An Introduction to Open Source Compliance in the Enterprise
The Linux Foundation | 01 December 2016
The following is adapted from Open Source Compliance in the Enterprise by Ibrahim Haddad, PhD.
Open source has expanded not only from an idealistic movement led by individuals around software and intellectual property but from one where organizations (e.g., governments, companies, and universities) realize that open source is a key part of their IT strategy and want to participate in its development. Early success in Linux and other open source technologies has spread to all areas of technology.
More traditional organizations are also taking notice and making open source software a priority and using the software for strategic advantage in their operations.
Use of open source in enterprise IT has roughly doubled since 2010, according to the North Bridge and Black Duck 2016 Future of Open Source Survey:
• 67 percent of surveyed companies encourage developers to engage in and contribute to open source projects.
• 65 percent of companies are contributing to open source projects.
• One in three companies have a full-time resource dedicated to open source projects.
• 59 percent of respondents participate in open source projects to gain competitive edge.
As a result, organizations are looking for guidance on how best to participate appropriately in open source communities and to do so in a legal and responsible way. Participants want to share their code and IP, and they need a trusted neutral home for IP assets (trademark, copyright, patents). They also need a framework to pool resources (financial, technical, etc.).
Open source participants need expertise to train them on how to collaborate with their competitors in an effective manner. To that end, The Linux Foundation has published the Open Source Compliance in the Enterprise e-book geared to creating a common understanding on the best ways to create shared value and innovation while adhering to the spirit and legal particulars of open source licensing.
Open source initiatives and projects provide companies and other organizations with a vehicle to accelerate innovation through collaboration with the hundreds and sometimes thousands of communities that represent the developers of the open source software. However, there are important responsibilities accompanying the benefits of teaming with the open source community: Companies must ensure compliance to the obligations that accompany open source licenses.
The 4 Objectives of Open Source Compliance
Open source compliance is the process by which users, integrators, and developers of open source software observe copyright notices and satisfy license obligations for their open source software components. A well-designed open source compliance process should simultaneously ensure compliance with the terms of open source licenses and also help companies protect their own intellectual property and that of third-party suppliers from unintended disclosure and/or other consequences.
Open source compliance helps achieve four main objectives:
• Comply with open source licensing obligations.
• Facilitate effective use of open source in commercial products.
• Comply with third-party software supplier contractual obligations.
• Protect proprietary IP.
In this blog series, we’ll explore the entire process of open source compliance, including a high-level overview of the topic, detailed information on how to establish an open source management program at your organization, and an overview of relevant roles.
In part 2, we’ll cover how software development models have changed and discuss the role of open source compliance under the new multi-source development model.
Read the other articles in the series:
Download the free e-book, Open Source Compliance in the Enterprise, for a complete guide to creating compliance processes and policies for your organization.
Cloud Computing Compliance and Security Projects Linux How-To Diversity & Inclusion Open Source Best Practices 2022 Events Cross Technology Training and Certification LFX Open Source Blockchain Research Legal Networking and Edge Data Governance Green Software Foundation LF Energy LF Research OpenChain System Administration