The days of endlessly grepping source code for license and copyright information may be coming to a close. If the new Software Package Data Exchange (SPDX) project becomes popular, such information will be commonly available in a standard format that can be read by developers and business executives alike. Currently in late beta, the first version of the SPDX specification is scheduled for release next month.
In Jacobsen v. Katzer, the Federal Circuit held that open source licenses are indeed licenses and not merely contracts.1 This is an important decision due to the remedies available under the Copyright Act versus contract law. But what do monetary damages under U.S. copyright law look like? More specifically, how much could an OSS license non-compliance action cost a company that loses such a suit? Two lawyers endeavoured to answer just that question in a presentation in mid-May at the Open Source Business Conference in San Francisco. Jeffery Norman and Vladimir Khodosh of Kirkland & Ellis outlined the various sources of monetary remedies for FOSS license non-compliance, with a particular focus on the ability to recover a portion of the infringer's profits.
The world has officially gone app crazy. Almost every leading brand, from Starbucks to General Motors, creates apps for both iOS and Android devices. According to the App Genome project, there are now over 400,000 apps in the Android Market and Apple App Store combined, while leading IT analyst firm, Gartner, has declared that the market for mobile apps will exceed $15B in 2011.
Jilayne Lovejoy, OpenLogic’s Corporate Counsel, and Eric Weidner, OpenLogic's Co-Founder and Senior Development Manager, recently sat down for an informative discussion on practical tips for open source license compliance.
From the consumer point of view, Apple's App Store is a really convenient way to acquire and manage software. Not only does it greatly simplify buying applications, but the App Store remembers what you've purchased and allows you to transfer all of the software to new devices. The concept has spread considerably, and is changing the way that many people think about getting software. Unfortunately, it also poses a considerable challenge for developers, projects, and companies that want to utilize reciprocal free software licenses.
In the first piece on open source auditing, I demonstrated the need for an open source audit for companies that are using any open source software and what you can expect out of an audit. But we've yet to go into detail regarding how an open source audit works. This time, I'd like to provide insight into how OpenLogic performs an open source software audit and how we train our customers to perform their own audits using our scanning tools. These tips will help you ensure a successful audit whether doing it yourself with scanning tools or using an outside audit vendor such as OpenLogic.
No matter what industry your business is in, you're almost certainly using open source software. The question is whether you know how you're using open source, what licenses are in play, and whether you're meeting all of your license requirements. If you can't answer all of these questions — and most businesses can't — you may want to perform an open source audit as a starting point. Why? An audit can answer the question of what Open Source Software (OSS) is present in your code and what licenses that OSS falls under.
You know who loves open source software? Developers love open source software. Developers, and IT staff. If open source was a band, these guys would be the biggest fans. They've downloaded it, they've used it, they know it works — and they know it saves them loads of both time and money. They tend to use open source software whenever it makes sense to do so.
These days, practically every company out there is involved with free and open source software (FOSS) in one way or another, but don't be fooled by the use of the words "free" and "open": FOSS still needs to be managed just like any other third-party software. The ways in which it enters your company, what it can be used for, how it impacts your daily operations — these processes need to be tracked, organized, and streamlined.