Compliance

In the world of compliance, a job well done is often a thankless one. After all, when compliance operations are running effectively, it goes unnoticed. However, when things don’t run well, compliance gets a lot of unwanted attention. This is especially true for today’s software supply chain in the open source world.

Contrary to popular belief, free and open source software is not free and using open source software requires that organisations understand the respective legal framework. Just like individually negotiated proprietary software licenses, free and open source software licenses are linked to certain licensing conditions. For example, most free and open software licenses have notice requirements. Some free and open source licenses come with the concept of copyleft that defines the way open source components can interact with proprietary software. Failure to comply with license obligations can result in lawsuits, product recall, and more. To reduce risk and transaction costs in the software supply chain companies must implement a license and compliance strategy.

Managing the use of free and open source software in commercial products diverts legal and technical resources. However, performing compliance should not be seen as a cost center but as a competitive advantage. Any company wanting to compete in the fast-paced world of software development must fulfill their obligations and demonstrate they are equipped to operate in accordance with the law. 

A general overview of open source compliance in the business context can be found at the personal website of Ibrahim Haddad: available at http://www.ibrahimatlinux.com/publications.html 

The Linux Foundation has published a guide on practical GPL compliance.

An overview of Free and Open Source legal matters across various jurisdictions can be found at the International Free and Open Source Law Book.

The Free Software Foundation and the Software Freedom Conservancy have published a set of principles on community-oriented GPL enforcement.