Three Steps to Avoid Intellectual Property (IP) Risk With: Open Source Software

Sachin Kaushik, Director - Sales, Lyra Infosystems Sachin is Open Source evangelist and a business leader who has over 16 years' experience in Open Source, Embedded Linux, Automotive Infotainment and Internet of Things (IoT).

Open Source Software is pervasive and offers unmatched time and cost advantages, Business leaders and Technical managers must however be aware of the potential legal pitfalls.

Enterprise consumption of Open Source Software (OSS) has seen almost exponential growth in the last decade. The factors contributing to this trend could be summarized as,

.Higher Code Quality as
.projects are matured,
.Time and Cost advantage,
.No Proprietary Vendor Lock-in, and
.Easier availability of manpower familiar with OSS, among others

In an estimate, almost 1/3rd of all software being consumed in enterprise environment is OSS and/or a derivative work.

So what is OSS?
Open Source Software, is best understood by the fact that availability of the‘source code’ i.e. the programming language instructions that define what a piece of software does. This along with the paradigm of free software that grants a range of freedom to run, copy, distribute, study, change and improve the software(subject to specific OSS software license agreements being used by individual OSS project).

So the question to ask is, Is this a good time for your organization to acquire OSS and enjoy its benefits?

Absolutely, the recent endorsement by software giants like Microsoft (Now also part of Linux Foundation and largest contributor to OSS project on GITHUB) are one such good example to make such a decision. However, one must not take advantages gained through the use of OSS, for granted.

In reality, OSS is n’t completely free!
.Community dependence for problem
resolution, upgrades and support

.Uncertainty about software stability and reliability

Most enterprises usually address the above two by either building expertise in-house and/or utilizing the domain expert for consulting.

One ofthe lesser understood OSS fact for enterprise customers is the intellectual property-related rights and responsibilities including copyrights. The biggest risk to OSS consumption stems from non-compliance with its license terms, which are far from uniform.

So, How to avoid IP risk when using OSS?
Over the years as a member of OSS community and providing OSS for enterprise customers, here are three steps to consider to avoid IP risk with OSS –

STEP1- Software Composition Analysis/Assessment -Know what exactly is in your code!
This step is to create an accurate list of OSS software components and licenses being consumed. It is important to understand that this will require access to a central OSS Knowledge-Base repository to compare against the origin of the code. As this exercise can turn out to be quite complex when it comes to code snippets etc, Most enterprises will like to automate this work-flow by using industry leading solutions (like Flexera Code-Insight and Code-Aware).

STEP 2– Software Code Audit - Check for Infringements, Conflicts, Compliance requirements
This step usually takes the automated output of Step 1 through ascrutiny of human code auditor to categorize, prioritize and optimize all issues reported by an auto-checker. Being a manual process this would need (at-least for the first audit) special expertise with familiarity of Software (languages, coding guidelines) and understanding of OSS license agreements (GNU, BSD, MIT).

STEP 3 - Conflict Re-mediation - Technical and Legal Resolution
The nature of conflict will help guide formulate a strategy for it’s re-mediation. This could be through judicial technical reviewand re-architecting code for compliance (e.g. version change, static vs dynamic linking). In case required taking legal opinion services for compliance by assessing and identifying issues and/or utilizing professionals seeking exceptional permissions from contributors on behalf of enterprise as well as doing anonymous license negotiations when necessary among others.

The Open Compliance Program by Linux Foundation is a valuable resource to understand the legal frameworks and obligations that come with the OSS code. The initiative offers best practices and training to develop expertise for self-assessment and using software tools for detecting open source content in software deliverable.

Conclusion:Open Source Software is omnipresent around us from mobile to network to cloud infrastructure. It offers access to stable, low-cost software that can not only help manage a wide variety of business functions, but can also be customized to suit unique needs at a relatively low cost. Business leaders and technical managers must how ever be aware of potential legal pitfalls. Companies should be fully aware of the licensing terms for OSS software and have processes in place to govern and monitor its use with in the enterprise.