FINOS 14 November, 2018
Amanda Brock, Open Invention Network, Consultant, [email protected] Canonical and Ubuntu Open Source – the inevitability?
3 Step One: What is an Open Source Audit? Open Source – what’s going on?
5 Step Two: Why conduct an Open Source Audit? Why audit – good hygiene
7 Why audit – financial arrangements
8 Why audit – litigation or regulatory review
9 Step Three: How to do an Open Source Audit? Kick Off
11 Who should be involved in the audit – decision makers
12 What tools should we use to conduct an audit?
13 BlackDuck Audit report
14 BlackDuck Dashboard
15 Audit output – Flexera priority Licence Priority Typical Licence for level Description 1 Copyleft/Viral Style Contains viral (copyleft) licenses such as: GPL, licenses. Dual/Tri licenses AGPL, LGPL, CDDL, MPL, with viral license as an EPL. option. 2 Commercial Licences, Less Contains items with lesser common OS licenses, known open source Vanity / Strange licenses, license, Commercial Code Project Open License license, or unknown Items with no known or licenses. unknown licence. 3 Permissive/Attribution Typically require a simple style licenses such as: attribution in the product Apache 1.1or 2.0, MIT, or documentation. BSD, Public Domain 4 Dual/tri licenses with Associated dual/tri licenses permissive option such as: where one of the option is GPL or MIT permissive. 16 Open Source Initiative approval
17 Copyleft and the GPL
“I make my code available for use in free software, and not for use in proprietary software, in order to encourage other people who write software to make it free as well.”
“I figure that since proprietary software developers use copyright to stop us from sharing, we co-operators can use copyright to give other co-operators an advantage of their own: they can use our code.”
18 Viral Effect of Copyleft
© Darrin Wortlehock BY-NC-SA
19
Permissive BSD
Copyright (c)
20 Fixes
• Technical – engineering • Legal – licensing decisions • Licensing Hocus pocus – interactions etc. • Decisions will impact later procedures and policies
21 BOM – licence status and components
22 Deeper Dive?
23 Step Four: What follows an Open Source Audit? OS Procedures and Policy
25 Open Source – warranty
• Limited warranty – best of knowledge! • State of the industry/ art and tools - audited! • Cannot ever warranty IP in open source! • Indemnities?!
26 Some final thoughts Software Patents
© K. Murali Kumar
28 Patent War Responses - OIN
29
Collaboration and Co-opetition
30 Discussion
© The VAR Guy
31