The Enterprise Open Source Blog

What Would I Tell Developers About Using Open Source Software?

Posted by Jilayne Lovejoy on May 9th, 2012 in Legal & Compliance, Open Source Management

In the first two weeks of April, I attended four distinct open source related events in three different cities and two countries. It will take months to ponder, absorb, and follow-up on all of the thought-provoking presentations, conversations, and feedback I participated in or received. In spite of the range of topics and agendas being covered along the way, there were a couple themes that reverberated.

One theme involved the idea that open source license compliance is not a legal problem, but an engineering and software problem.

Why You Should be Using SPDX for Open Source License Compliance

Posted by Peter Williams on April 25th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

The Software Package Data Exchange (SPDX) standard is getting some love lately and this is good news for open source license compliance. Which is, in turn, good for open source in general. If you are involved in software license compliance activities you need to include SPDX in your plans for the future. It will allow you to manage the risks of software licensing in a more efficient and predictable way than ever before.

SPDX defines a standard way to represent the contents and licensing of software packages. This standard representation provides a shared vocabulary for tools involved in managing license compliance. The SPDX standard is being developed under the auspices of The Linux Foundation as a way to ease complying with the licenses of open source software. The model provided by SPDX is fully compatible with proprietary software licensing also. This means that SPDX provides a uniform way to represent the licensing of any software package. Being able to treat both open source and commercial software the same way allows license compliance processes and tools to be simplified and streamlined.

Open Source Software Management: A Recap of the Top Articles

Posted by Aaron Mandelbaum on April 16th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning, Support, The Cloud

Pin It  Open Source Management: Dealing with New OSS Releases The first quarter of this year has be a busy time in open source management. JBoss has had two releases in the 7.1 series, the Apache web server has had two releases in the 2.4 series and Ruby on Rails has had two releases in [...]

Creating an Open Source Compliance Checklist

Posted by Dave McLoughlin on April 13th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

In a recent blog article Using Categorization to Simplify Open Source License Compliance I talked about simplifying open source compliance through license “categorization” where I listed the common categories used in many open source licenses. In this article I’m going to talk about creating an open source compliance checklist based on those categorizations.

In OpenLogic Exchange (OLEX) Enterprise Edition we have analyzed several hundred open source licenses and created a list of high-level obligations for each license. For example, in OLEX the Apache License 2.0 list of obligations looks like this:

• Distribute copy of license
• Give notice of or fulfill other requirements related to modified files
• Obligation to include notice text or files
• Obligation to include copyright or trademark notice
• Obligation to indemnify contributors
• Obligation to apply license to original or derivative works
• Restrictions regarding use of trademark
• Termination of patent license upon filing of patent litigation

Open Source Software Management: A Review of Wazi Articles

Posted by Aaron Mandelbaum on April 11th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning, Support, The Cloud

Open Source Software Management: A Review of Wazi Articles
The 5 most recent articles published on http://olex.openlogic.com/wazi/

Upcoming Webinar: Using SPDX to Streamline Open Source Compliance

Posted by Aaron Mandelbaum on April 2nd, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

The SPDX (Software Package Data Exchange) standard is designed to help companies streamline their open source compliance efforts by sharing information about open source licenses that are used in software packages.

Building the Business Case for Open Source Code Scanning

Posted by Jesse Hood on March 30th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

I often talk to people who are having a hard time developing the business case for purchasing and implementing a source code scanning tool or purchasing an application audit service. I respond by describing that a legitimate and successful business case in 2012 needs to include the following:

At minimum, a general understanding of the basics of open source software
Both the want and need to find and implement a solution
The organizational drivers and resources to develop a solution to a problem or to enhance and compliment an existing system that lacks efficiency or accuracy
Cross-functional approvals and resources from multiple departments
Accurate and balanced vendor evaluation and selection criteria

Hopefully some of the ideas in this article will resonate to help all of you continue building the business case as you consider how or when to start a scanning and license compliance initiative.

The SPDX License List: the gateway drug to full SPDX adoption?

Posted by Jilayne Lovejoy on March 23rd, 2012 in Legal & Compliance, Scanning & Provisioning

The SPDX License List is just one part of a larger effort to make reporting open source software licensing information more efficient and thus ease license compliance. As an active member of the SPDX legal work group, it began as a simple matter of raising my hand that I took on the task of ‘keeper of the list.’ Or so it seemed.

When I began working at OpenLogic, my first task was to read all the most commonly used open source licenses, analyze the license requirements, and help create the framework which would become the OLEX Open Source License Compliance module to our scanner. This necessarily brought up some tangential questions. Do we have this license already in our database and, if so, is it truly the same license? At what point does it become a different license? What is considered part of the license text and what isn’t? What should the license be called? How should the formatting look when the license is displayed on the page? Later, my role would evolve to include using our product to perform open source audit services for our customers. There is nothing like drinking your own Kool-Aid to encourage improvements at the macro and microscopic level.

Open Source Management: Take the Open Source Maturity Quiz

Posted by Kim Weins on March 16th, 2012 in Governance, Legal & Compliance, Open Source Trends, Scanning & Provisioning, Support, The Cloud

Open source management is increasingly becoming an important point of discussion as today’s companies are using open source software more widely in their IT infrastructure. So much so that Gartner expects open source to make up 30% of enterprise IT portfolios in 2012.

Open source software can provide both cost and innovation benefits, but in order to user OSS successfully, companies must have an open source management capability. OpenLogic defines four stages of Open Source Maturity that measure your company’s open source management capability.

The four stages are: Prevent, Manage, Promote and Transform:

Open Source License Management

Posted by Aaron Mandelbaum on March 13th, 2012 in Governance, Legal & Compliance, Open Source Trends, Scanning & Provisioning

Open Source License Management:

Understanding and interpreting open source licenses is not always an easy task. Open source licenses are essentially unilateral; if you use the software, you agree to the terms of the license. There is no protracted negotiation process during which to ruminate and refine terms as is often the case for custom-developed software.

Adding to the difficulty in understanding and interpreting open source licenses is the fact that the more troublesome compliance terms have yet to be litigated, most notably the derivative works question in regards to the GNU General Public License. However, that does not mean there is no guidance.