SlideShare une entreprise Scribd logo

Legal Issues in Developing in a Hybrid Envionment with Open Source Software

Mark Radcliffe
Mark Radcliffe

This slidedeck is the third in a series of presentations on legal issues on open source licensing by Karen Copenhaver of Choate Hall and Mark Radcliffe of DLA Piper. To view the webinars, please go to http://www.blackducksoftware.com/files/legal-webinar-series.html. You may also want to visit my blog which frequently deals with open source legal issues http://lawandlifesiliconvalley.com/blog/

Technologie
1  sur  22
Télécharger pour lire hors ligne
Karen Copenhaver Mark Radcliffe Michael Waldron Webinar March 18, 2009
Speakers Karen Copenhaver Partner at Choate Hall & Stewart Counsel for the Linux Foundation Michael Waldron Marketing Communications Manager, Black Duck Software Mark Radcliffe Partner at DLA Piper General Counsel for the Open Source Initiative (OSI) Page 2 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Agenda Developing in a Hybrid Open Source- Proprietary World What is a Hybrid Environment? Why and when do I need a license? How do you interpret an OS License? Why license incompatibility is the wrong question GPL / LGPL / Mozilla Summary Q&A Page 3 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Why Open Source: Leverage, Compelling Economics Linux Example: Leverage of 23:1 – Open source community contributes $1.4 Billion – Red Hat spends $60 M Customer saves 88% of development – 19K lines of new code, 140K lines of open source – Savings of approx. $20,000 for every 1,000 lines of code of OSS used “The fundamental economics of software development leads you to open-source softwarequot; – David Rivas, Nokia VP for S60 Software Page 4 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Software Development Today “40-50% of code comes from outside the company” Outsourced Code Jim Duggan, Gartner group Development Internally Commercial Developed 3rd-Party Code Code Open Source Software Individuals Universities Corporate Developers Software Application YOUR COMPANY Page 5 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Complexity Each component has an owner & license Each license must permit me to use the code in the way I would like with all of the other code And to do so over time as the use of the code changes Page 6 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Basics Any use of intellectual property requires a license – A license is permission to use someone’s property Software is protected by intellectual property – Copyrights and sometimes patents and trade secrets – Copyright arises automatically in author If no intellectual property → no need for a license – Is it copyrightable subject matter? Functional statement / Merger of idea and expression – Has it been formally dedicated to the “public domain”? A complete relinquishment of all intellectual property rights Page 7 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Licenses may be express or implied An implied license may be: – Implied in fact Reasonable assumption based on circumstances Cannot contradict an express license – Implied in law Exhaustion Estoppel – “(1) the party to be estopped must be apprised of the facts; (2) he must intend that his conduct shall be acted upon, or must so act that the party asserting the estoppel had a right to believe it was so intended; (3) the other party must be ignorant of the true state of facts; and (4) he must rely upon the conduct to his injury.” Fair Use – May be eliminated in US by contract An express license may be: – Oral or written – Formal or informal – In plain English or legalese Page 8 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Scope of License If you are acting within the scope of the license – You are licensed – A license is a defense to a claim of infringement If you act outside the scope of the license, or breach the terms of the license so that the license is terminated – You are unlicensed – You are an infringer – You can be forced to cease activities beyond scope of the license depending on how the license is drafted, see Jacobsen The Question is: – Can I comply with the terms of the license under which the code was made available? Page 9 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
License Incompatibility Frequently leads to the wrong analysis Incompatible obligations are problems for both commercial and open source licenses The incompatible obligations only matter if the programs interoperate in a manner which triggers them Summary: If the GPLv2 licensed program does not create a derivative work of the Apache licensed program, you do not have a problem even though the licenses are “incompatible” Page 10 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
License Compliance Attribution Licenses – compliance is easy – BSD, MIT, Apache Weak Copyleft licenses – more challenging – Mozilla – EPL – CDDL Strong Copyleft licenses: most challenging – GPL (GPLv2 differs from GPLv3) – LGPL (LGPLv2 differs from LGPLv3) – AGPL Page 11 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
How do you interpret an OS License? 1. You read the license 2. You interpret the license as a lawyer would interpret a contract 3. Basis for interpretation 1. Views about the license by the authors of the licensed code (NOTE: the views of the authors of the license carry less weight) 2. Views by the author of the license at the time of the license creation (NOTE: FAQ on GPLv2 ten years after creation may have limited effect on court except as “usages of the trade”) 3. Community view: valuable as “custom and usage and trade practices ” under Article 2 of the UCC (2-208) 4. Limits on enforcement imposed by the community Page 12 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Perspectives on FOSS Licenses Developer’s Attorney’s – Familiar with community – Four corners of the license consensus – Rules of contract construction – Focus on common sense; legal – Article 2 of the UCC in US and engineering “logic” is – Copyright Act and caselaw different – Identification of the parties to – Comfortable with “community” the contract interpretation – Contract law versus – Look to project committers like intellectual property law Linus for direction – Breach and Remedies – See absence of litigation as – Change in programming proof of little or no risk techniques changes results – Frustrated with “plain English” – Anticipate a judge discussions Judge in Court – Can describe function in many different ways Licensor’s counsel Community Page 13 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
General Public License: GPLv2 Reciprocal License – Works created using GPL licensed code may only be distributed under the GPL Scope of “based on” work – Ambiguity of “derivative work” – Use of “collective work” – Linking issues Focus on the word “work” – When is the “work” a separate and independent work? – What is included in the “work”? Many lawyers believe that components that interoperate using an interface created to enable components to work together are separate works Others do not agree Page 14 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Classpath Exception Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Page 15 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Lesser General Public License: LGPL Two licenses (LGPLv3 recognizes this fact by making the LGPLv3 a modification of GPLv3) – GPL for “library” – Any terms for combination of “library” and commercial work Designed for libraries to avoid reluctance to use GPL licensed libraries with commercial programs Section 5 exceptions for “small uses” – Data structure layouts/small macros/inline functions Scope 6 (linked LGPL program) – Permit modifications for customers own use – Make source code or object code available Page 16 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
General Public License: GPLv3 Reciprocal License – Works created using GPLv3 licensed code may only be distributed under the GPLv3 Shift from US copyright to “contract” terms – Convey – Modification – Propagate Patents – Direct license for those who modify the work – Pass through of third party patent licenses if used with “knowledge” – Microsoft/Novell provisions Modification to permit compatability with obligations of certain other license – Warranties – Trademark use/attribution – Indemnity – Prohibition of trademark use Page 17 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Mozilla Public License Reciprocal Scope based on files (with some ambiguity) – ''Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. Very broad “patent peace” provision which applies to both the work licensed under MPL and all “software, hardware or device” Numerous notice requirements Page 18 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Challenges of Using Open Source at Scale Manual management methods are inadequate, prone to error – E.g., version proliferation raises complexity and likelihood of errors Applications Components Versions Components to track 5 2 3 30 5 100 3 1500 When managed poorly, use of open source can introduce risks and challenges: – Legal exposure due to unmet license obligations – Regulatory violations – Unsupported open source – Version proliferation Using open source at scale, brings new challenges – Management – Compliance – Pedigree Page 19 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Summary Open Source Software is protected by Intellectual Property Use of Intellectual Property Requires a License Open source components have licenses with obligations that must be met Licenses vary in terms and complexity but cannot be ignored Breach the license and many open source licenses automatically terminate without notice and cure period; thus risk exposure to claims by the licensor The Challenge Give developers the creative freedom they desire while minimizing process constraints and company exposure to risk Page 20 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Next in the Black Duck Legal Webinar Series: Best Practices in Managing OSS The proliferation of OSS use combined with recent legal actions has raised industry awareness that open source code must be managed in compliance with applicable software licenses. Leading development organizations are establishing policies around open source usage and implementing engineering development processes which insure that software products remain in compliance. Join us for a review of industry best practices around the managed use of open source code. In this webinar, we will discuss: – Key issues when defining open source policies – Formation of a compliance team – Inbound and outbound compliance processes – Top implementation approaches Day and time: – Wednesday April 15th at 11:30AM EST, 8:30am PT, 4:30pm GMT To sign up: http://www.blackducksoftware.com/files/legal-webinar-series.html Page 21 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Questions & Answers

Recommandé

OSS Legal issues method
OSS Legal issues methodOSS Legal issues method
OSS Legal issues methodfOSSa - Free Open Source Software Academia Conference
 
An Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsAn Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsGreat Wide Open
 
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Hawley Troxell
 
Law Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationLaw Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationMark Fidelman
 
iText IP Review
iText IP ReviewiText IP Review
iText IP ReviewBruno Lowagie
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Jason Haislmaier
 
Silicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitSilicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitMark Radcliffe
 
2009 Think Tank Final Update
2009 Think Tank Final Update2009 Think Tank Final Update
2009 Think Tank Final UpdateMark Radcliffe
 

Recommandé

OSS Legal issues method
OSS Legal issues methodOSS Legal issues method
OSS Legal issues methodfOSSa - Free Open Source Software Academia Conference
 
An Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsAn Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsGreat Wide Open
 
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Hawley Troxell
 
Law Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationLaw Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationMark Fidelman
 
iText IP Review
iText IP ReviewiText IP Review
iText IP ReviewBruno Lowagie
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Jason Haislmaier
 
Silicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitSilicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitMark Radcliffe
 
2009 Think Tank Final Update
2009 Think Tank Final Update2009 Think Tank Final Update
2009 Think Tank Final UpdateMark Radcliffe
 
IP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesIP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesMark Radcliffe
 
Transforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyTransforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyInnoTech
 
IoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerIoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerMark Radcliffe
 
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Mark Radcliffe
 
Sunu22
Sunu22Sunu22
Sunu22dede789
 
Gamifying Open Source
Gamifying Open SourceGamifying Open Source
Gamifying Open SourceGautam Rege
 
OSI and Linux Foundation Letter
OSI and Linux Foundation LetterOSI and Linux Foundation Letter
OSI and Linux Foundation LetterMark Radcliffe
 
Top Ten Open Source Licenses
Top Ten Open Source LicensesTop Ten Open Source Licenses
Top Ten Open Source LicensesMark Radcliffe
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Soft piracy
Soft piracySoft piracy
Soft piracyVibhor Raut
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOsler, Hoskin & Harcourt LLP
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?Jennifer O'Neill
 
2009 patents - presentation
2009 patents - presentation2009 patents - presentation
2009 patents - presentationFranck Dernoncourt
 
Software piracy
Software piracySoftware piracy
Software piracyAkhil Tiwari
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Open Source File
Open Source FileOpen Source File
Open Source FileAbhishek Goel
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs ProprietaryM. Antoinette Jerom
 
FOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesFOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesChamindra de Silva
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsRogue Wave Software
 

Contenu connexe

En vedette

IP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesIP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesMark Radcliffe
 
Transforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyTransforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyInnoTech
 
IoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerIoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerMark Radcliffe
 
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Mark Radcliffe
 
Gamifying Open Source
Gamifying Open SourceGamifying Open Source
Gamifying Open SourceGautam Rege
 
OSI and Linux Foundation Letter
OSI and Linux Foundation LetterOSI and Linux Foundation Letter
OSI and Linux Foundation LetterMark Radcliffe
 
Top Ten Open Source Licenses
Top Ten Open Source LicensesTop Ten Open Source Licenses
Top Ten Open Source LicensesMark Radcliffe
 

En vedette (8)

IP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesIP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source Companies
 
Transforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyTransforming IT with an Open Source Strategy
Transforming IT with an Open Source Strategy
 
IoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerIoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper Dinner
 
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
 
Sunu22
Sunu22Sunu22
Sunu22
 
Gamifying Open Source
Gamifying Open SourceGamifying Open Source
Gamifying Open Source
 
OSI and Linux Foundation Letter
OSI and Linux Foundation LetterOSI and Linux Foundation Letter
OSI and Linux Foundation Letter
 
Top Ten Open Source Licenses
Top Ten Open Source LicensesTop Ten Open Source Licenses
Top Ten Open Source Licenses
 

Similaire à Legal Issues in Developing in a Hybrid Envionment with Open Source Software

Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOsler, Hoskin & Harcourt LLP
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?Jennifer O'Neill
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
FOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesFOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesChamindra de Silva
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsRogue Wave Software
 
A Symphony of R&D Collaboration
A Symphony of R&D CollaborationA Symphony of R&D Collaboration
A Symphony of R&D CollaborationAndrea Ross
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your LicensingAnsel Halliburton
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptViet NguyenHoang
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_reviewwebuploader
 
Open Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceOpen Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceAll Things Open
 

Similaire à Legal Issues in Developing in a Hybrid Envionment with Open Source Software (20)

Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
Soft piracy
Soft piracySoft piracy
Soft piracy
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk management
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
 
2009 patents - presentation
2009 patents - presentation2009 patents - presentation
2009 patents - presentation
 
Software piracy
Software piracySoftware piracy
Software piracy
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
 
Open Source File
Open Source FileOpen Source File
Open Source File
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
 
FOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesFOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source Licenses
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
A Symphony of R&D Collaboration
A Symphony of R&D CollaborationA Symphony of R&D Collaboration
A Symphony of R&D Collaboration
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your Licensing
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_review
 
Open Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceOpen Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and Compliance
 

Plus de Mark Radcliffe

NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdfNFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdfMark Radcliffe
 
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdfPLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdfMark Radcliffe
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal IssuesMark Radcliffe
 
Emerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and BlockchainEmerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and BlockchainMark Radcliffe
 
US-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to LeadersUS-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to LeadersMark Radcliffe
 
Blockchain & Tokenization of Business
Blockchain & Tokenization of BusinessBlockchain & Tokenization of Business
Blockchain & Tokenization of BusinessMark Radcliffe
 
ICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding StrategyICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding StrategyMark Radcliffe
 
US-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council ReportUS-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council ReportMark Radcliffe
 
Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016 Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016 Mark Radcliffe
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source LicensingMark Radcliffe
 

Plus de Mark Radcliffe (12)

NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdfNFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
 
NFTLegalOverview.pdf
NFTLegalOverview.pdfNFTLegalOverview.pdf
NFTLegalOverview.pdf
 
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdfPLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal Issues
 
Emerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and BlockchainEmerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and Blockchain
 
US-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to LeadersUS-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to Leaders
 
Blockchain & Tokenization of Business
Blockchain & Tokenization of BusinessBlockchain & Tokenization of Business
Blockchain & Tokenization of Business
 
Hybrid Token Offering
Hybrid Token OfferingHybrid Token Offering
Hybrid Token Offering
 
ICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding StrategyICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
 
US-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council ReportUS-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council Report
 
Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016 Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source Licensing
 

Dernier

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Dernier (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Legal Issues in Developing in a Hybrid Envionment with Open Source Software

  • 1. Karen Copenhaver Mark Radcliffe Michael Waldron Webinar March 18, 2009
  • 2. Speakers Karen Copenhaver Partner at Choate Hall & Stewart Counsel for the Linux Foundation Michael Waldron Marketing Communications Manager, Black Duck Software Mark Radcliffe Partner at DLA Piper General Counsel for the Open Source Initiative (OSI) Page 2 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 3. Agenda Developing in a Hybrid Open Source- Proprietary World What is a Hybrid Environment? Why and when do I need a license? How do you interpret an OS License? Why license incompatibility is the wrong question GPL / LGPL / Mozilla Summary Q&A Page 3 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 4. Why Open Source: Leverage, Compelling Economics Linux Example: Leverage of 23:1 – Open source community contributes $1.4 Billion – Red Hat spends $60 M Customer saves 88% of development – 19K lines of new code, 140K lines of open source – Savings of approx. $20,000 for every 1,000 lines of code of OSS used “The fundamental economics of software development leads you to open-source softwarequot; – David Rivas, Nokia VP for S60 Software Page 4 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 5. Software Development Today “40-50% of code comes from outside the company” Outsourced Code Jim Duggan, Gartner group Development Internally Commercial Developed 3rd-Party Code Code Open Source Software Individuals Universities Corporate Developers Software Application YOUR COMPANY Page 5 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 6. Complexity Each component has an owner & license Each license must permit me to use the code in the way I would like with all of the other code And to do so over time as the use of the code changes Page 6 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 7. Basics Any use of intellectual property requires a license – A license is permission to use someone’s property Software is protected by intellectual property – Copyrights and sometimes patents and trade secrets – Copyright arises automatically in author If no intellectual property → no need for a license – Is it copyrightable subject matter? Functional statement / Merger of idea and expression – Has it been formally dedicated to the “public domain”? A complete relinquishment of all intellectual property rights Page 7 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 8. Licenses may be express or implied An implied license may be: – Implied in fact Reasonable assumption based on circumstances Cannot contradict an express license – Implied in law Exhaustion Estoppel – “(1) the party to be estopped must be apprised of the facts; (2) he must intend that his conduct shall be acted upon, or must so act that the party asserting the estoppel had a right to believe it was so intended; (3) the other party must be ignorant of the true state of facts; and (4) he must rely upon the conduct to his injury.” Fair Use – May be eliminated in US by contract An express license may be: – Oral or written – Formal or informal – In plain English or legalese Page 8 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 9. Scope of License If you are acting within the scope of the license – You are licensed – A license is a defense to a claim of infringement If you act outside the scope of the license, or breach the terms of the license so that the license is terminated – You are unlicensed – You are an infringer – You can be forced to cease activities beyond scope of the license depending on how the license is drafted, see Jacobsen The Question is: – Can I comply with the terms of the license under which the code was made available? Page 9 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 10. License Incompatibility Frequently leads to the wrong analysis Incompatible obligations are problems for both commercial and open source licenses The incompatible obligations only matter if the programs interoperate in a manner which triggers them Summary: If the GPLv2 licensed program does not create a derivative work of the Apache licensed program, you do not have a problem even though the licenses are “incompatible” Page 10 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 11. License Compliance Attribution Licenses – compliance is easy – BSD, MIT, Apache Weak Copyleft licenses – more challenging – Mozilla – EPL – CDDL Strong Copyleft licenses: most challenging – GPL (GPLv2 differs from GPLv3) – LGPL (LGPLv2 differs from LGPLv3) – AGPL Page 11 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 12. How do you interpret an OS License? 1. You read the license 2. You interpret the license as a lawyer would interpret a contract 3. Basis for interpretation 1. Views about the license by the authors of the licensed code (NOTE: the views of the authors of the license carry less weight) 2. Views by the author of the license at the time of the license creation (NOTE: FAQ on GPLv2 ten years after creation may have limited effect on court except as “usages of the trade”) 3. Community view: valuable as “custom and usage and trade practices ” under Article 2 of the UCC (2-208) 4. Limits on enforcement imposed by the community Page 12 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 13. Perspectives on FOSS Licenses Developer’s Attorney’s – Familiar with community – Four corners of the license consensus – Rules of contract construction – Focus on common sense; legal – Article 2 of the UCC in US and engineering “logic” is – Copyright Act and caselaw different – Identification of the parties to – Comfortable with “community” the contract interpretation – Contract law versus – Look to project committers like intellectual property law Linus for direction – Breach and Remedies – See absence of litigation as – Change in programming proof of little or no risk techniques changes results – Frustrated with “plain English” – Anticipate a judge discussions Judge in Court – Can describe function in many different ways Licensor’s counsel Community Page 13 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 14. General Public License: GPLv2 Reciprocal License – Works created using GPL licensed code may only be distributed under the GPL Scope of “based on” work – Ambiguity of “derivative work” – Use of “collective work” – Linking issues Focus on the word “work” – When is the “work” a separate and independent work? – What is included in the “work”? Many lawyers believe that components that interoperate using an interface created to enable components to work together are separate works Others do not agree Page 14 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 15. Classpath Exception Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Page 15 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 16. Lesser General Public License: LGPL Two licenses (LGPLv3 recognizes this fact by making the LGPLv3 a modification of GPLv3) – GPL for “library” – Any terms for combination of “library” and commercial work Designed for libraries to avoid reluctance to use GPL licensed libraries with commercial programs Section 5 exceptions for “small uses” – Data structure layouts/small macros/inline functions Scope 6 (linked LGPL program) – Permit modifications for customers own use – Make source code or object code available Page 16 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 17. General Public License: GPLv3 Reciprocal License – Works created using GPLv3 licensed code may only be distributed under the GPLv3 Shift from US copyright to “contract” terms – Convey – Modification – Propagate Patents – Direct license for those who modify the work – Pass through of third party patent licenses if used with “knowledge” – Microsoft/Novell provisions Modification to permit compatability with obligations of certain other license – Warranties – Trademark use/attribution – Indemnity – Prohibition of trademark use Page 17 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 18. Mozilla Public License Reciprocal Scope based on files (with some ambiguity) – ''Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. Very broad “patent peace” provision which applies to both the work licensed under MPL and all “software, hardware or device” Numerous notice requirements Page 18 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 19. Challenges of Using Open Source at Scale Manual management methods are inadequate, prone to error – E.g., version proliferation raises complexity and likelihood of errors Applications Components Versions Components to track 5 2 3 30 5 100 3 1500 When managed poorly, use of open source can introduce risks and challenges: – Legal exposure due to unmet license obligations – Regulatory violations – Unsupported open source – Version proliferation Using open source at scale, brings new challenges – Management – Compliance – Pedigree Page 19 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 20. Summary Open Source Software is protected by Intellectual Property Use of Intellectual Property Requires a License Open source components have licenses with obligations that must be met Licenses vary in terms and complexity but cannot be ignored Breach the license and many open source licenses automatically terminate without notice and cure period; thus risk exposure to claims by the licensor The Challenge Give developers the creative freedom they desire while minimizing process constraints and company exposure to risk Page 20 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 21. Next in the Black Duck Legal Webinar Series: Best Practices in Managing OSS The proliferation of OSS use combined with recent legal actions has raised industry awareness that open source code must be managed in compliance with applicable software licenses. Leading development organizations are establishing policies around open source usage and implementing engineering development processes which insure that software products remain in compliance. Join us for a review of industry best practices around the managed use of open source code. In this webinar, we will discuss: – Key issues when defining open source policies – Formation of a compliance team – Inbound and outbound compliance processes – Top implementation approaches Day and time: – Wednesday April 15th at 11:30AM EST, 8:30am PT, 4:30pm GMT To sign up: http://www.blackducksoftware.com/files/legal-webinar-series.html Page 21 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.