Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software
0 likes146 views
The document outlines strategies for commercial software developers on effectively integrating open source software (OSS) into proprietary software while managing intellectual property (IP) and compliance risks. It highlights key goals such as protecting IP, mitigating security vulnerabilities, and controlling OSS community contributions, along with strategies to address challenges like license violations and asset devaluation. The authors emphasize the importance of establishing an OSS policy, monitoring usage, and contributing back to the OSS community to foster a sustainable software development ecosystem.
Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software
- 1. Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software October 4, 2016
- 2. 2 Offices Boston Seaport Innovation District Concord Route 128 Technology Corridor By the Numbers 1980 Year Founded 22 Technology Specialties Bioinformatics Biotechnology & Life Sciences Biologics & Immunotherapeutics Chemical Engineering Pharmaceuticals Chemistry Material Sciences Clean Technology Medical Devices Medical Imaging Mechanical Engineering Electrical Engineering Semiconductors Optics Robotics Mobile Internet of Things Network Infrastructure Telecommunications Computer Hardware Computer Software Business Methods 37 Attorneys, Patents Agents, Technology Specialists 19 Firm accolades since 2010, including: 4
- 3. 5 Mary Lou Wakimura Principal Hamilton Brook Smith Reynolds Giovanna Fessenden Of Counsel Hamilton Brook Smith Reynolds Thomas Schubert Lead Counsel Software Licensing Siemens AG
- 4. Background of Open Source Licensing and IP Law Open Source Software (OSS) Copyrighted but access to source code with rights to modify Licensee may copy and make derivative works If distribute derivative works, then perpetuate original OSS terms 6
- 5. Key Goals of Commercial Software Vendors Who Use OSS Maintain ability to deliver Protect IP from devaluation Mitigate security vulnerabilities Control contributions to OSS community Avoid exposure to Copyright Trolls 7
- 6. Main Challenges: Most of today’s commercial software contains Open Source A typical complex application contains 30-80 OSS components Each OSS component contains one or several licenses • Example: Linux Kernel has about 95 different licenses and license combinations Minor license violation may terminate your right to use • Example: You must ship a copy of the GPL license with your product Maintain Ability to Sell Products
- 7. Strategies to consider: 1. Pass OSS usage policy and enforce it without imposing unnecessary bureaucracy on the organization 2. Build the right team (lawyers with software knowhow, engineers with licensing expertise) 3. Procure the right clearing platform 4. Install a high-performance process close to the engineering operation 5. Don’t forget to also tackle commercial standard software (COTS) 6. Be aware of potential OSS license incompatibilities (rarely a problem) 7. Ensuring compliance throughout the supply chain is difficult • Actively solicit OSS information from your suppliers • Treat absence of OSS information like a product defect • Secure your position by including contractual language around OSS matters Maintain Ability to Sell Products
- 8. Main Challenges: Uncontrolled use of OSS with viral licenses may devalue your software assets • Example: The use of code under viral licenses (e.g. GPL) may require you to provide any derivative works (this could be your product) free of charge to the OSS community (worst case) Asset devaluation may require asset write-downs Strategies to consider: Make software clearing an integral part of the software development process Continuously monitor your software code for Copyleft code When buying a software company, spend some money on an OSS assessment Protect IP From Devaluation
- 9. Mitigate Security Vulnerabilities Main Challenges: You can only manage vulnerabilities that you know To know what’s in your code, you must monitor usage of OSS Strategies to consider: Obtain Common Criteria (CC) certification /evaluation Analyze the application environment for possible threats Enable users and the software to self-report detected issues Use special scanners to identify security issues in real time Require developers to use OSS only from trusted sites 11
- 10. Control Contributions to the Open Source Community Main Challenges: Most companies take OSS without giving (enough) back Strategies to consider: Define your level of interaction with the OSS community Can you afford not contributing to the OSS community? Consider contributing to projects of strategic importance Avoid unnecessary OSS forks in your company 12
- 11. Open Source software: A promising arena for IP litigators? Next wave of industrial progress is software-driven Software patents can be difficult to obtain Legislators have started to discourage Patent Trolls Avoid Exposure to Copyright Trolls © Hugh D’Andrade, CC BY 2.0
- 12. Two main types of Open Source enforcers: “Good Guys”: E.g. Free Software Foundation • Community-oriented enforcement • Goal: Compliance through education and assistance • “Legal action is a last resort” The “bad guys”: Trolls • A few individuals • Goal: Making money Strategy to consider: Do not “blindly” accept a troll’s claim Try settling on favorable terms Avoid Exposure to Copyright Trolls
- 13. Basics: If you have no OSS policy, create one If your developers are unaware of OSS pitfalls, train them Next steps: Assess your demand for software clearing Develop an appropriate clearing process Consider a make/buy decision: • Outsource the whole clearing process to a supplier, or • Build up a clearing team (considering offshore options) Start before commercially licensing out your IP OSS Strategies for Smaller Entities
- 14. 16 Ask the Panel
- 15. 17 Thank you! Mary Lou Wakimura Hamilton Brook Smith Reynolds [email protected] 978.341.0036 x 3214 Giovanna Fessenden Hamilton Brook Smith Reynolds [email protected] 978.341.0036 x 3466 Thomas Schubert Siemens AG [email protected]