safeguarding against the risks of improper open source licensing - valuable lessons for software and...
DESCRIPTION
Greg Olson, Senior Partner at open source consulting firm Olliance Group and Bart Copeland, President and CEO of ActiveState, the dynamic languages company present an informative webinar to: * Investigate legal, operational and market risks associated with open source * Address common pitfalls with open source licensing * Identify proven tips for creating an open source governance program * Explore commercial open source options to mitigate open source legal and operational risks * Share effective steps to protect your organization against costly infringementsTRANSCRIPT
Safeguarding Against the Risks of
Improper Open Source Licensing
Valuable Lessons for Software and Hardware Vendors
April 28, 2010
© 2009 Olliance Group, LLC - All Rights Reserved 2
Introductions
Greg Olson, Senior Partner
Manager, IP Management Practice
Bart Copeland
President & CEO
© 2009 Olliance Group, LLC - All Rights Reserved 3
Agenda
The legal, operational and market risks associated with open source
Common pitfalls with open source licensing
Proven tips for creating an open source governance program
Effective steps to protect your organization against costly infringements
Commercial open source options to mitigate open source legal and operational risks
© 2009 Olliance Group, LLC - All Rights Reserved 4
Why Use Open Source Software?
Best-in-class software in some areas is OSS
Your product must interoperate with other OSS, e.g. Linux
Buyers favor or even require OSS
OSS came with a corporate acquisition
It is a lower cost alternative to traditional commercial packages
You will need to customize externally sourced software
Faster time to market by avoiding development and testing of new code
Lower development costs by using free, already de-bugged code
Lower code maintenance costs by taking advantage of community maintenance
Your code-base already contains significant OSS
Adoption of open-source software (OSS) is becoming pervasive, with 85 percent of companies surveyed currently using OSS in their enterprises and the remaining 15 percent expecting to in the next 12 months…
Gartner Group release, November 2008
© 2009 Olliance Group, LLC - All Rights Reserved 5
A Software Development Revolution
90%Custom
Development
CommercialSoftwarePackage
CommercialSoftwarePackage
NegotiatedProcurement
90%Integration
OSS OSSOSS OSS OSS OSS
OSS OSSOSS OSS OSS
OSS OSSOSS OSS OSS OSS
Download
© 2009 Olliance Group, LLC - All Rights Reserved 6
Poll:What are the biggest challenges you face
around integrating open source packages?
0%
10%
20%
30%
40%
50%
60%
70%
80%
1
Challenge
% o
f R
esp
on
den
ts
Ensure license compliance for elements at
distribution time
Maintaining code and version consistency across
the company
Managing support for many open source
elements
Higher volume of code acquisition decisions
Managing participation in public communities
© 2009 Olliance Group, LLC - All Rights Reserved 7
Open Source Licenses
Open source vs. Free software
Open source licensing principles Non-exclusive license Source code included Source code is free (except for cost) Rights to modify and to redistribute For full OSI definition see http://opensource.org/docs/osd
OSI lists 65 licenses which it has approved as being “Open Source”
The leading code scanning companies have identified well over 500 additional licenses for downloadable source code
Some of these licenses are incompatible, such that code under them may not legally be combined
© 2009 Olliance Group, LLC - All Rights Reserved 8
Legal Risk
Copyright infringement actions Injunction against distribution Order to comply by publishing your proprietary code as open
source
Negative publicity One of the strongest weapons available to the Open Source
community is the Internet
Possible monetary consequences Costly delays in product launch or a product recall Expensive redundant development efforts Restricted commercialization and lost profit opportunities
Potential enforcement rights for every contributor
GPLv2 (most common OSS license) automatically terminated
Potential Consequences for Violation of an Open Source License
© 2009 Olliance Group, LLC - All Rights Reserved 9
Legal Risk Is Not Theoretical
In the last year alone Software Freedom Law Center has sued Best Buy,
Samsung, JVC and eleven other consumer electronics companies for copyright infringement (GPL license)
GPLviolations.org has pursued dozens of complaints against violators of the GPL license
Jury ruled for Jacobson on its infringement suit against Katzer (Artistic License)
In France the Paris Court of Appeals decided last week that the company Edu4 violated the terms of the GPL license
© 2009 Olliance Group, LLC - All Rights Reserved 10
The Indemnification Gap
Most commercial vendors are expected to provide intellectual property indemnification to their customers
Open source software is free, but comes with no warranty and no indemnification
How much of an indemnification gap can your company afford to take on?
© 2009 Olliance Group, LLC - All Rights Reserved 11
Poll:What percentage of open source projects in your organization are currently indemnified?
62%
24%
4%
2%
8%
Don't know 0-25%
26-50% 51-75%
76-100%
© 2009 Olliance Group, LLC - All Rights Reserved 12
New Operational Issues
Incorporating open source adds complexity to software projects
Multiple sources Many different licenses Compatibility requirements between elements Varying levels of quality and maturity Self-service updating and maintenance Project directions not necessarily tied your needs
That complexity can eat you alive if you do not manage it well
Mistakes can seriously delay release schedules Keeping up with bug fixes Security issues Chronic integration headaches Difficulties in resolving customer support issues Cost of maintaining and supporting many different customer
stacks
© 2009 Olliance Group, LLC - All Rights Reserved 13
Open Source Management
Goal: Manage the complexity and risk inherent in the use of open source software without reducing its productivity advantages
What it takes to achieve this goal Strategy and a clear understanding of objectives at the
business level Policy Process Ongoing audit and tuning
Open Source Management works best when it is a natural part of the software development process"Companies must have a policy for procuring OSS, deciding which applications will be
supported by OSS, and identifying the intellectual property risk or supportability risk associated with using OSS. Once a policy is in place, then there must be a governance process to enforce it."
Laurie Wurster, research director at Gartner Group
© 2009 Olliance Group, LLC - All Rights Reserved 14
Key Elements of OSS Management
Acquisition management
Use management
Support management
Tracking and auditing
Distribution management
© 2009 Olliance Group, LLC - All Rights Reserved 15
Acquisition Management
This ‘gate’ is your first line of defense
Sourcing from external trusted sources increases your knowledge of the software and its predictability
Acquisition is the critical first control point at which risks can be mitigated Quality of code Availability and reliability of adequate support Availability of indemnification License is compatible with intended use
© 2009 Olliance Group, LLC - All Rights Reserved 16
Use Management
Appropriate use How used How combined with other software (particularly yours) How packaged for distribution
Modification When allowed How managed
Identify each component’s internal owner
Identify owner’s roles and responsibilities
© 2009 Olliance Group, LLC - All Rights Reserved 17
Support Management
Define a support plan Internal support
If community support is weak or non-existant An option only if sufficient expertise available in house
Community support If community support is strong “Self-service” support by owner or team is acceptable No SLA
Purchase SLA support from commercial OSS vendor Assured technical expertise Guaranteed response in guaranteed time frame
© 2009 Olliance Group, LLC - All Rights Reserved 18
Tracking and Auditing
OSS Repository Where externally-sourced OSS is archived Master copy for all internal use
Ownership and where-used tracking
Decision and approval tracking Provides audit trail when problems surface A basis for tuning policy and process over time
Code scan auditing OSS sourced (other than commercially warranteed)
it is not all “clean” Internally developed code
It may contain code from other places Especially important for outsourced code
© 2009 Olliance Group, LLC - All Rights Reserved 19
Distribution Management
Compliance Process Insures that license requirements of incorporated
software are met
Customer licenses Downstream licensing of all incorporated software
Customer documentation As required for compliance As required for downstream use
Commercially licensed OSS often simplifies
© 2009 Olliance Group, LLC - All Rights Reserved 20
Managing OSS to Advantage
Results Higher quality sourcing reduces costly problems down
the road Managed code base reduces duplication and
incompatibilities Well managed support heads off new problems and
eliminates duplicated support activities License compliance can be assured with minimal
overhead Customer support and IP reporting become possible
Commercial open source options for dynamic languages
#1 in Open Source Adoption: Dynamic Languages
57% of enterprisesusing
dynamiclanguages
Poll: Which dynamic languages are you using in your enterprise development?
0% 10% 20% 30% 40% 50% 60% 70% 80%
1
Dyn
am
ic L
an
gu
ag
e
% Respondents
None
PHP/Ruby/Javascript
Tcl
Python
Perl
Drivers for Dynamic Languages
Faster time to market
Increase staff
productivity
Uptime of customer
applications
Development
Compliance withcommercial support
Legal risk mitigation
Distribution rights
Business
Challenges with Dynamic Languages Time-consuming to compile, test, maintain Standardization & compatibility across all systems Database connectivity Perl module usage (thousands to choose from) Reliance on open source community = risk to business
systems Privacy Wasted time & resources Potential system downtime
Confidential
Solutions for Dynamic Languages to Mitigate Risks Use commercial- or enterprise-grade dynamic
language distributions Get a trusted expert in dynamic languages to
provide best practices advice and how-to guidance
Opt in for turn-key dynamic languages licensing Secure guaranteed redistribution rights Enlist consulting services to help out with your
unique deployments
Cost SavingsCosts Open Source
Dynamic Language
Enterprise Dynamic Language Solution
Savings with ActiveState
Acquisition Cost
$0 $ 0 None
Development $ 120,000 $ 90,000 (development accelerated with ActiveState
support)
25%
Training $ 3,790 $ 1,895 50 %Maintenance and Support
$ 60,000 $ 25,000 59 %
Legal(Distribution Rights
and Indemnification)
$ 17,000
+ the cost of potential IP lawsuit fees
$ 14,000 18%
Plus licensing costs could explode by 200%+ with an IP lawsuit
Total $ 234,900 $ 147,950 $ 86,950
•Pricing in the table is averaged and is for example purposes
•Refer to the True Cost of Open Source Software whitepaper by ActiveState for the full case study
ActiveState Solutions
Confidential
Customers & Partners
Software & Hardware
Aerospace & Defense
Founded 1997 2 million developers 97% of Fortune 1000 Core Languages: Perl, Python,Tcl Secondary Languages: PHP, Ruby,
Javascript
About ActiveState
Thank You!
Contact Us:Greg Olson
[email protected] x207
www.olliancegroup.com
Bart [email protected]
[email protected]: @activestate
1-866-510-2914www.activestate.com