This session will arm you with all the key information you need to to figure out Open Source software licensing issues, understand legal situation, etc. The aim is to present your obligations in terms of OSS licences, patent and intellectual property, before launching a project.
Next, a method developed within QualiPSo project will be presented!
IP and Licensing Strategy for Open Source CompaniesMark Radcliffe
This presentation from the Open Source Business Conference in 2008 discusses the issues for open source companeis in coordinating your intellectual property strategy with your business strategy.
Legal Issues in Developing in a Hybrid Envionment with Open Source SoftwareMark Radcliffe
This slidedeck is the third in a series of presentations on legal issues on open source licensing by Karen Copenhaver of Choate Hall and Mark Radcliffe of DLA Piper. To view the webinars, please go to http://www.blackducksoftware.com/files/legal-webinar-series.html. You may also want to visit my blog which frequently deals with open source legal issues http://lawandlifesiliconvalley.com/blog/
InDorse Tech Red Herring 100 Presentation FinalRob Marano
Winning presentation given at the 2010 Red Herring 100 North America Competition in Coronado, CA, on June 23, 2010 by Rob Marano, CEO & President of InDorse Technologies.
From a philosophical point of view, everybody loves open source software: you, your wife or girl friend, your father, your mother, grand-father or grand-mother, your children, your boss, your employees, your custormers, your students, your teachers, your cat even your fish, everybody.
Once the first enthusiasm gone (it takes arount 10 minutes for persons and 3 sec. for the fish), a simple question arises : ok, open source is not gratis, however, a consequence of the open redistribution is gratuity, so how are you making a living with open source software ? Is it viable in the long term ?
The conference will present the mechanisms (the "business models") around open source software and especially those for software editors.
STC conference Orlando october 2011 by Agustin Argelich
During this session, Agustin addressed leadership issues including managing both innovation and change (not necessarily the same thing)--technology, corporate culture, and other issues that drive decision making.
IP and Licensing Strategy for Open Source CompaniesMark Radcliffe
This presentation from the Open Source Business Conference in 2008 discusses the issues for open source companeis in coordinating your intellectual property strategy with your business strategy.
Legal Issues in Developing in a Hybrid Envionment with Open Source SoftwareMark Radcliffe
This slidedeck is the third in a series of presentations on legal issues on open source licensing by Karen Copenhaver of Choate Hall and Mark Radcliffe of DLA Piper. To view the webinars, please go to http://www.blackducksoftware.com/files/legal-webinar-series.html. You may also want to visit my blog which frequently deals with open source legal issues http://lawandlifesiliconvalley.com/blog/
InDorse Tech Red Herring 100 Presentation FinalRob Marano
Winning presentation given at the 2010 Red Herring 100 North America Competition in Coronado, CA, on June 23, 2010 by Rob Marano, CEO & President of InDorse Technologies.
From a philosophical point of view, everybody loves open source software: you, your wife or girl friend, your father, your mother, grand-father or grand-mother, your children, your boss, your employees, your custormers, your students, your teachers, your cat even your fish, everybody.
Once the first enthusiasm gone (it takes arount 10 minutes for persons and 3 sec. for the fish), a simple question arises : ok, open source is not gratis, however, a consequence of the open redistribution is gratuity, so how are you making a living with open source software ? Is it viable in the long term ?
The conference will present the mechanisms (the "business models") around open source software and especially those for software editors.
STC conference Orlando october 2011 by Agustin Argelich
During this session, Agustin addressed leadership issues including managing both innovation and change (not necessarily the same thing)--technology, corporate culture, and other issues that drive decision making.
Langkah PM Najib Razak yang memecat wakil perdana menteri dan jaksa agung, dianggap sebagai upaya sia-sia untuk menyelamatkannya dari krisis akibat skandal 1MDB.
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Paris Open Source Summit
First this talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way, using different tools freely available to the open source communities like FOSSology and Antepedia Tools Suite. Secondly, we will give some example of license data that can be collected from many open source projects and show how it can be useful for communities to adopt standard like SPDX (Software Package Data Exchange), which will be presented briefly.
Langkah PM Najib Razak yang memecat wakil perdana menteri dan jaksa agung, dianggap sebagai upaya sia-sia untuk menyelamatkannya dari krisis akibat skandal 1MDB.
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Paris Open Source Summit
First this talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way, using different tools freely available to the open source communities like FOSSology and Antepedia Tools Suite. Secondly, we will give some example of license data that can be collected from many open source projects and show how it can be useful for communities to adopt standard like SPDX (Software Package Data Exchange), which will be presented briefly.
F/OSS: An Innovation-Friendly Sofware Engineering ParadigmFrancois Letellier
F/OSS is often considered from ethical, community, legal viewpoints. This presentation promotes the idea that Free/Open Source is somewhat a software engineering paradigm, which comes with methods / best practices; tooling; and management / governance technics.
Presentation delivered at the IN'Tech event, Grenoble/Montbonnot, January 12, 2010.
Software Heritage, a revolutionary infrastructure for software source code, O...OW2
Open Source Software is at the heart of our digital society and embodies a growing part of our technical and organisational knowledge, and this raises many questions: how to comply with the obligations of Open Source licenses? how to be sure that the source code of a key module we use will be still there when we need it in the future? do we really know what source code we are using, and where it comes from? how can we adress cybersecurity if we do not know? how do we share this information across the software supply chain?
Answering these questions and answering them well is quite a challenge.
In this presentation, you will discover Software Heritage, an open non-profit initiative, in partnership with Unesco, and supported by major IT players, and how the revolutionary infrastructure it is building changes the way we adress these issues.
Keynote presentation by Roberto Di Cosmo, Inria.
Abstract: With 8 billions unique source files from 120 million repositories, it is the largest archive of source code ever built.
The presentation outlines Alleantia jorney for achieving pervasive IOT deployment leveraging open architectures, communities, OTS and recycled Hardware.
Starting from small-scale industrial systems control products for B2B (delivered in 2012), accelerating through porting to ARM/low cost OTS hardware (eg. Rapsberrypi) and through SDK for opening developers' community (2013), and creating IOT application market, developers and 'technology assistants' social communities for extensive IOT adoption, leveraging the young and creative crowd of Nations (2015+)
Software Heritage: Archiving the Free Software Commons for Fun & ProfitSpeck&Tech
ABSTRACT: The ambition of the Software Heritage project is to collect, preserve, and share the entire body of free software that is published on the Internet in source code form, together with its development history. Since its public announcement in 2016, the project has assembled the largest collection of freely available software source code for about 5 billion unique source code files and 1 billion commits, coming from more than 80 million projects.
Initially focused on the collection and preservation goals - which were at the time urgent, due to the recurrent disappearances of development forges - Software Heritage has since rolled out several mechanisms to peruse its archive, making progress on the sharing goal.
In this talk, we will review the status of the Software Heritage project, emphasizing how users and developers can, today, benefit from the availability of a great public library of source code.
BIO: Stefano Zacchiroli is Associate Professor of Computer Science at University Paris Diderot on leave at Inria. His research interests span formal methods, software preservation, and Free/Open Source Software engineering. He is co-founder and current CTO of the Software Heritage project. He is an official member of the Debian Project since 2001, where he was elected to serve as Debian Project Leader for 3 terms in a row over the period 2010-2013. He is a former Board Director of the Open Source Initiative (OSI) and recipient of the 2015 O'Reilly Open Source Award.
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Priyanka Aash
"Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more.
Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway.
In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection.
This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a live demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed."
" Breaking Extreme Networks WingOS: How to own millions of devices running on...PROIDEA
Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more. Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway. In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection. This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed.
Middleware the open-source way: technical superiority and business opportunit...Francois Letellier
Presentation delivered at LinuxWorld 2005, San Francisco. www.flet.fr
Middleware is the new frontier for open source and brings opportunities to contain costs, to focus on innovative engineering, to find new sources of revenue and to go to market with unique competitive advantages. With members in about 80 countries and a team of 400 committers, ObjectWeb is a fast-growing, nonprofit organization that focuses on high-quality open source middleware. For example, JOnAS from ObjectWeb was the first open source application server developed in a nonprofit way to achieve J2EE certification. The benefits of open standard compliant, production-grade middleware is made available to everyone as an alternative, or as a complement, to proprietary solutions.
In this presentation, you’ll learn how open source players come together to build an ecosystem where users find high quality software and professional services. Case studies of open-source middleware deployed in production in government, healthcare, financial institutions and more will demonstrate that, however hidden, open source middleware is now a mainstream option that you should consider too.
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureKai Wähner
Go-powered Open Source Project Flogo for Lightweight IoT and Edge Integration:
The Internet of Things (IoT) brings up 50 billion devices until 2020, which have to be connected somehow. Challenges include low bandwidth, high latency, non-reliable connectivity and the need for low network costs. Therefore, a gateway at the edge is needed remotely on site of the devices to filter, aggregate and send just relevant data into the cloud or data center.
This session introduces open source project Flogo, which allows developing ultra-lightweight IoT edge applications with a zero-coding web user interface. Coders can also rely just on Go code if they want. It is written in Go programming language and therefore 20-50x more lightweight than similar Java or JavaScript frameworks.
The session focuses on live demos and shows how to develop ultra-lightweight microservices and how to integrate IoT devices using standards such as MQTT, WebSockets, CoaP or REST. The last part of the session compares Project Flogo to other open source IoT projects like Eclipse Kura or Node-RED and cloud offerings such as AWS IoT.
Check out www.flogo.io and https://community.tibco.com/products/project-flogo for more information and community.
This document recalls the definition of patent and copyright and as far as computer programs are concerned and explains what elements can be protected by a patent or by a copyright. Concerning software patents, the practice of the French patent office, the European Patent Office, the United States Patent and Trademark Office and the Japanese Office are detailed. Several examples are mentioned to illustrate the different cases.
www.FITT-for-Innovation.eu
Slides used at presentation given at the 2008-07 Palmetto Open Source Software Conference - Legal Issues in Open Source: Patents, Trademarks, Copyrights, and Licenses
Note les images proviennent de la présentation Prezi.com -> Standford. Big thanks to them.
Les communautés pour faire vivre un code, une plateforme, une infrastructure ? Connaissez-vous les douze commandements du community manager? Cette présentation sera effectuée par Stéphane Ribas qui présentera méthodes et bonnes pratiques autour de la création et la gestion de communauté. Il abordera ce thème de manière originale en parlant des douze commandements du community manager.
Stéphane est un ingénieur de recherche au sein de l'Inria, il s'occupe de conseiller les équipes de recherche à développer des communautés autour de leur projet.
Comment choisir sa licence libre pour son projet de développement logiciel et technologique dans le milieu de la recherche ?
Retour d'expérience et conseils par Stéphane Ribas.
Attention cette présentation doit être accompagné du discours! de plus, ces slides ne refléte qu'une reflexion sur les licences open source, il ne s'agit que de reflexions et opinion de son auteur et non pas d'INRIA... c'est important :-)
A+
Diffuser les résultats de recherche ? Comment ? Nous aurons par la suite une présentation d’Aquitaine Science Transfert (http://ast-innovations.com/, http://www.satt.fr/). Cet organisme nous expliquera leurs métiers, leurs contraintes, et nous fera part de leurs conseils et bonnes pratiques afin de diffuser et préparer la valorisation de vos résultats de recherche dans de bonnes conditions et sans stress. Cette présentation sera axée sur la pratique avant tout! Elle abordera des cas de la vie courante propre à nos instituts. Cette session sera riche d'enseignement !
Aquitaine Science Transfert est l’interlocuteur des chercheurs pour la protection, la maturation et la valorisation de leurs résultats de recherche. Elle les accueille tout au long de l’année pour étudier leurs résultats de recherche, les aider à déclarer leurs inventions et définir une stratégie de protection et de valorisation. Pour certains projets, elle investit dans la maturation technico-économique pour finaliser l’invention et réaliser un transfert sur les marchés à courte ou moyenne échéance.
Retour d’expérience sur la gestion de projet de développement logiciel et technologique. Présentation faite par Francois Pellegrini, Prof. Univ. Bordeaux, auteur de plusieurs ouvrages sur le sujet de la propriété intellectuelle autour des logiciels (surtout libre!). Il est aussi “project leader” de plusieurs logiciels ouverts et à une très grande expérience à la fois en gestion de projet et en propriété intellectuelle. Cette présentation contiendra ses retours d’expériences, ses bonnes pratiques, ses conseils, et ce qu'il ne faut surtout pas faire !
Vous aimez des cas pratiques? Pas de théorie ? Alors vous ne serez pas déçu par Francois Pellegrini.
La valorisation de logiciels de recherche au sein de l'Inria? Quels sont les bonnes pratiques pour préparer une diffusion large ? Quels sont les modèles économiques possibles et leurs licences associés ? Conseils, Retour d'expérience et bonnes pratiques par Laure Aït-Ali Le Neindre, Chef de projet transfert, partenariats et projets d'innovation.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Monitoring Java Application Security with JDK Tools and JFR Events
OSS Legal issues method
1. 1!
fOSSa Conference
Grenoble 17/11/2009
OSS & LAW
Luc Grateau
Direction du Transfert et de l’Innovation
!!"#"$%&#'$(
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
2. 2!
(Open Source ?) software and Law(s)
Back to the basics
Introduction (Open Source Assets Management at INRIA)
Open Source Project Lifecycle
Reminder IPR related to software & License
The Freedom Matrix : (co) ownership & code reuse
The developers needs vs obligations
Exploitation intentions
Intellectual Property Rights (IPR) Tracking Models
IPR Tracking Methodology
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
3. 3!
Introduction: KNOWLEDGE and TECHNOLOGY TRANSFER AT INRIA
!! Knowledge provider: Scientific Papers and Technical Reports
(Open Archive HAL-INRIA launched in April 2005)
!! Prototype Technology Provider
"! Software components / libraries and prototype applications (component based)
Proprietary or Open Source development licensing and spin-off creation
Software development and transfer policies
- G-forge based infrastructure
Dedicated support services (SED)
A focus on software “quality” (including IPR management issues in
development best practices)
A recent position Paper on Open Source (OSWF 2009)
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
7. 7!
Software: definition(s) Preparatory works (specifications)
Code
Documentation
Scilab
Scicos
2 levels
The level of the component (component license)
The level of the components based system (software license)
Scilab kernel could be
a part of an
embedded software Software = components based (and collaboratively developed)
software typically an OSS project
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
8. 8!
IPR related to software & License
International law framework (Berne convention)
National / regional differences
Moral rights Owner = author(s)
Patrimonial rights =
Exploitation Right with 3 main features (reproduction, modification,
distribution of original or modified works)
Owner = employer of the author
License = contract on exploitation rights +
owner’s provisions (i.e. Citation provision) =>
“licence jungle”
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
9. 9!
Freedom Matrix: Exploitation & enforcement
CASE 2: Medium risk CASE 4: High risk
(licenses compatibility) (licenses compatibility
yes
contracts –
(open source or not)
Freedom to exploit ? choice of exploitation license)
Code reuse
Freedom to enforce ?
Freedom to exploit ?
Freedom to enforce ?
CASE 3: Medium risk
CASE 1: Low risk
(contracts –
choice of exploitation license)
no
Freedom to exploit
Freedom to enforce Freedom to exploit ?
Freedom to enforce ?
No yes
(sol ownership)
Collaborative development
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
10. 10!
OPEN SOURCE LICENSES (FSF/OSI)
“ROUGH” TYPOLOGY
PERMISSIVE LICENCES: no restriction on exploitation
Example : BSD
NON PERMISSIVE LICENCES:
Restriction provisions on exploitation
–! Limited at the component level as such Example : GNU LGPL
Non permissive in derivation
Permissive in composition
(when composed with other CB software proprietary or OSS with appropriate
“composition rule”/link)
–! Non limited (copyleft) Example : GNU GPL
Non permissive in derivation
Non Permissive in composition
Obligation to redistribute the CB software under the “component” licence
Not effective to control Software as a Service component based Software
–! GNU Affero GPL (to cover SaaS exploitation model) obligation to make available
the source code of the CB software integrating a component under GNU Affero
GPL
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
11. 11!
Developers needs
Use pre-existing components (do not reinvent the wheel)
Modify them
Compose components :
integrate parts, combine, link pre-existing components or ex-nihilo
components
Distribute the resulting Software
Open source licensed components fulfilled developer needs, with some
restrictions
Software development is a domain with no standardised terminology
Combined files, composed, integrated, derived works, « copyleft » licenses, « contaminantes », « viral »,
« hereditary », permissive, non permissive, … components, files, modules, etc…)
Vocabulary could be technology related. Sometimes defined within the license itself (Glossary). The
license denomination varies (GPL, GNU GPL, GNU GPL V2) and the licenses change with time. The
license attached to a component may change with time
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
12. 12!
Exploitation intentions
(except on service activities)
Capture part of the value Permissive
Licensing
Freeware
no
(Free SaaS) (Open SaaS ?)
Mixt
Modes
Proprietary Licensing Double/Dual
yes
(Commercial SaaS)
Licensing
no yes
Give access to the source Code
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
13. 13!
Developers / Editor / Contributor obligations
3 Principles/key legal issues of responsible open source projects
contribution or edition
1.! respect the provisions of the licenses attached to the used pre-existing
components (and their text integrity) Be aware of open code but not open source
licensed components
2.! verify the license compatibility of each pre-existing component with the
distribution license of the CBCD Software you intend to use
3.! be owner of the parts you produce (do not create uncontrolled “de facto” joint-
ownership with physical contributors/committers)
(ex : assignment of IPR –patrimonial- of summer interns working for you and
under your authority)
!! Respect other contracts/grants or IPR assets attached to components
i.e. : confidentiality provisions, special access right to sponsoring states, patents,
trademarks, moral rights of authors, etc…
If a license attached to a file is a clearly defined legal object, it is not the case for a set of
licences and other legal obligations attached to a (sometimes large) set of files and
components.
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
15. 15!
GNU GPL
Text integrity issue
(ex : mixt between
GNU GPL & LGPL)
No Licence
Summer intern developed
Component with no IPR
Assignment
LGPL
Proprietary
BSD
This lead us to propose the notion of legal situation of a CBCD
software
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
16. 16!
IPR Legal issues
!! Assumption of « legal - development good practices »
We assume “development in good faith” when it comes to use pre-existing components
(nevertheless, developers should be aware and informed that advanced code reuse detection
technologies (nextB, palamida, blackduck, etc … ) can prove unfair practices or
counterfeiting of that kind; “development good practices” must be the rule and other
practices should be strictly prohibited).
This means, for example, that developers do not:
"! delete existing headers
"! do not modify licence attached to external components, without formal authorisation of the
IPR owners of the external components.
"! try to hide the origin of external code, by reengineering it, changing the names of variables
or doing other non authorised practices.
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
17. 17!
Legal situation (1/3)"
!! IDENTIFY RIGHTS AND OBLIGATIONS
#! Identify all authors (?=contributors)
#! Identify copyright owners (? employee)"
#! Identify all components, kind of dependencies
(! wording “combined”, “link”, “derived”)"
#! Contractual issues (Consortium agreement)"
#! Applicable law (moral and patrimonial rights)"
#! Related content repository
#! ...
$!NEED FOR A “HIGH LEVEL” FORMALISATION
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
Confidentiel INRIA 26/11/08
18. 18!
Legal situation 1st implementation (2/3)
!! 1 Position in chain of rights
#! Initial software
#! Derived software
#! Heterogeneous software
!! 2 IPR Owners
#! Morals rights
#! Patrimonial rights
!! 3 Legal condition of exploitation
#! Exploitation is restricted by an agreement
#! Exploitation is restricted by law
#! Exploitation is restricted by license (s) or license components compatibility
#! Exploitation Is restricted by another binding rule or legal provision
!! 2 Other enforceable IPR against software
#! Patent
#! Trademark
#! copyright
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
Confidentiel INRIA 26/11/08
19. 19!
a need for a software component implementation (3/3)
!! Definition of normalised OSS licence denominations
!! Data extraction with licence checker tools to feed Legal Situation Meta-data
!! Applied to a large set of source code from various development communities
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
Confidentiel INRIA 26/11/08
20. 20!
IPR Tracking models
Selection of pre-existing
Content controlled Content & legal
Certified database
yes
process checking
components
controlled process
from
Post-development audit Legal checking
no
oriented process controlled process
no yes
Integration of IPR Tracking methodology
to the development process
(continuous or sequential)
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
21. 21!
Qualipso IPR tracking Methodology at INRIA
INRIA proposed an generic IPRT methodology within Qualipso EC funded research project and
implemented it for its own organisation (Luc Grateau, Magali Fitzgibbon, Guillaume
Rousseau).
!! The aim is to set up an appropriate legal governance and process to determine and follow
the legal situation of a CBCD software during its development process in order to make sure
that this legal status is compliant with the development and exploitation intends of the CBCD
software editor.
!! This IPRT policy is actually in a test phase at INRIA and based on :
•! A training program for developers and support staff to foster their awareness of IPR
tracking issues for CBCD software
•! a multi-skilled team composed of technical staff, legal persons and technology transfer
officers in charge of the legal governance of the software development
•! An IPR tracking methodology using software tools (i.e. FOSSology license checker)
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
Confidentiel INRIA 26/11/08
22. 22!
Qualipso Methodology implemented at INRIA
1.! High level
Description of the software 4. Problem Identification
(Description of the software
and Risk Evaluation
Architecture, functionalities, modules or components)
2. Definition of the scope
of the Audit 5. Solve Blocking/Critical
Problem
(Main objectives)
3. Determination of the Legal 6. Insurance, Dissemination
Situation and IPR tracking
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
Confidentiel INRIA 26/11/08
23. Qualipso Methodology (QM)
23!
Phase 1 : High level description Example
Example 1 : XtreemOS
Global position of XtreemOS layer in the software stack
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
24. 24!
QM Phase 1 : High level description Example
Example 1 : XtreemOS
Refined high level description of the « XtreemOS » layer showing main functional
domains of two sub-layers (middleware closed sub-layer and system closed sub-layer)
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
25. 25!
QM PHASE 2 : Defining strategy
Phase 2 is aiming at defining the IPR strategy in relation to the
« high level description » of the software.
The licensing scheme of a CBCD software could be function of
which part of the software you consider, and the related questions
you might have to define and monitor the IPR tracking process
would depend on the development phase and the licensing or
exploitation schemes associated to each relevant software layer
or functional domain. i.e. :
•! if you planned not to distribute the software, but to give access to
it as a “software as a service”, the legal issues are quite different
as if you planed to distribute it under as permissive BSD like
license.
•! If you planned to collaboratively develop the software, issues are
different of in-house development
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
26. 26!
QM
PHASE 2 : Defining strategy XtreemOS use-case
BSD layer
GNU GPL V2 layer
View of the « XtreemOS » licensing strategies
XtreemOS Grid support layer, XtreemOS-G : BSD licensing scheme
XtreemOS Foundation layer, XtreemOS-F : GNU GPL V2 licensing scheme
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
27. QM PHASE 3 : 27!
3. Determination of the Legal Situation (s)
Questionnaire Automated
(how the software Legal Status Mining
Legal situation
is perceived “Fossology” (liked)
by the development (realization of a Legal Situation
Project Management team) from a source code archive
by automated tool(S))
Perceived Determined
Legal status Legal status
(LS1) (LS2)
Next Step: 4. Problem Identification Legal status analysis
and Risk Evaluation (LS1,LS2) ; # (LS1,LS2)
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
31. QM PHASE 4 : 31!
4. Problem Identification Legal status analysis
and Risk Evaluation (LS1,LS2) ; # (LS1,LS2)
LS1 : # (LS1,LS2) : LS2 :
features analysis of features analysis of
Analysis of differences
perceived legal status automatically determined
between perceived
legal status
and automatically determined
legal status
Problem identification / Risk Evaluation Technico - legal
Component Issues
Authorship issues Ownership issues (i.e. static/dynamic
License text
links study, etc…)
Public Domain Integrity/modification
Other Issues issues issues
(i.e. component redundancy)
Component Component License
with no License/headers “compatibility”
issues issues (upper & lower)
Other
Components Obligation
issues (i.e. : citation, etc…)
Towards Step 6. Insurance ,
Next Step: 5. Solve Blocking/Critical Problem(s)
Dissemination
and IPR tracking
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
32. 2) QM PHASE 5 : 32!
5. Solve Blocking/Critical Problem(s)
Problem Solving by development team
Component
Problem solved by time
Component substitution Component
(change of license)
rewriting by similar elimination
Java/Sun components
functional component
Problem Solving by legal team
Notification
Negotiation of another
IPR acquisition of unsolved
compatible licence
Licensing in situations
for a critical Component
to the development team
Next Step: 6. Insurance, Dissemination and IPR tracking
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
33. 33!
IPR Tracking CONCLUSION
Intellectual Property Rights Tracking Methodology for components
based and collaboratively developed software is proposed within
Qualipso EC Project and under testing at INRIA.
A governance or coordination level in charge of IPR tracking issues
A process using FOSSology as license checker
A better defined and enhanced quality software
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
34. 34!
CONCLUSION: IPR Legal issues of open source CBCD Software
!! Importance of Academic Actors for the Open Source Ecosystem
!! Shared awareness for legal quality control improvement of components based
and collaboratively developed software (CBCDS) from academic world
•! Toward a Robust Legal Framework for OSS
!! LEVERAGE STATE-OF-ART TO FULFILL OPEN SOURCE ECOSYSTEM NEEDS
New legal tools : Initiative like CeCILL family - compliant to European legal framework
(Define applicable law and comply with liability regulation)"
New Audit technologies or tools (FOSSology, OSLC, etc…),
New Business opportunity (Palamida, Black Duck, NextB, Neolex,….)
New insurance tools for residual risk (Lyods of London and OSRM …)
!! BUILD APPROPRIATE LEGAL FRAMEWORK AND PROCESS
Methodologies (IPR Tracking, Audit, Risk analysis)
Dedicated IPR Management Tools
Skills and team building
!! Aim : Increasing trust in CBCD software
Improve legal safety for Contributors, Editors, Customers, Service and product providers
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau
35. 35!
!! References:
1 Open (Research) issue toward a legal framework for OSS, FOSDEM 2008 ROUSSEAU
http://libresoft.es/Activities/Research_activities/downloads/fosdem2008/papers/INRIA-GR_20080218-final.pdf
2 Guide de diagnostic du logiciel (INRIA Internal document, DTI/SPIV 2006) GRATEAU and FONTAINE
3 Toward an open-source technology transfer model DALLE and ROUSSEAU
Proceeding of the 4th Workshop on Open Source Software Engineering
4 IPR Tracking: A methodology for Component Based and Collaboratively Developed software
L. GRATEAU, M. FITZGIBBON, G. ROUSSEAU Qualipso EC funded Project, Activity 1 “Legal issues”
Deliverable D1.4.1
Diffusion Status : Public January 26th, 2009
Final version: 20th November 2009
!! Contacts:
Patrick.Moreau@inria.fr
!!INRIA fOSSa Grenoble 17/11/2009 Luc Grateau