SlideShare uma empresa Scribd logo

Legal Issues in Developing in a Hybrid Envionment with Open Source Software

Mark Radcliffe
Mark Radcliffe

This slidedeck is the third in a series of presentations on legal issues on open source licensing by Karen Copenhaver of Choate Hall and Mark Radcliffe of DLA Piper. To view the webinars, please go to http://www.blackducksoftware.com/files/legal-webinar-series.html. You may also want to visit my blog which frequently deals with open source legal issues http://lawandlifesiliconvalley.com/blog/

Tecnologia
1 de 22
Baixar para ler offline
Karen Copenhaver Mark Radcliffe Michael Waldron Webinar March 18, 2009
Speakers Karen Copenhaver Partner at Choate Hall & Stewart Counsel for the Linux Foundation Michael Waldron Marketing Communications Manager, Black Duck Software Mark Radcliffe Partner at DLA Piper General Counsel for the Open Source Initiative (OSI) Page 2 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Agenda Developing in a Hybrid Open Source- Proprietary World What is a Hybrid Environment? Why and when do I need a license? How do you interpret an OS License? Why license incompatibility is the wrong question GPL / LGPL / Mozilla Summary Q&A Page 3 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Why Open Source: Leverage, Compelling Economics Linux Example: Leverage of 23:1 – Open source community contributes $1.4 Billion – Red Hat spends $60 M Customer saves 88% of development – 19K lines of new code, 140K lines of open source – Savings of approx. $20,000 for every 1,000 lines of code of OSS used “The fundamental economics of software development leads you to open-source softwarequot; – David Rivas, Nokia VP for S60 Software Page 4 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Software Development Today “40-50% of code comes from outside the company” Outsourced Code Jim Duggan, Gartner group Development Internally Commercial Developed 3rd-Party Code Code Open Source Software Individuals Universities Corporate Developers Software Application YOUR COMPANY Page 5 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Complexity Each component has an owner & license Each license must permit me to use the code in the way I would like with all of the other code And to do so over time as the use of the code changes Page 6 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Basics Any use of intellectual property requires a license – A license is permission to use someone’s property Software is protected by intellectual property – Copyrights and sometimes patents and trade secrets – Copyright arises automatically in author If no intellectual property → no need for a license – Is it copyrightable subject matter? Functional statement / Merger of idea and expression – Has it been formally dedicated to the “public domain”? A complete relinquishment of all intellectual property rights Page 7 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Licenses may be express or implied An implied license may be: – Implied in fact Reasonable assumption based on circumstances Cannot contradict an express license – Implied in law Exhaustion Estoppel – “(1) the party to be estopped must be apprised of the facts; (2) he must intend that his conduct shall be acted upon, or must so act that the party asserting the estoppel had a right to believe it was so intended; (3) the other party must be ignorant of the true state of facts; and (4) he must rely upon the conduct to his injury.” Fair Use – May be eliminated in US by contract An express license may be: – Oral or written – Formal or informal – In plain English or legalese Page 8 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Scope of License If you are acting within the scope of the license – You are licensed – A license is a defense to a claim of infringement If you act outside the scope of the license, or breach the terms of the license so that the license is terminated – You are unlicensed – You are an infringer – You can be forced to cease activities beyond scope of the license depending on how the license is drafted, see Jacobsen The Question is: – Can I comply with the terms of the license under which the code was made available? Page 9 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
License Incompatibility Frequently leads to the wrong analysis Incompatible obligations are problems for both commercial and open source licenses The incompatible obligations only matter if the programs interoperate in a manner which triggers them Summary: If the GPLv2 licensed program does not create a derivative work of the Apache licensed program, you do not have a problem even though the licenses are “incompatible” Page 10 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
License Compliance Attribution Licenses – compliance is easy – BSD, MIT, Apache Weak Copyleft licenses – more challenging – Mozilla – EPL – CDDL Strong Copyleft licenses: most challenging – GPL (GPLv2 differs from GPLv3) – LGPL (LGPLv2 differs from LGPLv3) – AGPL Page 11 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
How do you interpret an OS License? 1. You read the license 2. You interpret the license as a lawyer would interpret a contract 3. Basis for interpretation 1. Views about the license by the authors of the licensed code (NOTE: the views of the authors of the license carry less weight) 2. Views by the author of the license at the time of the license creation (NOTE: FAQ on GPLv2 ten years after creation may have limited effect on court except as “usages of the trade”) 3. Community view: valuable as “custom and usage and trade practices ” under Article 2 of the UCC (2-208) 4. Limits on enforcement imposed by the community Page 12 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Perspectives on FOSS Licenses Developer’s Attorney’s – Familiar with community – Four corners of the license consensus – Rules of contract construction – Focus on common sense; legal – Article 2 of the UCC in US and engineering “logic” is – Copyright Act and caselaw different – Identification of the parties to – Comfortable with “community” the contract interpretation – Contract law versus – Look to project committers like intellectual property law Linus for direction – Breach and Remedies – See absence of litigation as – Change in programming proof of little or no risk techniques changes results – Frustrated with “plain English” – Anticipate a judge discussions Judge in Court – Can describe function in many different ways Licensor’s counsel Community Page 13 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
General Public License: GPLv2 Reciprocal License – Works created using GPL licensed code may only be distributed under the GPL Scope of “based on” work – Ambiguity of “derivative work” – Use of “collective work” – Linking issues Focus on the word “work” – When is the “work” a separate and independent work? – What is included in the “work”? Many lawyers believe that components that interoperate using an interface created to enable components to work together are separate works Others do not agree Page 14 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Classpath Exception Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Page 15 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Lesser General Public License: LGPL Two licenses (LGPLv3 recognizes this fact by making the LGPLv3 a modification of GPLv3) – GPL for “library” – Any terms for combination of “library” and commercial work Designed for libraries to avoid reluctance to use GPL licensed libraries with commercial programs Section 5 exceptions for “small uses” – Data structure layouts/small macros/inline functions Scope 6 (linked LGPL program) – Permit modifications for customers own use – Make source code or object code available Page 16 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
General Public License: GPLv3 Reciprocal License – Works created using GPLv3 licensed code may only be distributed under the GPLv3 Shift from US copyright to “contract” terms – Convey – Modification – Propagate Patents – Direct license for those who modify the work – Pass through of third party patent licenses if used with “knowledge” – Microsoft/Novell provisions Modification to permit compatability with obligations of certain other license – Warranties – Trademark use/attribution – Indemnity – Prohibition of trademark use Page 17 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Mozilla Public License Reciprocal Scope based on files (with some ambiguity) – ''Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. Very broad “patent peace” provision which applies to both the work licensed under MPL and all “software, hardware or device” Numerous notice requirements Page 18 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Challenges of Using Open Source at Scale Manual management methods are inadequate, prone to error – E.g., version proliferation raises complexity and likelihood of errors Applications Components Versions Components to track 5 2 3 30 5 100 3 1500 When managed poorly, use of open source can introduce risks and challenges: – Legal exposure due to unmet license obligations – Regulatory violations – Unsupported open source – Version proliferation Using open source at scale, brings new challenges – Management – Compliance – Pedigree Page 19 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Summary Open Source Software is protected by Intellectual Property Use of Intellectual Property Requires a License Open source components have licenses with obligations that must be met Licenses vary in terms and complexity but cannot be ignored Breach the license and many open source licenses automatically terminate without notice and cure period; thus risk exposure to claims by the licensor The Challenge Give developers the creative freedom they desire while minimizing process constraints and company exposure to risk Page 20 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Next in the Black Duck Legal Webinar Series: Best Practices in Managing OSS The proliferation of OSS use combined with recent legal actions has raised industry awareness that open source code must be managed in compliance with applicable software licenses. Leading development organizations are establishing policies around open source usage and implementing engineering development processes which insure that software products remain in compliance. Join us for a review of industry best practices around the managed use of open source code. In this webinar, we will discuss: – Key issues when defining open source policies – Formation of a compliance team – Inbound and outbound compliance processes – Top implementation approaches Day and time: – Wednesday April 15th at 11:30AM EST, 8:30am PT, 4:30pm GMT To sign up: http://www.blackducksoftware.com/files/legal-webinar-series.html Page 21 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
Questions & Answers

Recomendados

OSS Legal issues method
OSS Legal issues methodOSS Legal issues method
OSS Legal issues methodfOSSa - Free Open Source Software Academia Conference
 
An Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsAn Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsGreat Wide Open
 
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Hawley Troxell
 
Law Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationLaw Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationMark Fidelman
 
iText IP Review
iText IP ReviewiText IP Review
iText IP ReviewBruno Lowagie
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Jason Haislmaier
 
Silicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitSilicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitMark Radcliffe
 
2009 Think Tank Final Update
2009 Think Tank Final Update2009 Think Tank Final Update
2009 Think Tank Final UpdateMark Radcliffe
 

Recomendados

OSS Legal issues method
OSS Legal issues methodOSS Legal issues method
OSS Legal issues methodfOSSa - Free Open Source Software Academia Conference
 
An Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsAn Introduction to Free and Open Source Software Licensing and Business Models
An Introduction to Free and Open Source Software Licensing and Business ModelsGreat Wide Open
 
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...
Who Owns the Code? A Brief Guide to Software Ownership for Developers and End...Hawley Troxell
 
Law Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationLaw Enforcement 2.0 - The Next Generation
Law Enforcement 2.0 - The Next GenerationMark Fidelman
 
iText IP Review
iText IP ReviewiText IP Review
iText IP ReviewBruno Lowagie
 
Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Open Source License Compliance in the Cloud (CELESQ) (October 2012)
Open Source License Compliance in the Cloud (CELESQ) (October 2012)Jason Haislmaier
 
Silicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitSilicon Valley in Transition from Global Innovation Summit
Silicon Valley in Transition from Global Innovation SummitMark Radcliffe
 
2009 Think Tank Final Update
2009 Think Tank Final Update2009 Think Tank Final Update
2009 Think Tank Final UpdateMark Radcliffe
 
IP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesIP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesMark Radcliffe
 
Transforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyTransforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyInnoTech
 
IoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerIoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerMark Radcliffe
 
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Mark Radcliffe
 
Sunu22
Sunu22Sunu22
Sunu22dede789
 
Gamifying Open Source
Gamifying Open SourceGamifying Open Source
Gamifying Open SourceGautam Rege
 
OSI and Linux Foundation Letter
OSI and Linux Foundation LetterOSI and Linux Foundation Letter
OSI and Linux Foundation LetterMark Radcliffe
 
Top Ten Open Source Licenses
Top Ten Open Source LicensesTop Ten Open Source Licenses
Top Ten Open Source LicensesMark Radcliffe
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Soft piracy
Soft piracySoft piracy
Soft piracyVibhor Raut
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOsler, Hoskin & Harcourt LLP
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?Jennifer O'Neill
 
2009 patents - presentation
2009 patents - presentation2009 patents - presentation
2009 patents - presentationFranck Dernoncourt
 
Software piracy
Software piracySoftware piracy
Software piracyAkhil Tiwari
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Open Source File
Open Source FileOpen Source File
Open Source FileAbhishek Goel
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs ProprietaryM. Antoinette Jerom
 
FOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesFOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesChamindra de Silva
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsRogue Wave Software
 

Mais conteúdo relacionado

Destaque

IP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesIP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesMark Radcliffe
 
Transforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyTransforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyInnoTech
 
IoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerIoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerMark Radcliffe
 
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Mark Radcliffe
 
Gamifying Open Source
Gamifying Open SourceGamifying Open Source
Gamifying Open SourceGautam Rege
 
OSI and Linux Foundation Letter
OSI and Linux Foundation LetterOSI and Linux Foundation Letter
OSI and Linux Foundation LetterMark Radcliffe
 
Top Ten Open Source Licenses
Top Ten Open Source LicensesTop Ten Open Source Licenses
Top Ten Open Source LicensesMark Radcliffe
 

Destaque (8)

IP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source CompaniesIP and Licensing Strategy for Open Source Companies
IP and Licensing Strategy for Open Source Companies
 
Transforming IT with an Open Source Strategy
Transforming IT with an Open Source StrategyTransforming IT with an Open Source Strategy
Transforming IT with an Open Source Strategy
 
IoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper DinnerIoTWorld Presentation by Accenture at DLA Piper Dinner
IoTWorld Presentation by Accenture at DLA Piper Dinner
 
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
Acc Itpec Letter And Discussion Points Re Ali Principles Of The Law Of Softwa...
 
Sunu22
Sunu22Sunu22
Sunu22
 
Gamifying Open Source
Gamifying Open SourceGamifying Open Source
Gamifying Open Source
 
OSI and Linux Foundation Letter
OSI and Linux Foundation LetterOSI and Linux Foundation Letter
OSI and Linux Foundation Letter
 
Top Ten Open Source Licenses
Top Ten Open Source LicensesTop Ten Open Source Licenses
Top Ten Open Source Licenses
 

Semelhante a Legal Issues in Developing in a Hybrid Envionment with Open Source Software

Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOsler, Hoskin & Harcourt LLP
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?Jennifer O'Neill
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
FOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesFOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesChamindra de Silva
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsRogue Wave Software
 
A Symphony of R&D Collaboration
A Symphony of R&D CollaborationA Symphony of R&D Collaboration
A Symphony of R&D CollaborationAndrea Ross
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your LicensingAnsel Halliburton
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptViet NguyenHoang
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_reviewwebuploader
 
Open Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceOpen Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceAll Things Open
 

Semelhante a Legal Issues in Developing in a Hybrid Envionment with Open Source Software (20)

Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
Soft piracy
Soft piracySoft piracy
Soft piracy
 
Open source software 101: Compliance and risk management
Open source software 101: Compliance and risk managementOpen source software 101: Compliance and risk management
Open source software 101: Compliance and risk management
 
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
 
2009 patents - presentation
2009 patents - presentation2009 patents - presentation
2009 patents - presentation
 
Software piracy
Software piracySoftware piracy
Software piracy
 
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
 
Open Source File
Open Source FileOpen Source File
Open Source File
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
 
FOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source LicensesFOSS4Gov: Understanding Open Source Licenses
FOSS4Gov: Understanding Open Source Licenses
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
A Symphony of R&D Collaboration
A Symphony of R&D CollaborationA Symphony of R&D Collaboration
A Symphony of R&D Collaboration
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your Licensing
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_review
 
Open Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and ComplianceOpen Source Licensing: Types, Strategies and Compliance
Open Source Licensing: Types, Strategies and Compliance
 

Mais de Mark Radcliffe

NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdfNFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdfMark Radcliffe
 
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdfPLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdfMark Radcliffe
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal IssuesMark Radcliffe
 
Emerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and BlockchainEmerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and BlockchainMark Radcliffe
 
US-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to LeadersUS-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to LeadersMark Radcliffe
 
Blockchain & Tokenization of Business
Blockchain & Tokenization of BusinessBlockchain & Tokenization of Business
Blockchain & Tokenization of BusinessMark Radcliffe
 
ICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding StrategyICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding StrategyMark Radcliffe
 
US-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council ReportUS-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council ReportMark Radcliffe
 
Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016 Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016 Mark Radcliffe
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source LicensingMark Radcliffe
 

Mais de Mark Radcliffe (12)

NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdfNFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
NFTLegalDeepDiveCopyrightTrademarkUniformCommercialCodeDeepDive.pdf
 
NFTLegalOverview.pdf
NFTLegalOverview.pdfNFTLegalOverview.pdf
NFTLegalOverview.pdf
 
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdfPLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
PLI Blockchain Future Legal Issues 2021(296516723.1)(1).pdf
 
Blockchain: Future Legal Issues
Blockchain: Future Legal IssuesBlockchain: Future Legal Issues
Blockchain: Future Legal Issues
 
Emerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and BlockchainEmerging Theories for Software Developer Liability in FOSS and Blockchain
Emerging Theories for Software Developer Liability in FOSS and Blockchain
 
US-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to LeadersUS-Japan Innovation and Entrepreneurship Council Report to Leaders
US-Japan Innovation and Entrepreneurship Council Report to Leaders
 
Blockchain & Tokenization of Business
Blockchain & Tokenization of BusinessBlockchain & Tokenization of Business
Blockchain & Tokenization of Business
 
Hybrid Token Offering
Hybrid Token OfferingHybrid Token Offering
Hybrid Token Offering
 
ICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding StrategyICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
ICOs and Venture Financing: Understanding the Issues for a new Funding Strategy
 
US-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council ReportUS-Jpan Innovation and Entrepreneurship Council Report
US-Jpan Innovation and Entrepreneurship Council Report
 
Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016 Free and Open Source Software Litigation in 2016
Free and Open Source Software Litigation in 2016
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source Licensing
 

Último

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Último (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

Legal Issues in Developing in a Hybrid Envionment with Open Source Software

  • 1. Karen Copenhaver Mark Radcliffe Michael Waldron Webinar March 18, 2009
  • 2. Speakers Karen Copenhaver Partner at Choate Hall & Stewart Counsel for the Linux Foundation Michael Waldron Marketing Communications Manager, Black Duck Software Mark Radcliffe Partner at DLA Piper General Counsel for the Open Source Initiative (OSI) Page 2 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 3. Agenda Developing in a Hybrid Open Source- Proprietary World What is a Hybrid Environment? Why and when do I need a license? How do you interpret an OS License? Why license incompatibility is the wrong question GPL / LGPL / Mozilla Summary Q&A Page 3 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 4. Why Open Source: Leverage, Compelling Economics Linux Example: Leverage of 23:1 – Open source community contributes $1.4 Billion – Red Hat spends $60 M Customer saves 88% of development – 19K lines of new code, 140K lines of open source – Savings of approx. $20,000 for every 1,000 lines of code of OSS used “The fundamental economics of software development leads you to open-source softwarequot; – David Rivas, Nokia VP for S60 Software Page 4 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 5. Software Development Today “40-50% of code comes from outside the company” Outsourced Code Jim Duggan, Gartner group Development Internally Commercial Developed 3rd-Party Code Code Open Source Software Individuals Universities Corporate Developers Software Application YOUR COMPANY Page 5 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 6. Complexity Each component has an owner & license Each license must permit me to use the code in the way I would like with all of the other code And to do so over time as the use of the code changes Page 6 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 7. Basics Any use of intellectual property requires a license – A license is permission to use someone’s property Software is protected by intellectual property – Copyrights and sometimes patents and trade secrets – Copyright arises automatically in author If no intellectual property → no need for a license – Is it copyrightable subject matter? Functional statement / Merger of idea and expression – Has it been formally dedicated to the “public domain”? A complete relinquishment of all intellectual property rights Page 7 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 8. Licenses may be express or implied An implied license may be: – Implied in fact Reasonable assumption based on circumstances Cannot contradict an express license – Implied in law Exhaustion Estoppel – “(1) the party to be estopped must be apprised of the facts; (2) he must intend that his conduct shall be acted upon, or must so act that the party asserting the estoppel had a right to believe it was so intended; (3) the other party must be ignorant of the true state of facts; and (4) he must rely upon the conduct to his injury.” Fair Use – May be eliminated in US by contract An express license may be: – Oral or written – Formal or informal – In plain English or legalese Page 8 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 9. Scope of License If you are acting within the scope of the license – You are licensed – A license is a defense to a claim of infringement If you act outside the scope of the license, or breach the terms of the license so that the license is terminated – You are unlicensed – You are an infringer – You can be forced to cease activities beyond scope of the license depending on how the license is drafted, see Jacobsen The Question is: – Can I comply with the terms of the license under which the code was made available? Page 9 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 10. License Incompatibility Frequently leads to the wrong analysis Incompatible obligations are problems for both commercial and open source licenses The incompatible obligations only matter if the programs interoperate in a manner which triggers them Summary: If the GPLv2 licensed program does not create a derivative work of the Apache licensed program, you do not have a problem even though the licenses are “incompatible” Page 10 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 11. License Compliance Attribution Licenses – compliance is easy – BSD, MIT, Apache Weak Copyleft licenses – more challenging – Mozilla – EPL – CDDL Strong Copyleft licenses: most challenging – GPL (GPLv2 differs from GPLv3) – LGPL (LGPLv2 differs from LGPLv3) – AGPL Page 11 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 12. How do you interpret an OS License? 1. You read the license 2. You interpret the license as a lawyer would interpret a contract 3. Basis for interpretation 1. Views about the license by the authors of the licensed code (NOTE: the views of the authors of the license carry less weight) 2. Views by the author of the license at the time of the license creation (NOTE: FAQ on GPLv2 ten years after creation may have limited effect on court except as “usages of the trade”) 3. Community view: valuable as “custom and usage and trade practices ” under Article 2 of the UCC (2-208) 4. Limits on enforcement imposed by the community Page 12 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 13. Perspectives on FOSS Licenses Developer’s Attorney’s – Familiar with community – Four corners of the license consensus – Rules of contract construction – Focus on common sense; legal – Article 2 of the UCC in US and engineering “logic” is – Copyright Act and caselaw different – Identification of the parties to – Comfortable with “community” the contract interpretation – Contract law versus – Look to project committers like intellectual property law Linus for direction – Breach and Remedies – See absence of litigation as – Change in programming proof of little or no risk techniques changes results – Frustrated with “plain English” – Anticipate a judge discussions Judge in Court – Can describe function in many different ways Licensor’s counsel Community Page 13 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 14. General Public License: GPLv2 Reciprocal License – Works created using GPL licensed code may only be distributed under the GPL Scope of “based on” work – Ambiguity of “derivative work” – Use of “collective work” – Linking issues Focus on the word “work” – When is the “work” a separate and independent work? – What is included in the “work”? Many lawyers believe that components that interoperate using an interface created to enable components to work together are separate works Others do not agree Page 14 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 15. Classpath Exception Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Page 15 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 16. Lesser General Public License: LGPL Two licenses (LGPLv3 recognizes this fact by making the LGPLv3 a modification of GPLv3) – GPL for “library” – Any terms for combination of “library” and commercial work Designed for libraries to avoid reluctance to use GPL licensed libraries with commercial programs Section 5 exceptions for “small uses” – Data structure layouts/small macros/inline functions Scope 6 (linked LGPL program) – Permit modifications for customers own use – Make source code or object code available Page 16 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 17. General Public License: GPLv3 Reciprocal License – Works created using GPLv3 licensed code may only be distributed under the GPLv3 Shift from US copyright to “contract” terms – Convey – Modification – Propagate Patents – Direct license for those who modify the work – Pass through of third party patent licenses if used with “knowledge” – Microsoft/Novell provisions Modification to permit compatability with obligations of certain other license – Warranties – Trademark use/attribution – Indemnity – Prohibition of trademark use Page 17 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 18. Mozilla Public License Reciprocal Scope based on files (with some ambiguity) – ''Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. Very broad “patent peace” provision which applies to both the work licensed under MPL and all “software, hardware or device” Numerous notice requirements Page 18 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 19. Challenges of Using Open Source at Scale Manual management methods are inadequate, prone to error – E.g., version proliferation raises complexity and likelihood of errors Applications Components Versions Components to track 5 2 3 30 5 100 3 1500 When managed poorly, use of open source can introduce risks and challenges: – Legal exposure due to unmet license obligations – Regulatory violations – Unsupported open source – Version proliferation Using open source at scale, brings new challenges – Management – Compliance – Pedigree Page 19 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 20. Summary Open Source Software is protected by Intellectual Property Use of Intellectual Property Requires a License Open source components have licenses with obligations that must be met Licenses vary in terms and complexity but cannot be ignored Breach the license and many open source licenses automatically terminate without notice and cure period; thus risk exposure to claims by the licensor The Challenge Give developers the creative freedom they desire while minimizing process constraints and company exposure to risk Page 20 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.
  • 21. Next in the Black Duck Legal Webinar Series: Best Practices in Managing OSS The proliferation of OSS use combined with recent legal actions has raised industry awareness that open source code must be managed in compliance with applicable software licenses. Leading development organizations are establishing policies around open source usage and implementing engineering development processes which insure that software products remain in compliance. Join us for a review of industry best practices around the managed use of open source code. In this webinar, we will discuss: – Key issues when defining open source policies – Formation of a compliance team – Inbound and outbound compliance processes – Top implementation approaches Day and time: – Wednesday April 15th at 11:30AM EST, 8:30am PT, 4:30pm GMT To sign up: http://www.blackducksoftware.com/files/legal-webinar-series.html Page 21 Copyright © 2006 Black Duck Software, Inc. All Rights Reserved.