlack Duck by Synopsys
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
3. OSS Often Enters a Code Base
Unchecked, Resulting In Risks
Code Base
Commercial
3rd Party
Code
Purchasing
• Licensing?
• Security?
• Quality?
• Support?
Open Source
OPERATIONAL RISK
Which versions of code
are being used, and how
old are they
LEGAL RISK
Which licenses are used
and do they match
anticipated use of the code
SECURITY RISK
Which components have
vulnerabilities and what
are they
Management
visibility…not!
4. Black Duck’s Experience Analyzing Code
• Audits on average find 33% open
source
• 99% of code audits find open source
• 95% of audits find unknown open
source
• 75% of audits contain unknown licenses
• 67% of code contains vulnerable
components
• 50% of code audits contain GPL
5. FOSS Compliance: New Players
• Traditional FOSS Enforcement:
Focus on Compliance
• Software Freedom Law Center
• Software Freedom Conservancy
(“SFC”)
• gplviolations
• Shift to Commercial Licensors
• Continuent v. Tekelec (GPL)
• Versata Series of Cases
• New Enforcers
• McHardy, copyright troll
• Fligor: looking for clients
• Major Difference in Goals
• Shift from compliance to revenue
• Focus on injunctive relief
• Expansion of Traditional FOSS
Enforcement
• SFC assists in VMware litigation
6. Existing Compliance Issues
• VMware litigation (SFC)
• McHardy litigation
• First copyright troll
• Versata: focus on hybrid product licensing
• Will terminated licensees regularly raise the defense of “integration” with GPLv2 licensed
code?
• Will warranty claims against licensors arise from poorly drafted licenses become common?
7. Netfilter Project Suspends McHardy
The netfilter project regrets to have to suspend its core team member Patrick McHardy from the core team. This
is a grave step, definitely the first in the projects history, and it is not one we take lightly. Over many months,
severe allegations have been brought forward against the style of his license enforcement activities on parts of
the netfilter software he wrote. With respect to privacy, we will not publicly disclose the content of those
allegations.
Despite many attempts by us to reach him, Patrick has been unable or unwilling to comment on those
allegations or defend against the allegations. The netfilter project does not have first-hand evidence. But given
the consistent allegations from various trusted sources, and in the absence of any response from Patrick, we
feel it is necessary to suspend him until further notice.
We'd like to stress that we do not take any sides, and did not "convict" Patrick of anything. He continues to be
welcome in the project as soon as he is be able to address the allegations and/or co-sign the "principles" [1] in
terms of any future enforcement activities.
8. SFC Criticizes GPL Monetizers
These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minor violations in order to sell an
alternative proprietary license, stand in stark contrast to the work that Conservancy, FSF and gpl-violations.org have done for years.
Most notably, a Linux developer named Patrick McHardy continues ongoing GPL enforcement actions but has not endorsed the community
Principles. When Patrick began his efforts, Conservancy immediately reached out to him. After a promising initial discussion (even contemplating
partnership and Patrick joining our coalition) in mid-2014, Patrick ceased answering our emails and text messages, and never cooperated with
us. Conservancy has had no contact with Patrick nor his attorney since, other than a somewhat cryptic and off-topic response we received over a
year ago. In the last two years, we've heard repeated rumors about Patrick's enforcement activity, as well as some reliable claims by GPL
violators that Patrick failed to follow the Principles.
In one of the many attempts we made to contact Patrick, we urged him to join us in co-drafting the Principles, and then invited him to endorse
them after their publication. Neither communication received a response. We informed him that we felt the need to make this public statement,
and gave him almost three months to respond. He still has not responded.
Patrick's enforcement occurs primarily in Germany. We know well the difficulties of working transparently in that particular legal system, but both
gpl-violations.org and Conservancy have done transparent enforcement in that jurisdiction and others. Yet, Patrick's actions are not transparent.
In private and semi-private communications, many have criticized Patrick for his enforcement actions. Patrick McHardy has also been suspended
from work on the Netfilter core team. While the Netfilter team itself publicly endorsed Conservancy's principles of enforcement, Patrick has not.
Conservancy agrees that Patrick's apparent refusal to endorse the Principles leaves suspicion and concern, since the Principles have been
endorsed by so many other Linux copyright holders, including Conservancy.
9. New Compliance Issues
• Harald Welte announcement of an OSS Compliance Company, aggregating
developers
• Welte: ran gpl violations
• Geographic focus not limited to Germany, but could include France and Spain
• David Fligor/Progressive LLP: Troll lawyer searching for a project, so far no
cases filed
• Sound View Innovations: new ASF software patent troll based on Alcatel-Lucent
patents
• Sound View has sued Facebook
• Sound View has sued LinkedIn
• Sound View has sued Twitter
10. German FOSS Enforcement
• Community Enforcers
• Harald Welte/gpl-violations.org (Linux kernel, iptables)
• Returning to compliance based on Barcelona FSFE Conference
• Thomas Gleixner (Linux kernel code used in U-Boot)
• XviD project
• Christoph Hellwig (Linux kernel, this is the VMware case)
• Other
• Patrick McHardy (Linux kernel, iptables, iproute2)
11. Community Enforcement
• Most cases are settled before they go to court. The agreement for a “declaration to cease
and desist" in Germany has to contain a clause about a contractual penalty for a future
infringement: if the defendant is caught violating GPLv2 again, then the defendant has to
pay the penalty.
• Harald Welte (gpl-violations.org) has used these penalties for donations to charities like
Chaos Computer Club, Wau Holland Stiftung, Free Software Foundation Europe, etc.
because his focus was on process change, compliance and community norms.
• gpl-violations.org worked very closely together with Free Software Foundation Europe to
get companies to talk about their problems and let them participate in the global
discussion about open source compliance and other legal issues.
12. German Court Procedure - Outline
I. Preliminary Injunction Proceedings
1. General
2. Requirements
3. Standard of Proof
4. Possible Remedies
5. Procedural Aspects
6. Enforcement
II. Proceedings on the Merits
1. Overview
2. Remedies
III. Pre-Litigation Strategies
1. Offense Position
2. Defense Position
13. German Court Procedure –
Preliminary Injunction Proceedings
1. General
• Objective: Stop infringement as soon as possible
• Often most dangerous threat to infringer, since immediately enforceable (appeal
has no suspensory effect!)
• "General" time line:
• Granted within hours (e.g. re trade fairs), 1-2 days (if ex parte),
2-6 weeks (with oral hearing);
• Appeal hearing 2-4 months after decision in first instance
14. German Court Procedure –
Preliminary Injunction Proceedings
2. Requirements
• Generally courts issue in cases where
• Infringement is very likely
• No undue delay in filing an application for PI ("Urgency Requirement")
• Plaintiff has to file the application for PI without undue delay
• Up to 4 weeks usually not problematic
• Up to 8 weeks usually problematic; IP owner has to show exceptional circumstances in determining
the infringement / preparation of PI application
• Over 8 weeks usually no PI granted!
• ACT FAST!
15. McHardy German Litigation I
• Patrick McHardy uses the same enforcement mechanism but is seeking personal
monetary gain
• Estimate is that McHardy has approached at least 50 companies that have been
hit (some companies multiple times).
• Wide variety of companies, including retailers, telcos, producers, importers
• Best estimate is that he has received significant damages
• Wide range of products
• physical products (offline distribution)
• firmware updates downloadable from a website
• Over The Air (OTA) updates
16. McHardy German Litigation II
• Tactics against companies
1. Address a (minor) violation and have a company sign a cease and desist with contractual
penalty.
2. Address another (minor) violation and collect the contractual penalty. Sign a new
agreement with a higher penalty.
3. Wait some time, then go back to 2
• Devices usually have multiple violations of GPLv2 and he only will address one
issue at a time to collect the contractual penalty.
17. McHardy German Litigation III
McHardy's claims largely focus on:
• Lack of written offer
• Lack of license text in product
• Inadequate terms of written offer
• Lack of complete corresponding source code in repositories
• EULA conflicting with GPL obligations
• Written offer must come from last company selling product
• More exotic
• Written offer should be in German
• GPL warranty disclaimers are inadequate under German law
In the past, McHardy did not do a thorough technical analysis, like a rebuild of the
source code, but he has started doing so.
18. McHardy German Litigation IV
Two recent hearings, McHardy lost on procedural issues
• Case one: court decided that application was not sufficiently “urgent” for
preliminary injunction procedure
• Case two: judge found that McHardy’s affidavits were inconsistent and McHardy’s
lawyer was not prepared to defend it: McHardy withdrew case
Statement by presiding judge (not required and without precedential value but
shows thinking):
• If only a tiny bit of the programming works was contained in the litigious product and if that
tiny bit was capable of being copyright protected, the arguments of the defendant would not
be sufficient to rebut the claim. This might indeed result in Linux not being tradable in
Germany. The industry might have to look for other platforms where the chain of rights can
be controlled more easily
19. Solving the McHardy Problem and Copycats
• Focus on compliance of your products going into Germany
• Understand the McHardy business model
• Collaborate on claims and share information
• DLA Piper: Developing “Defense in a box”
• Working with past litigants to provide information
• Facts about McHardy
• Summary of McHardy claims
• Summary of McHardy arguments
• References
• Possibility of including actual complaints and other filings but more challenging
20. Hellwig v. VMware I
• VMware is alleged to be using arts of the Linux kernel in their proprietary ESXi
product, including the entire SCSI mid-layer, USB support, radix tree and many,
many device drivers.
• Linux is licensed under GNU GPLv2 with a modification by Linus Torvalds
• VMware has modified all the code they took from the Linux kernel and integrated
them into something they call vmklinux.
• VMware has modified their proprietary virtualization OS kernel vmkernel with
specific API/symbol to interact with vmklinux
• vmklinux and vmkernel interaction is uncertain
21. Hellwig v. VMware II
The court did not decide
• If vmklinux and vmkernel can be regarded as a uniform work and, if so,
• If the use of Hellwig's code in the vmklinux + vmkernel entity qualifies as a modification
(requiring a license) or as free use.
22. Hellwig v. VMware III
Court required that Hellwig prove the following:
• which parts of the Linux program he claims to have modified, and in what manner;
• to what extent these modifications meet the criteria for adapter's copyright pursuant to
Copyright Act § 69c No. 2 clause 2 in conjunction with § 3; and
• to what extent the Plaintiff pleads and where necessary proves that the Defendant has in
turn adopted (and possibly further modified) those adapted parts of the program that
substantiate his claim to protection.
Hellwig failed to meet this standard. He has appealed.
23. Hellwig v. VMware IV
Not sufficient as evidence according to the court:
• Copyright notices in header files
• Reference to git repository
• Provision of source code and git blame files
Increased requirements for demonstrating an infringement:
• Exact identification of own contributions
• Conditions for copyright protection of those contributions fulfilled
• Source code comparison of own contributions and the allegedly infringing code
It is not the job of the court to analyze the source code for elements that might
originate from the plaintiff, and to judge to what extent those elements might be
protectable.
24. Linux at 25: Disputes on Compliance
Greg Kroah-Hartman
• "I do [want companies to comply], but I don't ever think that suing them is the right way to do it, given
that we have been _very_ successful so far without having to do that”
• “You value the GPL over Linux, and I value Linux over the GPL. You are willing to risk Linux in order to
try to validate the GPL in some manner. I am not willing to risk Linux for anything as foolish as that.”
Linus Torvalds
• “Lawsuits destroy community. They destroy trust. They would destroy all the goodwill we've built up
over the years by being nice.”
Bradley Kuhn (SFC)
• “You said that you "care more about Linux than the GPL". I would probably agree with that. But, I do
care about software freedom generally much more than I care about Linux *or* the GPL. I care about
Linux because it's the only kernel in the world that brings software freedom to lots of users.”
25. Linux Foundation
• Who owns the contributions in the Linux kernel
• Linux kernel analysis to determine the identity of contributors to Linux kernel, software has
been completed and analysis will be done this year
• Next step: identifying copyright owners
• Encouraging statements by kernel.org on community norms for enforcement
• Training programs
• Core Infrastructure Initiative “Badge Program” (focused on security but includes
governance issues)
26. Summary for Software Distributors
• More compliance actions seem likely, particularly in Germany
• Develop a FOSS use (and management) policy to ensure that you understand
your obligations and can comply with them (for an overview of FOSS and FOSS
governance see
https://www.blackducksoftware.com/resources/webinar/introduction-open-source-
software-and-licensing)
• Ensure that your policy covers updates and security issues
• Review your distribution agreements to ensure that they take into account any
terms imposed by FOSS in your product and modify those terms as appropriate
27. • Largest law firm in the world with
4,200 lawyers in 31 countries and 77
offices throughout the Americas, Asia
Pacific, Europe and the Middle East
• More than 145 DLA Piper lawyers in IP
transactions
• Global Open Source Practice
• More than 550 DLA Piper lawyers
ranked as leaders in their fields
Global platform
28. OSS Practice
• Worldwide OSS practice group
• US Practice led by two partners: Mark Radcliffe & Victoria Lee
• Experience
• Open sourcing Solaris operating system
• FOSS foundations:
• OpenStack Foundation
• PrPL Foundation
• OpenSocial
• Open Source Initiative
• GPLv3 Drafting Committee Chair (Committee D)
• Drafting Project Harmony agreements
29. Contact Information
Mark F. Radcliffe
Partner
2000 University Avenue, East Palo
Alto, California, 94303-2214, United
States
T +1 650 833 2266
F +1 650 687 1222
E mark.radcliffe@dlapiper.com
Mark Radcliffe concentrates in strategic intellectual property advice, private financing, corporate
partnering, software licensing, Internet licensing, cloud computing and copyright and trademark.
He is the Chair of the Open Source Industry Group at the firm and has been advising on open
source matters for over 15 years. For example, he assisted Sun Microsystems in open sourcing
the Solaris operating system and drafting the CDDL. And he represents or has represented
other large companies in their software licensing (and, in particular, open source matters)
including eBay, Accenture, Adobe, Palm and Sony. He represents many software companies
(including open source startups) including SugarCRM, DeviceVM, Revolution Analytics,
Funambol and Reductive Labs for intellectual property matters. On a pro bono basis, he serves
as outside General Counsel for the Open Source Initiative and on the Legal Committee of the
Apache Software Foundation. He was the Chair of Committee C for the Free Software
Foundation in reviewing GPLv3 and was the lead drafter for Project Harmony. And in 2012, he
became outside general counsel of the Open Stack Foundation and drafted their certificate of
incorporation and bylaws as well as advising them on open source matters.
30. Contact Information
Bernd Siebers
Rechtsanwalt | Counsel
DLA Piper UK LLP
Maximilianstraße 2
D-80539 München
T +49 89 232372 133
M +49 173 529 75 67
E bernd.siebers@dlapiper.com
Bernd Siebers has longstanding experience in advising national and international businesses in
technology related matters, both contentious and non-contentious. His practice focuses on
technology related disputes with a focus on software and failed IT projects.
Bernd has particular experience in advising on Open Source Software compliance and in
dealing with Open Source Software related disputes, both in court and out of court.
Bernd has distinct specialist skills in copyright protection of software and in drafting and
negotiating technology sourcing agreements including software development and maintenance
agreements, and software licensing agreements.