SlideShare a Scribd company logo

The Role of In-House & External Counsel in Managing Open Source Software

Download as PPTX, PDF
Flexera
Flexera

Amy Chun, Partner at Knobbe Martens and Marty Mellican, VP & Associate General Counsel at Flexera discuss the role of in-house counsel to better manage any potential legal risks that might be inherent with OSS use.

Technology
1 of 20
THE ROLE OF IN-HOUSE AND EXTERNAL COUNSEL IN MANAGING OPEN SOURCE
INTRODUCTIONS AMY CHUN Partner Amy.Chun@Knobbe.com MARTY MELLICAN VP & Associate General Counsel MMellican@Flexera.com
Agenda • Why Open Source is Important • Guidelines for Managing Open Source o Review Audit Results o Implement Open Source Policies o Review Agreements • Q&A
STRUTS 2 WEB APP FRAMEWORK FIREFOX WEB BROWSER WHAT IS OPEN SOURCE SOFTWARE? Human-readable software designed for inspection, reuse, improvement and distribution by the public—pursuant to a broad copyright license that does not require the payment of any fees to the copyright holder. Common Open Source Software LINUX OS
OPEN SOURCE SOFTWARE IS EVERYWHERE 5 A U T O M O B I L E H E A LT H C A R E I O T E D U C AT I O N S A A S M E D I A C O N S U M E R G O O D S T E L C O
OPEN SOURCE SOFTWARE USE IS EXPLODING MORE THAN of IT organizations leverage Open Source software assets Source: Gartner 95% MORE THAN of all code written today is Open Source Source: Flexera OSS Fact or Fiction report 2017 50% 25MM MORE THAN repositories of Open Source code exist today Sources: Github
SIGNIFICANT ADVANTAGES 7 1. Technology agility and flexibility 2. Large amount of code covering different areas 3. Code is reviewed by many in the OSS community 4. Community provides ongoing improvements and patches 5. Organizations can attract higher caliber professional technologists 6. Cost effectiveness – Often free to use (but not necessarily free of obligations)
UNMANAGED OPEN SOURCE CREATES RISK 8 License Compliance Security Issues Loss of Company IP Reputational Harm OSS Community Pushback
GUIDELINES FOR MANAGING OSS 1. REVIEW AUDIT RESULTS 2. IMPLEMENT POLICY 3. REVIEW AGREEMENTS
#1 REVIEW AUDIT RESULTS: THE DATA SAYS… ONLY 2% OF ISSUES ARE KNOWN PRIOR TO AUDIT START 1 ISSUE IDENTIFIED FOR EVERY 33,000 LINES OF CODE (TOTAL OF 1,605,496,111 LINES OF CODE SCANNED) 367 AVERAGE NUMBER OF ISSUES IDENTIFIED PER AUDIT PROJECT 39% OF COMPANIES HAVE NO ONE RESPONSIBLE FOR OPEN SOURCE SOFTWARE COMPLIANCE
11 85% P1: High severity issues such as strong Copyleft compliance issues involving the AGPL and GPL, or other important vulnerabilities. P2: Secondary priority issues related to commercial and vanity licenses. P3: Low risk hygiene issues related to permissive licenses such as those under BSD, apache, and MIT. P4: dual/tri licensed components with a viral and permissive license option. For example: jQuery under GPL or MIT • Conduct an audit o Use a scanning tool such as FlexNet Code Insight • Review flagged issues • Assign priority #1 REVIEW AUDIT RESULTS
12 TypesofLicenses A free software license with few restrictions on how the OSS can be redistributed Examples: BSD, MIT, Apache PERMISSIVE Copyleft triggered by hosted uses of OSS Examples: AGPL NETWORK Often triggered by “distribution” and extends to derivative works Examples: GPL, LGPL, MPL, CPL COPYLEFT #1 REVIEW AUDIT RESULTS
13 85% Remediation Plan/Checklist o Do the restrictions apply? o How important is the OSS feature set? o What other licenses are available? o What other code is available o Could the development team write replacement code? #1 REVIEW AUDIT RESULTS
#2 IMPLEMENT OSS POLICIES Guidelines for OSS Use • Green light licenses that are ok to use • If not green light, see legal • Be sure to add to the code base listing Management of License Notices • Track licenses • Track notice requirements Ongoing Training • Onboarding for new employees and managers • Periodic training for policy and OSS use updates
#2 IMPLEMENT OSS POLICIES Contribute to Community • Voluntary payment of license fee • Contribute code • Sponsor a hackathon • Contribute developer time Potential Release of Company OSS • Consider releasing existing company code • Devote resources to start new OSS projects
#3 AGREEMENTS: OUTBOUND 16 C O N S I D E R L I A B I L I T Y C A R V E O U T S / C A P S D I S C L O S U R E & M A R K I N G R E Q U I R E M E N T S P R O V I D E O S S C O D E L I S T I N G Rep and warranty carve out and no indemnification for OSS Included with any OSS and available on website When requested, make OSS code list available
#3 AGREEMENTS: INBOUND Restrictions on use of open source Make available a complete list of all open source use Provide a list of all updates on an ongoing basis
KEY TAKEAWAYS Open Source is everywhere and offers significant advantages Regular training and agreement reviews are critical Track my OSS usage and manage license compliance/security risk on an ongoing process Create an environment that supports the OSS community Implementing policies for OSS management mitigates risk and provides structure
QUESTIONS
THANK YOU www.flexera.com/sca Amy.Chun@Knobbe.com MMellican@Flexera.com

Recommended

7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First Strategy7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First StrategyFlexera
 
The Practical Approach for End-to-End SaaS Management
The Practical Approach for End-to-End SaaS ManagementThe Practical Approach for End-to-End SaaS Management
The Practical Approach for End-to-End SaaS ManagementFlexera
 
Using Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceUsing Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceFlexera
 
Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Rana Zayed
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Flexera
 
Having Trouble Managing All Your Cloud Services? We Know!
Having Trouble Managing All Your Cloud Services? We Know!Having Trouble Managing All Your Cloud Services? We Know!
Having Trouble Managing All Your Cloud Services? We Know!Flexera
 
Make Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyMake Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyFlexera
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT EnvironmentFlexera
 

Recommended

7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First Strategy7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First StrategyFlexera
 
The Practical Approach for End-to-End SaaS Management
The Practical Approach for End-to-End SaaS ManagementThe Practical Approach for End-to-End SaaS Management
The Practical Approach for End-to-End SaaS ManagementFlexera
 
Using Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceUsing Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceFlexera
 
Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Rana Zayed
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Flexera
 
Having Trouble Managing All Your Cloud Services? We Know!
Having Trouble Managing All Your Cloud Services? We Know!Having Trouble Managing All Your Cloud Services? We Know!
Having Trouble Managing All Your Cloud Services? We Know!Flexera
 
Make Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyMake Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyFlexera
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT EnvironmentFlexera
 
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...Flexera
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solutionAlgoSec
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseDo You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseFlexera
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteAlgoSec
 
Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera
 
2015 Customer Choice Awards Infographic
2015 Customer Choice Awards Infographic2015 Customer Choice Awards Infographic
2015 Customer Choice Awards InfographicFlexera
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why Flexera
 
Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...shira koper
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarAlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivityshira koper
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Flexera
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015Martin Thompson
 
Patterns for Monetizing the IoT
Patterns for Monetizing the IoTPatterns for Monetizing the IoT
Patterns for Monetizing the IoTFlexera
 
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Flexera
 
BDNA joins Flexera
BDNA joins FlexeraBDNA joins Flexera
BDNA joins FlexeraFlexera
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)Shivani Rai
 

More Related Content

What's hot

Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...Flexera
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solutionAlgoSec
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseDo You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseFlexera
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsAlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteAlgoSec
 
Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera
 
2015 Customer Choice Awards Infographic
2015 Customer Choice Awards Infographic2015 Customer Choice Awards Infographic
2015 Customer Choice Awards InfographicFlexera
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why Flexera
 
Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...shira koper
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarAlgoSec
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivityshira koper
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Flexera
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015Martin Thompson
 
Patterns for Monetizing the IoT
Patterns for Monetizing the IoTPatterns for Monetizing the IoT
Patterns for Monetizing the IoTFlexera
 
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Flexera
 
BDNA joins Flexera
BDNA joins FlexeraBDNA joins Flexera
BDNA joins FlexeraFlexera
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 

What's hot (20)

Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
Webinar: Take Proactive Control of Your SAP Licensing, Indirect Usage and Ven...
 
2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution2019 08-13 selecting the right security policy management solution
2019 08-13 selecting the right security policy management solution
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseDo You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
 
Cloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrationsCloud migrations made simpler safe secure and successful migrations
Cloud migrations made simpler safe secure and successful migrations
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management SuiteMore Things You Can Do with the AlgoSec Security Policy Management Suite
More Things You Can Do with the AlgoSec Security Policy Management Suite
 
Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?
 
2015 Customer Choice Awards Infographic
2015 Customer Choice Awards Infographic2015 Customer Choice Awards Infographic
2015 Customer Choice Awards Infographic
 
Flexera Software's Why
Flexera Software's Why Flexera Software's Why
Flexera Software's Why
 
Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...Intent Based Networking: turning intentions into reality with network securit...
Intent Based Networking: turning intentions into reality with network securit...
 
compliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinarcompliance made easy. pass your audits stress-free webinar
compliance made easy. pass your audits stress-free webinar
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
 
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
Software Distribution, Customer Experience and the IoT: Get Ready for Fast, S...
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
 
Patterns for Monetizing the IoT
Patterns for Monetizing the IoTPatterns for Monetizing the IoT
Patterns for Monetizing the IoT
 
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
Webinar: How Greater Visibility of Software Assets is Saving Chicago Public ...
 
BDNA joins Flexera
BDNA joins FlexeraBDNA joins Flexera
BDNA joins Flexera
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 

Similar to The Role of In-House & External Counsel in Managing Open Source Software

#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)Shivani Rai
 
Addressing Open Source Risks During M&A: A Legal View
Addressing Open Source Risks During M&A: A Legal ViewAddressing Open Source Risks During M&A: A Legal View
Addressing Open Source Risks During M&A: A Legal ViewFlexera
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseFINOS
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseOpen Source Strategy Forum
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...hani727151
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBlack Duck by Synopsys
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullGreat Wide Open
 
Open Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated CompaniesOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companiesiasaglobal
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source SecurityJerika Phelps
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceRogue Wave Software
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Synopsys Software Integrity Group
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Four Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyFour Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source Policyiasaglobal
 
Open Source All The Things
Open Source All The ThingsOpen Source All The Things
Open Source All The ThingsAll Things Open
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 

Similar to The Role of In-House & External Counsel in Managing Open Source Software (20)

#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)
 
Addressing Open Source Risks During M&A: A Legal View
Addressing Open Source Risks During M&A: A Legal ViewAddressing Open Source Risks During M&A: A Legal View
Addressing Open Source Risks During M&A: A Legal View
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash Course
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash Course
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational Pull
 
Open Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated CompaniesOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companies
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source Security
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open source
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Four Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyFour Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source Policy
 
Open Source All The Things
Open Source All The ThingsOpen Source All The Things
Open Source All The Things
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 

More from Flexera

Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Flexera
 
Open Source Security - It can be done easily.
Open Source Security - It can be done easily.Open Source Security - It can be done easily.
Open Source Security - It can be done easily.Flexera
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Flexera
 
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2Flexera
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsKeeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsFlexera
 
Crafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyCrafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyFlexera
 
SAM and Security Teams Must Join Forces to Enhance Security
SAM and Security Teams Must Join Forces to Enhance SecuritySAM and Security Teams Must Join Forces to Enhance Security
SAM and Security Teams Must Join Forces to Enhance SecurityFlexera
 
Digital Transformation, Cloud Adoption and the Impact on SAM and Security
Digital Transformation, Cloud Adoption and the Impact on SAM and SecurityDigital Transformation, Cloud Adoption and the Impact on SAM and Security
Digital Transformation, Cloud Adoption and the Impact on SAM and SecurityFlexera
 
10 Steps to Simplify your Windows 10 Migration
10 Steps to Simplify your Windows 10 Migration10 Steps to Simplify your Windows 10 Migration
10 Steps to Simplify your Windows 10 MigrationFlexera
 
Webinar: Making the Move to SaaS - Commercial and Licensing Implications
Webinar: Making the Move to SaaS - Commercial and Licensing ImplicationsWebinar: Making the Move to SaaS - Commercial and Licensing Implications
Webinar: Making the Move to SaaS - Commercial and Licensing ImplicationsFlexera
 
Cybersecurity Strategy Must Include Software License Optimization
Cybersecurity Strategy Must Include Software License OptimizationCybersecurity Strategy Must Include Software License Optimization
Cybersecurity Strategy Must Include Software License OptimizationFlexera
 
Webinar: The Power of Normalized Inventory
Webinar: The Power of Normalized InventoryWebinar: The Power of Normalized Inventory
Webinar: The Power of Normalized InventoryFlexera
 
Windows 10 One Year Later: What’s Holding You Back?
Windows 10 One Year Later: What’s Holding You Back? Windows 10 One Year Later: What’s Holding You Back?
Windows 10 One Year Later: What’s Holding You Back? Flexera
 
Webinar: What's New in FlexNet Manager Suite 2016
Webinar: What's New in FlexNet Manager Suite 2016Webinar: What's New in FlexNet Manager Suite 2016
Webinar: What's New in FlexNet Manager Suite 2016Flexera
 

More from Flexera (14)

Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1Webinar: What's New In FlexNet Manager Suite 2018 R1
Webinar: What's New In FlexNet Manager Suite 2018 R1
 
Open Source Security - It can be done easily.
Open Source Security - It can be done easily.Open Source Security - It can be done easily.
Open Source Security - It can be done easily.
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
 
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
Don’t Let Hackers Breach Your Data: Shutting Your Risk Window on Apache Struts2
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsKeeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
 
Crafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management StrategyCrafting Your Oracle License, Contract and Vendor Management Strategy
Crafting Your Oracle License, Contract and Vendor Management Strategy
 
SAM and Security Teams Must Join Forces to Enhance Security
SAM and Security Teams Must Join Forces to Enhance SecuritySAM and Security Teams Must Join Forces to Enhance Security
SAM and Security Teams Must Join Forces to Enhance Security
 
Digital Transformation, Cloud Adoption and the Impact on SAM and Security
Digital Transformation, Cloud Adoption and the Impact on SAM and SecurityDigital Transformation, Cloud Adoption and the Impact on SAM and Security
Digital Transformation, Cloud Adoption and the Impact on SAM and Security
 
10 Steps to Simplify your Windows 10 Migration
10 Steps to Simplify your Windows 10 Migration10 Steps to Simplify your Windows 10 Migration
10 Steps to Simplify your Windows 10 Migration
 
Webinar: Making the Move to SaaS - Commercial and Licensing Implications
Webinar: Making the Move to SaaS - Commercial and Licensing ImplicationsWebinar: Making the Move to SaaS - Commercial and Licensing Implications
Webinar: Making the Move to SaaS - Commercial and Licensing Implications
 
Cybersecurity Strategy Must Include Software License Optimization
Cybersecurity Strategy Must Include Software License OptimizationCybersecurity Strategy Must Include Software License Optimization
Cybersecurity Strategy Must Include Software License Optimization
 
Webinar: The Power of Normalized Inventory
Webinar: The Power of Normalized InventoryWebinar: The Power of Normalized Inventory
Webinar: The Power of Normalized Inventory
 
Windows 10 One Year Later: What’s Holding You Back?
Windows 10 One Year Later: What’s Holding You Back? Windows 10 One Year Later: What’s Holding You Back?
Windows 10 One Year Later: What’s Holding You Back?
 
Webinar: What's New in FlexNet Manager Suite 2016
Webinar: What's New in FlexNet Manager Suite 2016Webinar: What's New in FlexNet Manager Suite 2016
Webinar: What's New in FlexNet Manager Suite 2016
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

The Role of In-House & External Counsel in Managing Open Source Software

  • 1. THE ROLE OF IN-HOUSE AND EXTERNAL COUNSEL IN MANAGING OPEN SOURCE
  • 2. INTRODUCTIONS AMY CHUN Partner Amy.Chun@Knobbe.com MARTY MELLICAN VP & Associate General Counsel MMellican@Flexera.com
  • 3. Agenda • Why Open Source is Important • Guidelines for Managing Open Source o Review Audit Results o Implement Open Source Policies o Review Agreements • Q&A
  • 4. STRUTS 2 WEB APP FRAMEWORK FIREFOX WEB BROWSER WHAT IS OPEN SOURCE SOFTWARE? Human-readable software designed for inspection, reuse, improvement and distribution by the public—pursuant to a broad copyright license that does not require the payment of any fees to the copyright holder. Common Open Source Software LINUX OS
  • 5. OPEN SOURCE SOFTWARE IS EVERYWHERE 5 A U T O M O B I L E H E A LT H C A R E I O T E D U C AT I O N S A A S M E D I A C O N S U M E R G O O D S T E L C O
  • 6. OPEN SOURCE SOFTWARE USE IS EXPLODING MORE THAN of IT organizations leverage Open Source software assets Source: Gartner 95% MORE THAN of all code written today is Open Source Source: Flexera OSS Fact or Fiction report 2017 50% 25MM MORE THAN repositories of Open Source code exist today Sources: Github
  • 7. SIGNIFICANT ADVANTAGES 7 1. Technology agility and flexibility 2. Large amount of code covering different areas 3. Code is reviewed by many in the OSS community 4. Community provides ongoing improvements and patches 5. Organizations can attract higher caliber professional technologists 6. Cost effectiveness – Often free to use (but not necessarily free of obligations)
  • 8. UNMANAGED OPEN SOURCE CREATES RISK 8 License Compliance Security Issues Loss of Company IP Reputational Harm OSS Community Pushback
  • 9. GUIDELINES FOR MANAGING OSS 1. REVIEW AUDIT RESULTS 2. IMPLEMENT POLICY 3. REVIEW AGREEMENTS
  • 10. #1 REVIEW AUDIT RESULTS: THE DATA SAYS… ONLY 2% OF ISSUES ARE KNOWN PRIOR TO AUDIT START 1 ISSUE IDENTIFIED FOR EVERY 33,000 LINES OF CODE (TOTAL OF 1,605,496,111 LINES OF CODE SCANNED) 367 AVERAGE NUMBER OF ISSUES IDENTIFIED PER AUDIT PROJECT 39% OF COMPANIES HAVE NO ONE RESPONSIBLE FOR OPEN SOURCE SOFTWARE COMPLIANCE
  • 11. 11 85% P1: High severity issues such as strong Copyleft compliance issues involving the AGPL and GPL, or other important vulnerabilities. P2: Secondary priority issues related to commercial and vanity licenses. P3: Low risk hygiene issues related to permissive licenses such as those under BSD, apache, and MIT. P4: dual/tri licensed components with a viral and permissive license option. For example: jQuery under GPL or MIT • Conduct an audit o Use a scanning tool such as FlexNet Code Insight • Review flagged issues • Assign priority #1 REVIEW AUDIT RESULTS
  • 12. 12 TypesofLicenses A free software license with few restrictions on how the OSS can be redistributed Examples: BSD, MIT, Apache PERMISSIVE Copyleft triggered by hosted uses of OSS Examples: AGPL NETWORK Often triggered by “distribution” and extends to derivative works Examples: GPL, LGPL, MPL, CPL COPYLEFT #1 REVIEW AUDIT RESULTS
  • 13. 13 85% Remediation Plan/Checklist o Do the restrictions apply? o How important is the OSS feature set? o What other licenses are available? o What other code is available o Could the development team write replacement code? #1 REVIEW AUDIT RESULTS
  • 14. #2 IMPLEMENT OSS POLICIES Guidelines for OSS Use • Green light licenses that are ok to use • If not green light, see legal • Be sure to add to the code base listing Management of License Notices • Track licenses • Track notice requirements Ongoing Training • Onboarding for new employees and managers • Periodic training for policy and OSS use updates
  • 15. #2 IMPLEMENT OSS POLICIES Contribute to Community • Voluntary payment of license fee • Contribute code • Sponsor a hackathon • Contribute developer time Potential Release of Company OSS • Consider releasing existing company code • Devote resources to start new OSS projects
  • 16. #3 AGREEMENTS: OUTBOUND 16 C O N S I D E R L I A B I L I T Y C A R V E O U T S / C A P S D I S C L O S U R E & M A R K I N G R E Q U I R E M E N T S P R O V I D E O S S C O D E L I S T I N G Rep and warranty carve out and no indemnification for OSS Included with any OSS and available on website When requested, make OSS code list available
  • 17. #3 AGREEMENTS: INBOUND Restrictions on use of open source Make available a complete list of all open source use Provide a list of all updates on an ongoing basis
  • 18. KEY TAKEAWAYS Open Source is everywhere and offers significant advantages Regular training and agreement reviews are critical Track my OSS usage and manage license compliance/security risk on an ongoing process Create an environment that supports the OSS community Implementing policies for OSS management mitigates risk and provides structure

Editor's Notes

  1. Stacey: Will kick off the webinar
  2. Stacey: Will read bios of Amy and Marty and then transition to Amy
  3. Amy: Thanks Stacey During this session, we’ll do a quick level-set on why open source is important We’ll then walk thought some guidelines for managing open source Covering off on reviewing audit results, implementing policies, and reviewing agreements We’ll then have time for Q&A Marty, do you want to start us of by making sure we’re all on the same page as to what we mean when we say “open source”?
  4. Marty: OSS is software that is made available in human readable form (as opposed to the 1s and 0s that computers read- that’s often called compiled code or object code). It is also free in the sense that you don’t need do pay the developer of the code any money for the right to use the software. Instead, you are contractually obligated to comply with a copyright license that accompanies the software. Depending on the license selected by the developer, you have certain obligations that you must comply with when you use the code. There are lots of examples of open source in the market today. Some are even related to pretty large commercial operations. My guess is most have heard of the three we have listed here- Linux, Firefox and Struts 2. Although you may know Struts for a different reason than why you know the first two. But we’ll talk about that later. Transition to Amy: First, Amy, given your work with tech companies, what are you seeing in terms of open source use?]
  5. Amy: Given the cost benefit and timing efficiencies of using Open Source, we are seeing that open source is used in almost every piece of computerized technology today. Open Source is being used well beyond standard software companies, but being integrated across a wide array of industries. Open source is becoming the default, not an anomaly when it comes to building products. Whether med devices, media apps, or smart home devices.
  6. Amy: Here is some information on how prevalent Open Source is today. Over 95% of IT organizations leverage open-source software applications More than 50% of code written is Open Source And there are more than 25 million public repositories of Open Source It really is everywhere. Marty, You’ve seen this first hand at Flexera. Can you talk about why companies are so drawn to using Open Source?
  7. Marty: Not only does Flexera help manage OSS, but Flexera also uses OSS and is able to enjoy many of its key advantages. [insert discussion of advantages] While open source does come with many advantages, it also comes with risk. Amy, can you walk us through some of that risk.
  8. Amy Yes, we’ve seen several examples of how unmanaged open source can create risk for the company. While open source may be freely available, each set of open source code almost always comes with specific license terms. These can range from 1 or 2 general terms or include pages and pages of requirement. In many situations, these requirements are straightforward and can be easy to comply with. However, we often see that no one at the company knows that there are licenses, what the licenses are or what requirements they should be following. The biggest risk we’re seeing more recently is the potential security risk that comes with using open source. Much like any other software, there can often be flaw or security issues with open source. These issues are made available to the public once known, but if no one in the company even knows what Open Source is being used, then no one knows that they need to go an install a security patch. There have been some pretty well-publicized security issues with certain, popular open source, but we still find a lot of companies continuing to use open source with the known security issue. A company can also lose its own IP due to unmanaged open source. For example, we’ve seen instances where teams have released code meant to only be used for the company as open source. There have also been instances where a company was using proprietary code with open source where the open source owner was arguing that the proprietary code had now become open source. Some companies have decided to just release the proprietary code as open source rather than fight the open source community. Which leads us to the next issue in that poor management of open source can also hurt the reputation of the company. Owners of open source are often offering their open source to the public expecting that uses of the code will honor the terms of the licenses. When an owner finds out that a company is blatantly disregarding the terms of the license, they often make their concerns known to the community. Once the Open Source community sees a company as a “bad guy” then there is often significant pressure for the company to comply with the licenses. Sometimes organizations will step in to fund or assist with litigation. We find that the main goal isn’t for them to receive some type of monetary compensation, they just want the company to comply with their license terms.
  9. Marty: [potentially talk about importance of managing whether you just bought a company after an M&A deal v. start-up v. existing company that is playing catch up]
  10. Marty: One of the first things in-house lawyers need to understand is how likely the open source is being underreported at the company. Flexera recently released a report on what we have found during the audits that we do. We have found that folks really don’t have a great grasp on what they’re using. In fact, only 2% of the issues we discovered were known to our clients when we started. Or, put another way- 98% of the issues we found were a surprise to the company. That is a very voluminous level of unknown issues. To be clear, though, if the unknown issues are benign, then it’s not a big deal, right? And that’s true. Unfortunately, we found an issue for every 33k lines of code or so. And when you’re talking over 1.6 billion lines of code- you’re looking at almost 50k issues. We also found that only 37% of the companies we audit have a formal policy in place. And fully 39% have no one at all responsible for OS compliance. Think about that- more people have no one looking after OS than those that have a full policy in place.
  11. Marty [Importance of audit] [What audit provides] [priority levels]
  12. Amy While there are hundreds of different open source licenses. There are a few key types that come up from a risk perspective. The one you hear about the most is “Copyleft” where they are allowing a company to use their open source, but if the company combines the open source with any of the company’s code, then the company’s code also becomes open source. Further, if the company then distributes that combined code, all of the corresponding source code should be made available. There are lots of legal debates as to whether those provisions could ever be fully upheld if litigated, but we still see this being a key concern to companies. Another category of licenses are “permissive” licenses which have a few restrictions like certain notice requirements (you will give “Credit where credit is due”) or common sense prohibitions such as not saying that the open source owner is endorsing your product. They don’t place any key restrictions on the company, but still put some obligations on the company using the open source. There are lots of other provisions that can be found. For example, some license prevent some sort of field of use (for example No Commercial Use or No Military Use”. Finally, the “source code disclosure” requirement of the original copyleft licenses were only triggered upon distribution. At the time, the thought was that source code disclosure was not needed if a company was just using the open source internally. However, that didn’t take into account server services. So, there is another copyleft license that includes a “source code disclosure” requirement even if the code is not disclosed but used by third parties, such as in a SaaS environment if certain conditions are met. So, what this means, is that there are lots of areas of potential risk, risk that can range from severe to potentially unimportant to the company. The key is making sure the company knows what is going on and deciding what risk it is willing to take on and what risk it wants to manage. Marty, can you kick-off the discussion on what steps you can take to start managing your open source.
  13. Amy [remediation options]
  14. Marty
  15. Marty
  16. Amy
  17. Marty
  18. Amy or Marty
  19. - Will Open Source be around for the next 21 years? That's an open question. - I wouldn't bet against it and its ability to innovate and deliver value in new channels and with greater impact in growth industries. - In its maturity, open source is helping to provide companies across the globe with competitive advantage. Many companies are unable to be successful without it while other companies – as we discussed – are taking full advantage of the benefits it provides. Companies you wouldn't normally think of as SW companies are releasing their own open source software to the rest of the world. - The cycle of maturity seems to not have an end in sight. With the explosion of devices in use – the IoT and wearable technology for example – open source continues to get better, and with that, more users are added at a highly expedited rate, which also pushes it improve - As Open Source is maturing and 2018 seems to have brought out both the good and the bad, we expect its use to continue to accelerate and to continue to mature. The future is here? Yes. But there's definitely more to come.