Minneapolis patent attorney Mark Stignani runs through the five components of an Open Source Software Policy.
More In This Category
So, the first of the five segments of open source policy for a corporation would be to survey your assets. So, a survey of assets includes querying or questionnaire-ing your development team to find what they brought in. But probably a more reliable way is to go scan your software. And to use a commercial scanning service like Black Duck Software would be my first suggestion, especially if you have a very large code base to go through. This has the benefit of telling you what’s wrong immediately, to what things you need to take action with immediately. And also will give certain matters a clean bill of health that you can then set a baseline for going forward.
So the second component is to have an active management policy with your software development team so that any new software coming in, any code of an acquired company, any code that is suggested for use by a third party or even internal development team is then vetted and the licenses are reviewed and discovered. And the risks mitigated.
Commitment to Remediate
Whereas it’s not an actual, definable set of head count, the willpower to remediate software and bring it back to a clean version is sometimes hard to work through corporation systems, simply due to cost and scheduling strain. So the commitment to remediate and remove those issues from your software is essential to having a clean code base and a managed code base going forward.
Getting a compliance group that is actively allowing sets of open source to be used, that is actively negotiated for or managed in your warrantees and representations to your contracts. So something that actually manages the risks and terms of conditions of those licenses as you go forward with the products.
The fifth element is really a commitment to engage in the open source community, to be part of it rather than to simply try to shut it off. It is virtually impossible to develop software without open source these days. So, an active participation in open source communities allows you to help shape policy, it allows you to help shape the licenses that are attached to that. So, if there’s a particular piece of software that you find essential for your code, for your product, for your licensing, you need to take a part in that community as well and help shape how the licenses are being used so that your risk is mitigated going forward. And a license that you wouldn’t want to work under is then released on that product.