Open source software provides significant technical and cost benefits for enterprises. However, just as with commercial software, open source software comes with licenses that enterprises need to comply with. Non-compliance can result in legal action, monetary damages, negative publicity, and compromised intellectual property.
OpenLogic's Open Source License Obligation Analysis service provides the license information enterprises need to understand open source license obligations and reduce potential risks. The License Obligation Analysis service identifies the licenses, obligations, and requirements associated with the open source packages used in the enterprise. At the conclusion of the analysis, OpenLogic provides comprehensive reports that give legal and compliance staff the information they need to make informed decisions about open source deployments and distribution.
OpenLogic's Open Source License Obligation Analysis service provides detailed information about the risks and obligations associated with open source software packages. For every software distribution analyzed, OpenLogic prepares two reports.
The License Obligation Summary Report includes:
The License Obligation Detail Report includes:
Although many companies are familiar with the "copyleft" aspects of licenses like the GPL, they are often unaware that most open source packages include multiple dependencies and bundled components that often have different licenses. An open source package with a "liberal" license may include bundled components licensed under the GPL or other more restrictive licenses. Open source licenses can also conflict with each other, creating legal issues that must be addressed. Without a comprehensive understanding of every license associated with the open source packages used in the enterprise, organizations may be at risk of violating the legal obligations of one or more licenses.
These risks exist even for companies that do not typically sell or distribute software. Incidental distribution — such as providing partners, customers, or even consultants with internal applications based on open source — may create obligations on licenses.
The Open Source License Obligation Analysis service can be employed either to analyze open source packages before they are used or to audit open source components within internally-developed applications. Any open source package used in the enterprise can be submitted for analysis, regardless of whether or not it's included in the online library of over 330,000 open source software packages available via OpenLogic Exchange (OLEX).
Once your License Obligation Analysis request has been received, a representative from the OpenLogic services team interviews the appropriate members of your engineering team to gain an understanding of key issues for each open source package and version to be analyzed. This interview covers topics such as how packages are used, whether or not source code has been modified, the method of linking used in development, and whether and how code is distributed. Next, OpenLogic's services team uses several scanning options and tools to gather the necessary information and produce your License Obligation Analysis reports.
The Open Source License Obligation Analysis service uncovers the available information about the files included with an open source package, but in some cases files lack complete information. If the license associated with a file is not clear, OpenLogic will make reasonable efforts to resolve the issue. These efforts may include some or all of the following:
OpenLogic cannot guarantee that all open issues can be resolved within the required time frames. If after reasonable efforts OpenLogic cannot resolve open issues within required time frames, any remaining issues will be documented and included in the Open Source License Obligation Analysis reports.
Learn more about how OpenLogic can help you understand open source lisense risks and obligations. Contact us today for a price quote on the License Obligation Analysis service.