SlideShare une entreprise Scribd logo

LinuxCon Europe 2014: License Compliance and Open Source Software Logistics for Cloud-Based Applications

Télécharger en tant que PPTX, PDF
Black Duck by Synopsys
Black Duck by Synopsys

This document discusses open source software licensing and compliance for cloud-based applications. It begins with disclaimers that the author is not a lawyer and the talk does not provide legal advice. It then summarizes findings from a survey on the future of open source, including that 60% of open source vendors now offer Software as a Service (SaaS) and over 50% of enterprises are expected to contribute to and adopt open source. The rest of the document discusses open source licenses like GPL, LGPL, AGPL and their implications for software delivered via SaaS and containers. It emphasizes the importance of understanding the legal obligations of the licenses for any open source used.

Technologie
1  sur  37
LICENSE COMPLIANCE AND OPEN SOURCE SOFTWARE LOGISTICS FOR CLOUD-BASED APPLICATIONS © 2014 Black Duck Software, Inc. All Rights Reserved. Kirsten Newcomer Director of Product Management, Black Duck Software @black_duck_sw
DISCLAIMERS I AM NOT A LAWYER THIS TALK DOES NOT PROVIDE LEGAL ADVICE 2 © 2014 Black Duck Software, Inc. All Rights Reserved.
2014 the future of OPEN SOURCE +
RECORD-BREAKING RESPONSES 1240 2014 822 740 2013 2012 SURVEY RESPONDENTS 453 2011 THE FUTURE OF OPEN SOURCE 4
42% vendor 58% non-vendor 5 SURVEY RESPONDENTS
ROLES Software engineer/ developer VP ANALYST CEO/founder CIO EDUCATOR LINE OF BUSINESS MANAGER MARKETING SYSTEM ARCHITECT/ENGINEER OTHER SALES/BUSINESS DEVELOPMENT IT MANAGEMENT & STAFF 6 LAWYER/ INVESTOR PRESIDENT SURVEY RESPONDENTS
THE RISE OF SaaS AMONG OPEN SOURCE VENDORS 2014 SOFTWARE AS A SERVICE (SaaS) 60% SaaS MOVED TO #1 FROM 2013 2013 47% 2012 40% 7 7 © 2014 Black Duck Software, Inc. All Rights Reserved.
OPEN SOURCE CENTRAL ACROSS TECHNOLOGY 63% CLOUD/ VIRTUALIZATION 57% CONTENT MGMT MOBILE SECURITY COLLABORATION NETWORK MGMT SOCIAL MEDIA MAIN AREAS WHERE OPEN SOURCE IS LEADING THE TECHNOLOGY INDUSTRY 3D PRINTING ANALYTICS AND BUSINESS INTELLIGENCE DRONES GAMING ERP 53% 51% 49% 48% 46% 27% 26% 13% 12% 10% 8
OPEN API FUELS OPEN SOURCE 14% Don’t Know/Not Sure 9% Will Substitute for or Inhibit Growth 68% Will Reinforce Growth/Adoption 7% Will Have No Impact 9
WHAT ELSE DID WE LEARN? 10 © 2014 Black Duck Software, Inc. All Rights Reserved.
CORPORATE PARTICIPATION IN OSS OVER 50% OF ALL ENTERPRISES ARE EXPECTED TO CONTRIBUTE TO AND ADOPT OPEN SOURCE 11
CORPORATE PARTICIPATION IN OSS 30% MAKE IT EASY FOR EMPLOYEES TO PARTICIPATE OR START THEIR OWN OPEN SOURCE PROJECTS 12
NEW PEOPLE IMPACTING OPEN SOURCE 13 More Important Than any Other Factor 2X #1 FACTOR IN EXPLOSION OF SMALL PROJECTS IS FIRST TIME DEVELOPERS PARTICIPATING IN OPEN SOURCE
SO, HOW DOES THE RISE OF SAAS AFFECT YOU? Odd’s are good that you’re going to be working with open source • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (SaaS) A quick refresher is in order… • Goals of open source licenses • Categories of licenses 14 © 2014 Black Duck Software, Inc. All Rights Reserved.
OPEN SOURCE DEFINITION 1. Free Redistribution 2. Program must include Source Code and must allow distribution in source code as well as compiled form 3. Must Allow Modifications and Derived Works 4. Integrity of the Author's Source Code 5. No Discrimination Against Persons or Groups 6. No Discrimination Against Fields of Endeavor 7. Distribution of License – no additional license can be required of others who redistribute the program 8. License Must Not Be Specific to a Product 9. License Must Not Restrict Other Software 10. License Must Be Technology-Neutral – not predicated on any individual technology 15 © 2014 Black Duck Software, Inc. All Rights Reserved.
THE OSS LICENSE CONTINUUM 16 © 2014 Black Duck Software, Inc. All Rights Reserved. Permissive GPL LGPL MPL X11/MIT Apache BSD Stronger Copyleft Permissive licenses Restrictive Weaker Copyleft AGPL
COMMON MYTHS ABOUT OPEN SOURCE “Open source is in the public domain." "All open source licenses are reciprocal/copyleft…" 17 © 2014 Black Duck Software, Inc. All Rights Reserved. "None of these agreements are enforceable so it doesn’t really matter anyway." "If I don’t distribute software, I don’t need to worry about licensing." "All open source licenses require the release of source code for everything." "No one will ever know."
EVOLUTION OF SOFTWARE DELIVERY AND OPEN SOURCE LICENSES “The GNU Affero General Public License . . . requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.” - Preamble to AGPL 3.0 license GPL V2 CDs ASP / SaaS Loophole AGPLv1 GPLv3 AGPLv3 1990 2000 2010 18 © 2014 Black Duck Software, Inc. All Rights Reserved.
THE GNU GPL FAMILY OF LICENSES 1991 GPL v2 Private use is un-restricted If you distribute object code, you must make source code available LGPL v2 “Work that uses library” versus “Work based on library” 2002 AGPL v1 Closes the network access loophole 2007 GPL v3 System library exception Internationalization - country-neutral terminology License compatibility (Apache, Affero) 2007 LGPL v3 An additional permission for GPL v3 licensed code. 2007 AGPL v3 Includes all GPLv3 terms and adds “Network Use” clause • Network Use Clause: Source code sharing obligation also extends to “all users who access through a computer network” 19 © 2014 Black Duck Software, Inc. All Rights Reserved.
MORE ABOUT INTERNATIONALIZATION Rights are tied to laws in specific countries; you do not have “copyright” but UK copyright, US copyright, French copyright, German copyright, etc. Point of interest: English tradition views copyright as an industrial right Continental tradition views copyright as the right of the artist GPL v2 is tightly tied to US copyright law • Legislative history and case law define “Distribution,” “public distribution,” “limited distribution” • Distribution means one thing in US and another in Europe • Even the term “public” has a long legal history in US It is impossible to say anything about “distribution” of copyrighted works that is globally accurate. 20 © 2014 Black Duck Software, Inc. All Rights Reserved.
THE GNU GPLV3 GPL v3 changes language to use contract terms • Convey • To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying • Propagate • To “propagate” a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. BUT, intentionally does not close SaaS loophole 21 © 2014 Black Duck Software, Inc. All Rights Reserved.
THE AGPL V3 Includes all GPLv3 terms and “Network Use” clause Network Use Clause: Source code sharing obligation also extends to “all users who access through a computer network” The network use clause is set forth below: “Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.” 22 © 2014 Black Duck Software, Inc. All Rights Reserved.
GPLV3 INTERACTION WITH AFFERO GENERAL PUBLIC LICENSE GPLV3 does not incorporate the Affero General Public License requirements into GPLV3 But it does build a bridge… Section 13. of GPLV3 Use with the GNU Affero General Public License: • Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 23 © 2014 Black Duck Software, Inc. All Rights Reserved.
NUMBER OF PROJECTS WITH AGPL-LIKE LICENSES Over 1000 projects use AGPLv3 Source: Black Duck KnowledgeBase (Did not include Apple Public Source License in analysis) 24 © 2014 Black Duck Software, Inc. All Rights Reserved.
INDIVIDUAL SAAS LICENSE MARKET SHARE AS A PERCENTAGE OF TOTAL SAAS LICENSE MARKET Rank License % 1 GNU Affero General Public License v3.0 53.93% 2 Open Software License 2.0 21.07% 3 Affero General Public License v 1.0 7.61% 4 Open Software License 3.0 7.23% 5 Common Public Attribution License 1.0 5.72% 6 Academic Free License v3.0 1.95% 7 Open Software License 2.1 1.86% 8 Open Software License 1.1 0.25% 9 Non-Profit Open Software License 3.0 0.22% 10 Honest Public License 0.06% 11 Rumba Exception to Gnu Affero General Public License V3.0 0.03% 12 Zarafa Affero 3 License 0.03% 13 Open Software License 1.0 0.03% 25 © 2014 Black Duck Software, Inc. All Rights Reserved.
AGPL-LIKE LICENSES DISCOVERED IN AUDITS Source: Black Duck Audit Data 26 © 2014 Black Duck Software, Inc. All Rights Reserved.
APPLE PUBLIC SOURCE LICENSE Unique license from Apple 1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise make Covered Code available, directly or indirectly, to anyone other than You; and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way to provide a service, including but not limited to delivery of content, through electronic communication with a client other than You. If You Externally Deploy Your Modifications, You must make Source Code of all Your Externally Deployed Modifications either available to those to whom You have Externally Deployed Your Modifications, or publicly available. Source Code of Your Externally Deployed Modifications must be released under the terms set forth in this License, including the license grants set forth in Section 3 below, for as long as you Externally Deploy the Covered Code or twelve (12) months from the date of initial External Deployment, whichever is longer. You should preferably distribute the Source Code of Your Externally Deployed Modifications electronically (e.g. download from a web site). 27 © 2014 Black Duck Software, Inc. All Rights Reserved.
COMMON PUBLIC ATTRIBUTION LICENSE Drafted for Socialtext prior to AGPLv3, Mozilla Public License with “External Deployment” provisions 15. ADDITIONAL TERM: NETWORK USE. The term “External Deployment” means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Code or Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2. 28 © 2014 Black Duck Software, Inc. All Rights Reserved.
OPEN SOFTWARE LICENSE/ACADEMIC FREE LICENSE Unique licenses which use “External Deployment” concept to extend requirements to provide source code to network use as well as distribution: 5) External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c). 29 © 2014 Black Duck Software, Inc. All Rights Reserved.
HONEST PUBLIC LICENSE This license is a modified version of the GNU General Public License copyright (C) 1989, 1991 Free Software Foundation, Inc. and has been made with their permission, but has not been endorsed by the Free Software Foundation. Section 2(d) has been added to cover use of software over a computer network. b) You must cause any work that you distribute, communicate to the public or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. 30 © 2014 Black Duck Software, Inc. All Rights Reserved.
PARTICULAR CHALLENGES COME WITH LICENSE COMBINATIONS Applications are made up of many parts, with, often, many licenses • AGPL • Apache • BSD • Commercial Many SaaS applications have downloadable plug-ins with additional licenses, such as • GPL- JavaScript It’s important to evaluate compatibility • Licenses may include provisions which may be incompatible with the obligations of other licenses • Even when license obligations can be incompatible, the issue is whether the obligations are triggered • Be aware of file-level licenses as well; not all files in a project have the same license 31 © 2014 Black Duck Software, Inc. All Rights Reserved.
NOW ADD IN DOCKER… Download Browser App 32 © 2014 Black Duck Software, Inc. All Rights Reserved. Download Mobile App Download Desktop App
DOES DOCKER CHANGE THINGS? • Docker is increasing the use of containers • We seem to be on the verge of another delivery paradigm shift • Are there any special considerations for OSS licenses when used in software distributed in containers? • What kind of a distribution, or conveyance, is a Docker container? • Does it depend on where it’s deployed? • You created it and you deploy it to your private cloud • You created it and you make it available for download in Docker Hub • What legal obligations do you have? • How do you manage those obligations? • How does the down-stream consumer of the container know what obligations she incurs when deploying your container • for in-house use • For use in an externally facing SaaS application • For use by another downstream application • Does the fact that the container is fully encapsulated change anything? • How will you determine what the combination of licenses and obligations are for the contents of a Docker image that you download? • Will new license terms emerge in response to Docker containers? 33 © 2014 Black Duck Software, Inc. All Rights Reserved.
TECHNICAL DECISIONS HAVE LEGAL IMPLICATIONS Choosing a FOSS project requires both legal and technical evaluation Compliance is 34 © 2014 Black Duck Software, Inc. All Rights Reserved. mission critical Must understand the legal obligations as well as the code, and the community Security matters too, especially with Service solutions
Knowing what open source you use. Knowing where your open source is used. Knowing how your open source is deployed. Using open source code in a compliant way. Knowing what your legal obligations are. Working with community to maintain the open source you use. 35 © 2014 Black Duck Software, Inc. All Rights Reserved. Understanding the security of your open source. Participating effectively in the open source ecosystem. OSS LOGISTICS IS ABOUT…
TO DO THE RIGHT THING, YOU NEED TO KNOW Strategy • The business objectives for your application License(s) & Obligations • The set of obligations associated with your use of open source Technology • Automation to provide visibility, control and assist with compliance Tens of thousands of developers leverage the GPL every day, and do it in compliance with its obligations; the community will do the same for AGPL 36 © 2014 Black Duck Software, Inc. All Rights Reserved.
THANK YOU QUESTIONS? KNEWCOMER@BLACKDUCKSOFTWARE.COM

Recommandé

Open Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsOpen Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common Pitfalls
Ansel Halliburton
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Jason Haislmaier
 
Open source software licenses
Open source software licensesOpen source software licenses
Open source software licenses
DrexelELC
 
Introduction To Open Source Licenses
Introduction To Open Source LicensesIntroduction To Open Source Licenses
Introduction To Open Source Licenses
Harley Pascua
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
OSS Governance
OSS GovernanceOSS Governance
OSS Governance
fOSSa - Free Open Source Software Academia Conference
 
Open Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyOpen Source as an Element of Corporate Strategy
Open Source as an Element of Corporate Strategy
Black Duck by Synopsys
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2
Viet NguyenHoang
 

Recommandé

Open Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsOpen Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common Pitfalls
Ansel Halliburton
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Jason Haislmaier
 
Open source software licenses
Open source software licensesOpen source software licenses
Open source software licenses
DrexelELC
 
Introduction To Open Source Licenses
Introduction To Open Source LicensesIntroduction To Open Source Licenses
Introduction To Open Source Licenses
Harley Pascua
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
OSS Governance
OSS GovernanceOSS Governance
OSS Governance
fOSSa - Free Open Source Software Academia Conference
 
Open Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyOpen Source as an Element of Corporate Strategy
Open Source as an Element of Corporate Strategy
Black Duck by Synopsys
 
Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2Open Source Presentation To Portal Partners2
Open Source Presentation To Portal Partners2
Viet NguyenHoang
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source Licensing
Mark Radcliffe
 
Open Source Licenses
Open Source LicensesOpen Source Licenses
Open Source Licenses
BananaIP Counsels
 
Understanding open source licenses
Understanding open source licensesUnderstanding open source licenses
Understanding open source licenses
Rogue Wave Software
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business
SANGHEE SHIN
 
Understanding Open Source
Understanding Open SourceUnderstanding Open Source
Understanding Open Source
Jody Garnett
 
Open source technology
Open source technologyOpen source technology
Open source technology
Rohit Kumar
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
Sebastiano Cobianco
 
An Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsAn Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business Models
Great Wide Open
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
Rogue Wave Software
 
Govnet.Ppt
Govnet.PptGovnet.Ppt
Govnet.Ppt
Viet NguyenHoang
 
Licensing,Ppt
Licensing,PptLicensing,Ppt
Licensing,Ppt
Viet NguyenHoang
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
Synopsys Software Integrity Group
 
GNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesGNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and Differences
Iresha Rubasinghe
 
Understanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems finalUnderstanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems final
Rachit Technology Pvt Ltd
 
Building the Open Developer Platform with OpenShift & WhiteSource
Building the Open Developer Platform with OpenShift & WhiteSourceBuilding the Open Developer Platform with OpenShift & WhiteSource
Building the Open Developer Platform with OpenShift & WhiteSource
Open Source Strategy Forum
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary Semantics
Binary Semantics
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk management
Osler, Hoskin & Harcourt LLP
 
Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure?
SYNAQ
 
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Black Duck by Synopsys
 
Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9
Henry Briggs
 
Guide to Open Source Compliance
Guide to Open Source ComplianceGuide to Open Source Compliance
Guide to Open Source Compliance
Samsung Open Source Group
 
Therefore AIMS ( Ad Inventory Management System )
Therefore AIMS ( Ad Inventory Management System ) Therefore AIMS ( Ad Inventory Management System )
Therefore AIMS ( Ad Inventory Management System )
Therefore Consultancy and Services Pvt. Ltd.
 

Contenu connexe

Tendances

Open source technology
Open source technologyOpen source technology
Open source technology
Rohit Kumar
 

Tendances (20)

Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source Licensing
 
Open Source Licenses
Open Source LicensesOpen Source Licenses
Open Source Licenses
 
Understanding open source licenses
Understanding open source licensesUnderstanding open source licenses
Understanding open source licenses
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business
 
Understanding Open Source
Understanding Open SourceUnderstanding Open Source
Understanding Open Source
 
Open source technology
Open source technologyOpen source technology
Open source technology
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
An Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsAn Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business Models
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 
Govnet.Ppt
Govnet.PptGovnet.Ppt
Govnet.Ppt
 
Licensing,Ppt
Licensing,PptLicensing,Ppt
Licensing,Ppt
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
GNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesGNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and Differences
 
Understanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems finalUnderstanding and implementation of open source ecosystems final
Understanding and implementation of open source ecosystems final
 
Building the Open Developer Platform with OpenShift & WhiteSource
Building the Open Developer Platform with OpenShift & WhiteSourceBuilding the Open Developer Platform with OpenShift & WhiteSource
Building the Open Developer Platform with OpenShift & WhiteSource
 
Open Source Developer by Binary Semantics
Open Source Developer by Binary SemanticsOpen Source Developer by Binary Semantics
Open Source Developer by Binary Semantics
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk management
 
Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure?
 
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
 
Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9Open Source Software Storyboard Ver9
Open Source Software Storyboard Ver9
 

En vedette

En vedette (10)

Guide to Open Source Compliance
Guide to Open Source ComplianceGuide to Open Source Compliance
Guide to Open Source Compliance
 
Therefore AIMS ( Ad Inventory Management System )
Therefore AIMS ( Ad Inventory Management System ) Therefore AIMS ( Ad Inventory Management System )
Therefore AIMS ( Ad Inventory Management System )
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
 
Open Source License Compliance In The Cloud
Open Source License Compliance In The CloudOpen Source License Compliance In The Cloud
Open Source License Compliance In The Cloud
 
Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar Performing an audit - Open source compliance seminar
Performing an audit - Open source compliance seminar
 
Aghreni Technologies, offshore provider of open source software solutions - C...
Aghreni Technologies, offshore provider of open source software solutions - C...Aghreni Technologies, offshore provider of open source software solutions - C...
Aghreni Technologies, offshore provider of open source software solutions - C...
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Chapter 1: Introduction to Operating System
Chapter 1: Introduction to Operating SystemChapter 1: Introduction to Operating System
Chapter 1: Introduction to Operating System
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
 

Similaire à LinuxCon Europe 2014: License Compliance and Open Source Software Logistics for Cloud-Based Applications

Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Falainix
 
Db designer4 manual_1.0.42
Db designer4 manual_1.0.42Db designer4 manual_1.0.42
Db designer4 manual_1.0.42
Francisco Carlos
 

Similaire à LinuxCon Europe 2014: License Compliance and Open Source Software Logistics for Cloud-Based Applications (20)

Joomladay 2014 - Open source licenses
Joomladay 2014 - Open source licensesJoomladay 2014 - Open source licenses
Joomladay 2014 - Open source licenses
 
Foss introduction and history
Foss introduction and historyFoss introduction and history
Foss introduction and history
 
FreeBSD is not a Linux distribution
FreeBSD is not a Linux distribution FreeBSD is not a Linux distribution
FreeBSD is not a Linux distribution
 
https://www.tuchost.com
https://www.tuchost.comhttps://www.tuchost.com
https://www.tuchost.com
 
Open source licenses training
Open source licenses trainingOpen source licenses training
Open source licenses training
 
Open Source and You
Open Source and YouOpen Source and You
Open Source and You
 
A kick-start into Open Source
A kick-start into Open SourceA kick-start into Open Source
A kick-start into Open Source
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
Licence Gpl 3.0
Licence Gpl 3.0Licence Gpl 3.0
Licence Gpl 3.0
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source Software
 
License eula
License eulaLicense eula
License eula
 
Legitimacy of Open Source Softwares
Legitimacy of Open Source SoftwaresLegitimacy of Open Source Softwares
Legitimacy of Open Source Softwares
 
Software Licensing.pptx
Software Licensing.pptxSoftware Licensing.pptx
Software Licensing.pptx
 
Open Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceOpen Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and Compliance
 
Overview of basic open-source licenses
Overview of basic open-source licensesOverview of basic open-source licenses
Overview of basic open-source licenses
 
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
Power Dvd Mpeg 4 Avc Pack License Disclaimer (Lgpl)
 
License
LicenseLicense
License
 
License
LicenseLicense
License
 
Db designer4 manual_1.0.42
Db designer4 manual_1.0.42Db designer4 manual_1.0.42
Db designer4 manual_1.0.42
 
GDSC - Software Licensing.pdf
GDSC - Software Licensing.pdfGDSC - Software Licensing.pdf
GDSC - Software Licensing.pdf
 

Plus de Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Black Duck by Synopsys
 
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Black Duck by Synopsys
 

Plus de Black Duck by Synopsys (20)

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
 
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
 
Open-Source- Sicherheits- und Risikoanalyse 2018
Open-Source- Sicherheits- und Risikoanalyse 2018Open-Source- Sicherheits- und Risikoanalyse 2018
Open-Source- Sicherheits- und Risikoanalyse 2018
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
 
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
 
FLIGHT Amsterdam Presentation - From Protex to Hub
FLIGHT Amsterdam Presentation - From Protex to Hub FLIGHT Amsterdam Presentation - From Protex to Hub
FLIGHT Amsterdam Presentation - From Protex to Hub
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
 
Open Source Rookies and Community
Open Source Rookies and CommunityOpen Source Rookies and Community
Open Source Rookies and Community
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
 
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
 
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

LinuxCon Europe 2014: License Compliance and Open Source Software Logistics for Cloud-Based Applications

  • 1. LICENSE COMPLIANCE AND OPEN SOURCE SOFTWARE LOGISTICS FOR CLOUD-BASED APPLICATIONS © 2014 Black Duck Software, Inc. All Rights Reserved. Kirsten Newcomer Director of Product Management, Black Duck Software @black_duck_sw
  • 2. DISCLAIMERS I AM NOT A LAWYER THIS TALK DOES NOT PROVIDE LEGAL ADVICE 2 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 3. 2014 the future of OPEN SOURCE +
  • 4. RECORD-BREAKING RESPONSES 1240 2014 822 740 2013 2012 SURVEY RESPONDENTS 453 2011 THE FUTURE OF OPEN SOURCE 4
  • 5. 42% vendor 58% non-vendor 5 SURVEY RESPONDENTS
  • 6. ROLES Software engineer/ developer VP ANALYST CEO/founder CIO EDUCATOR LINE OF BUSINESS MANAGER MARKETING SYSTEM ARCHITECT/ENGINEER OTHER SALES/BUSINESS DEVELOPMENT IT MANAGEMENT & STAFF 6 LAWYER/ INVESTOR PRESIDENT SURVEY RESPONDENTS
  • 7. THE RISE OF SaaS AMONG OPEN SOURCE VENDORS 2014 SOFTWARE AS A SERVICE (SaaS) 60% SaaS MOVED TO #1 FROM 2013 2013 47% 2012 40% 7 7 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 8. OPEN SOURCE CENTRAL ACROSS TECHNOLOGY 63% CLOUD/ VIRTUALIZATION 57% CONTENT MGMT MOBILE SECURITY COLLABORATION NETWORK MGMT SOCIAL MEDIA MAIN AREAS WHERE OPEN SOURCE IS LEADING THE TECHNOLOGY INDUSTRY 3D PRINTING ANALYTICS AND BUSINESS INTELLIGENCE DRONES GAMING ERP 53% 51% 49% 48% 46% 27% 26% 13% 12% 10% 8
  • 9. OPEN API FUELS OPEN SOURCE 14% Don’t Know/Not Sure 9% Will Substitute for or Inhibit Growth 68% Will Reinforce Growth/Adoption 7% Will Have No Impact 9
  • 10. WHAT ELSE DID WE LEARN? 10 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 11. CORPORATE PARTICIPATION IN OSS OVER 50% OF ALL ENTERPRISES ARE EXPECTED TO CONTRIBUTE TO AND ADOPT OPEN SOURCE 11
  • 12. CORPORATE PARTICIPATION IN OSS 30% MAKE IT EASY FOR EMPLOYEES TO PARTICIPATE OR START THEIR OWN OPEN SOURCE PROJECTS 12
  • 13. NEW PEOPLE IMPACTING OPEN SOURCE 13 More Important Than any Other Factor 2X #1 FACTOR IN EXPLOSION OF SMALL PROJECTS IS FIRST TIME DEVELOPERS PARTICIPATING IN OPEN SOURCE
  • 14. SO, HOW DOES THE RISE OF SAAS AFFECT YOU? Odd’s are good that you’re going to be working with open source • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (SaaS) A quick refresher is in order… • Goals of open source licenses • Categories of licenses 14 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 15. OPEN SOURCE DEFINITION 1. Free Redistribution 2. Program must include Source Code and must allow distribution in source code as well as compiled form 3. Must Allow Modifications and Derived Works 4. Integrity of the Author's Source Code 5. No Discrimination Against Persons or Groups 6. No Discrimination Against Fields of Endeavor 7. Distribution of License – no additional license can be required of others who redistribute the program 8. License Must Not Be Specific to a Product 9. License Must Not Restrict Other Software 10. License Must Be Technology-Neutral – not predicated on any individual technology 15 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 16. THE OSS LICENSE CONTINUUM 16 © 2014 Black Duck Software, Inc. All Rights Reserved. Permissive GPL LGPL MPL X11/MIT Apache BSD Stronger Copyleft Permissive licenses Restrictive Weaker Copyleft AGPL
  • 17. COMMON MYTHS ABOUT OPEN SOURCE “Open source is in the public domain." "All open source licenses are reciprocal/copyleft…" 17 © 2014 Black Duck Software, Inc. All Rights Reserved. "None of these agreements are enforceable so it doesn’t really matter anyway." "If I don’t distribute software, I don’t need to worry about licensing." "All open source licenses require the release of source code for everything." "No one will ever know."
  • 18. EVOLUTION OF SOFTWARE DELIVERY AND OPEN SOURCE LICENSES “The GNU Affero General Public License . . . requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.” - Preamble to AGPL 3.0 license GPL V2 CDs ASP / SaaS Loophole AGPLv1 GPLv3 AGPLv3 1990 2000 2010 18 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 19. THE GNU GPL FAMILY OF LICENSES 1991 GPL v2 Private use is un-restricted If you distribute object code, you must make source code available LGPL v2 “Work that uses library” versus “Work based on library” 2002 AGPL v1 Closes the network access loophole 2007 GPL v3 System library exception Internationalization - country-neutral terminology License compatibility (Apache, Affero) 2007 LGPL v3 An additional permission for GPL v3 licensed code. 2007 AGPL v3 Includes all GPLv3 terms and adds “Network Use” clause • Network Use Clause: Source code sharing obligation also extends to “all users who access through a computer network” 19 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 20. MORE ABOUT INTERNATIONALIZATION Rights are tied to laws in specific countries; you do not have “copyright” but UK copyright, US copyright, French copyright, German copyright, etc. Point of interest: English tradition views copyright as an industrial right Continental tradition views copyright as the right of the artist GPL v2 is tightly tied to US copyright law • Legislative history and case law define “Distribution,” “public distribution,” “limited distribution” • Distribution means one thing in US and another in Europe • Even the term “public” has a long legal history in US It is impossible to say anything about “distribution” of copyrighted works that is globally accurate. 20 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 21. THE GNU GPLV3 GPL v3 changes language to use contract terms • Convey • To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying • Propagate • To “propagate” a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. BUT, intentionally does not close SaaS loophole 21 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 22. THE AGPL V3 Includes all GPLv3 terms and “Network Use” clause Network Use Clause: Source code sharing obligation also extends to “all users who access through a computer network” The network use clause is set forth below: “Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.” 22 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 23. GPLV3 INTERACTION WITH AFFERO GENERAL PUBLIC LICENSE GPLV3 does not incorporate the Affero General Public License requirements into GPLV3 But it does build a bridge… Section 13. of GPLV3 Use with the GNU Affero General Public License: • Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 23 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 24. NUMBER OF PROJECTS WITH AGPL-LIKE LICENSES Over 1000 projects use AGPLv3 Source: Black Duck KnowledgeBase (Did not include Apple Public Source License in analysis) 24 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 25. INDIVIDUAL SAAS LICENSE MARKET SHARE AS A PERCENTAGE OF TOTAL SAAS LICENSE MARKET Rank License % 1 GNU Affero General Public License v3.0 53.93% 2 Open Software License 2.0 21.07% 3 Affero General Public License v 1.0 7.61% 4 Open Software License 3.0 7.23% 5 Common Public Attribution License 1.0 5.72% 6 Academic Free License v3.0 1.95% 7 Open Software License 2.1 1.86% 8 Open Software License 1.1 0.25% 9 Non-Profit Open Software License 3.0 0.22% 10 Honest Public License 0.06% 11 Rumba Exception to Gnu Affero General Public License V3.0 0.03% 12 Zarafa Affero 3 License 0.03% 13 Open Software License 1.0 0.03% 25 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 26. AGPL-LIKE LICENSES DISCOVERED IN AUDITS Source: Black Duck Audit Data 26 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 27. APPLE PUBLIC SOURCE LICENSE Unique license from Apple 1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise make Covered Code available, directly or indirectly, to anyone other than You; and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way to provide a service, including but not limited to delivery of content, through electronic communication with a client other than You. If You Externally Deploy Your Modifications, You must make Source Code of all Your Externally Deployed Modifications either available to those to whom You have Externally Deployed Your Modifications, or publicly available. Source Code of Your Externally Deployed Modifications must be released under the terms set forth in this License, including the license grants set forth in Section 3 below, for as long as you Externally Deploy the Covered Code or twelve (12) months from the date of initial External Deployment, whichever is longer. You should preferably distribute the Source Code of Your Externally Deployed Modifications electronically (e.g. download from a web site). 27 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 28. COMMON PUBLIC ATTRIBUTION LICENSE Drafted for Socialtext prior to AGPLv3, Mozilla Public License with “External Deployment” provisions 15. ADDITIONAL TERM: NETWORK USE. The term “External Deployment” means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Code or Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2. 28 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 29. OPEN SOFTWARE LICENSE/ACADEMIC FREE LICENSE Unique licenses which use “External Deployment” concept to extend requirements to provide source code to network use as well as distribution: 5) External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c). 29 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 30. HONEST PUBLIC LICENSE This license is a modified version of the GNU General Public License copyright (C) 1989, 1991 Free Software Foundation, Inc. and has been made with their permission, but has not been endorsed by the Free Software Foundation. Section 2(d) has been added to cover use of software over a computer network. b) You must cause any work that you distribute, communicate to the public or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. 30 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 31. PARTICULAR CHALLENGES COME WITH LICENSE COMBINATIONS Applications are made up of many parts, with, often, many licenses • AGPL • Apache • BSD • Commercial Many SaaS applications have downloadable plug-ins with additional licenses, such as • GPL- JavaScript It’s important to evaluate compatibility • Licenses may include provisions which may be incompatible with the obligations of other licenses • Even when license obligations can be incompatible, the issue is whether the obligations are triggered • Be aware of file-level licenses as well; not all files in a project have the same license 31 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 32. NOW ADD IN DOCKER… Download Browser App 32 © 2014 Black Duck Software, Inc. All Rights Reserved. Download Mobile App Download Desktop App
  • 33. DOES DOCKER CHANGE THINGS? • Docker is increasing the use of containers • We seem to be on the verge of another delivery paradigm shift • Are there any special considerations for OSS licenses when used in software distributed in containers? • What kind of a distribution, or conveyance, is a Docker container? • Does it depend on where it’s deployed? • You created it and you deploy it to your private cloud • You created it and you make it available for download in Docker Hub • What legal obligations do you have? • How do you manage those obligations? • How does the down-stream consumer of the container know what obligations she incurs when deploying your container • for in-house use • For use in an externally facing SaaS application • For use by another downstream application • Does the fact that the container is fully encapsulated change anything? • How will you determine what the combination of licenses and obligations are for the contents of a Docker image that you download? • Will new license terms emerge in response to Docker containers? 33 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 34. TECHNICAL DECISIONS HAVE LEGAL IMPLICATIONS Choosing a FOSS project requires both legal and technical evaluation Compliance is 34 © 2014 Black Duck Software, Inc. All Rights Reserved. mission critical Must understand the legal obligations as well as the code, and the community Security matters too, especially with Service solutions
  • 35. Knowing what open source you use. Knowing where your open source is used. Knowing how your open source is deployed. Using open source code in a compliant way. Knowing what your legal obligations are. Working with community to maintain the open source you use. 35 © 2014 Black Duck Software, Inc. All Rights Reserved. Understanding the security of your open source. Participating effectively in the open source ecosystem. OSS LOGISTICS IS ABOUT…
  • 36. TO DO THE RIGHT THING, YOU NEED TO KNOW Strategy • The business objectives for your application License(s) & Obligations • The set of obligations associated with your use of open source Technology • Automation to provide visibility, control and assist with compliance Tens of thousands of developers leverage the GPL every day, and do it in compliance with its obligations; the community will do the same for AGPL 36 © 2014 Black Duck Software, Inc. All Rights Reserved.
  • 37. THANK YOU QUESTIONS? KNEWCOMER@BLACKDUCKSOFTWARE.COM