Speakers from Fermi National Accelerator Laboratory, Idaho National Laboratory, and Black Duck discuss Open Source Software (OSS) issues from industry and government perspectives. The speakers also delve into the White House open-source policy directive and the impact that releasing federally funded software will have on technology transfer.

1. Wednesday, April 26th, 2017
Paul Berg— Idaho National Laboratory (INL)
Aaron Sauers— Fermi National Accelerator Laboratory (FNAL)
Phil Odence— Black Duck
IP Track – Open Source Software

2. Agenda
• Software Basics
• Open Source Software Concerns
• Intersection of OSS, Industry, and Laboratory
• Current Events & OSTP Memo

3. What is a Copyright?
Copyright protection subsists….in original works of
authorship fixed in any tangible medium of expression
…..otherwise communicated, either directly or with the
aid of a machine or device. (17 U.S.C. §102)
– Applicable for:
• Software
• Schematics/drawings
• Firmware
• Publications (technical/journal articles, etc.)

4. General Categories of Distribution
• Public Domain (Permitted Use)
• Controlled Distribution
• Open Source Release
– For collaboration on open source projects
(programmatic value)
– Example licenses:
• General Public License v. 2.0 (hereditary)
• Lesser General Public License (hereditary)
• BSD (non-hereditary)
• Apache 2.0 (non-hereditary)

5. What do we really mean by OSS?
Some scientists read “Open Source” as simply
distribution of software in source code form…
… But it’s more than that. For T2 professionals,
Open Source is a style of license.
• So, what is Source Code?
• What kinds of licenses constitute OSS?

6. What is Source Code?
Source Code vs Executable

7. Open Source License Styles

8. © Black Duck Software 2017 8
Virtually all Global 2000 companies use open source
to run critical infrastructure. - Gartner
Open Source Has Blown Past the Tipping Point
Open Source Projects (Millions)
70%
of apps will run on
OSS databases by
2018
50%
of orgs face
problems because
of a lack of policy
2.5
0.1
0.2
0.5
1.5
1.0
2007 2009 2011 2013 2015 2017

9. Open Source as a Percentage of Code Base is Increasing
© Black Duck Software 2017 9

10. Open Source Enters the Code Base in Many Ways
Supply Chain Code
Outsourced Code
Internal Code
Code Reuse
Legacy Code
Third Party Libraries
Open Source
Components
Consolidated Code Base
© Black Duck Software 2017 10

11. Basic Challenge:
OSS Often Enters a Code Base Unchecked
© Black Duck Software 2017 11
Code Base
Commercial
3rd Party
Code
Purchasing
• Licensing?
• Security?
• Quality?
• Support?
Open Source
OPERATIONAL
RISK
Which versions of
code are being used,
and how old are they
LEGAL RISK
Which licenses are
used and do they
match anticipated use
of the code
SECURITY RISK
Which components
have vulnerabilities
and what are they
Management
visibility…not!

12. • Third party code available as source code on the Internet offered to all under an “open source
license”
• From OpenOffice to Snippets
• Source available, free distribution, derivative works OK
• License Type #1 Permissive (Attribution-style)
• Easy & developer-friendly
• Just maintain attribution
• License Type #2: Reciprocal (Copyleft/Viral)
• Can be problematic
• Can compromise proprietary IP
Open Source is Defined by its License
© Black Duck Software 2017 12
Third-party
Software
Open
Source

13. Open Source Security Challenges
While Heartbleed, Shellshock,
Ghost & Venom demonstrate
the risk of vulnerabilities, new
vulnerabilities outpace
customers’ ability to cope.
6000
New vulnerabilities
reported each year

15. Don't cross the streams!
Total protonic reversal!

16. ● Are you sure you want to find a way to bear their
cost?
● Do royalties compete for 90+% costs savings
available from using free of charge third party
components?
● Can your lab compete with the quality of software
produced by specialized foundations many of which
are larger than your lab?
● Does withholding rights to IP from practitioners
really improve commercialization success?
● Are antidisestablishmentarianists really generating
trillions of dollars of market capital for no benefit to
themselves?
● Do they know something you don’t?
Open Source
Has
Swallowed
The World
Whose Owns Most of The IP In The Software Industry?

17. Are You Really In The Business Of Selling
Software, Or Is That A Complementary
Activity To What You Do?

19. Know Your Audience

20. OSTP Memorandum
• OSTP (previous administration) released “Source Code Policy:
Achieving Efficiency, Transparency, and Innovation through Reusable
and Open Source Software”
• Policy establishes a pilot program that requires agencies, when
commissioning new custom software, to release at least 20% as OSS
for duration of the 3-year pilot
• Far greater than 20% of Fermilab’s code is released as OSS, so this is
something at which we may excel
• It is unclear whether the new administration will proceed with the pilot
program.

21. Originally presented att the The Federal Laboratory Consortium for Technology Transfer 2017
National Meeting By Paul Berg, Sr. R&D Software Licensing Manager, Idaho National
Laboratory, Office of Technology Transfer. paul.berg@inl.gov
This Presentation is Copyright 2017 Idaho National Laboratory and is licensed under the
Creative Commons Attribution 4.0 license (CC-BY-4)
https://creativecommons.org/licenses/by/4.0/
Richard Stallman photo is licensed under CC-BY-SA-3-gr by Konstantinos Stampoulis
Eric S Raymond and Paul Fenwick photos are licensed CC-BY-NC-SA-2
Rick Perry photo is licensed under CC-BY-SA-2
Hackathon Picture is licensed CC-BY-2 by Sebastiaan ter Burg
Researcher Picture is licensed CC-BY-2
Landscape picture is Licensed CC-BY-2 by John Fowler

22. Aaron’s References
Source Code Example is licensed under CC BY 2.5
Executable Example licensed under BSD
License Compatibility Flow Chart licensed under CC BY-SA 3.0 US