Android - FOSS Case Study FINAL (5)

8/7/2019 Android - FOSS Case Study FINAL (5)

http://slidepdf.com/reader/full/android-foss-case-study-final-5 1/22

Android: Opportunityand Complexity

A Case Study in OpenSource ComplianceManagement



Copyright © 2010 Black Duck Software, Inc. All Rights Reserved.

Speakers

Karen Copenhaver

Partner at Choate Hall & Stewart

Counsel for the LinuxFoundation

Mark Radcliffe

Partner at DLA Piper

General Counsel for the OpenSource Initiative (OSI)

Peter Vescuso

EVP Marketing & BusDev,Black Duck Software

Hal Hearst

Senior Director and Chief Consultant

Black Duck Software2




Agenda

Market trends and opportunity

Android ± the complexity inside

Management and compliance challenges

Meeting Open Source License Obligations Best practices

Summary

Note:

All registered attendees will receive a copy of the slides and a link to the recording

3




The Adoption of FOSS is RevolutionizingDevelopment...it¶s a ´silver bullet´

Forrester Research (Jeff Hammond, LinuxCon, Aug.

10, 2010)

± ³When it comes to Enterprise IT adoption,Open Source Has µCrossed the Chasm¶´

± 79% of IT developers use open source intheir development projects

± Open source is a µsilver bullet¶ that allowssimultaneous improvement along all threedimensions of the software ³iron triangle´ of cost, schedule, features

Accenture research on FOSS (August 2010)

± 73% of respondents: open source is changingthe way business operates IT

± OSS benefits vs. proprietary software:

Quality, faster development time, reliability

4




Open Source Drives Mobile Innovation

FOSS Projects Associated

with a Platform

New Mobile

FOSS Projects

2009

Total FOSS

Mobile

Projects Growth '08-'09

Andr id 224 357 168%

iP ne 76 252 43%

Windows Mobile 75 248 43%

Symbi n 17 140 14%

P lm 10 527 2%Maemo 9 27 50%

Blackberr y 4 39 11%

Sub Total 415 1590 35%

Other FOSS Mobile Pr ojects 488 1617 43%

Total 903 3207 39%

From a recent Black Duck KnowledgeBasestudy of FOSS projects for mobile

39% Year-Over-Year Increase in Number of NewFOSS Projects for Mobile Platform

Android ranked #1 in new FOSS projects

March 16, 2010

//www.blackducksoftware.com/news/releases/2010-03-16

5




The Mobile Opportunity

Forecast: Mobile Communications Device Open OS Sales to End Users by OS (Market Share)

OS 2009 2010 2011 2014

Symbian 46.9 40.1 34.2 30.2

Android 3.9 17.7 22.2 29.6RIM 19.9 17.5 15 11.7

Apple iOS 14.4 15.4 17.1 14.9

Windows 8.7 4.7 5.2 3.9

Other 6.1 4.7 6.3 9.6

Total 100 100 100 100

Source: Gartner (August 2010)

0

5

10

15

20

25

30

35

4045

50

1 2 3 4

Symbian

Android

RIM

Apple iOS

Windows

Other

Gartner Says Android to Become No.

2 Worldwide Mobile OperatingSystem in 2010 and ChallengeSymbian for No. 1 Position by 2014

STAMFORD, Conn., September 10, 2010 ² The

worldwide mobile operating system (OS) market will bedominated by Symbian and Android, as the two OSswill account for 59.8 percent of mobile OS sales by

2014, according to Gartner, Inc.

Symbian will remain at the top of Gartner's worldwideOS ranking due to Nokia's volume and the push into

more mass market price points. However, by the end of the forecast period, the No. 1 spot will be contestedwith Android««.

2009 2010 2011 2014

6




Android

Background± Android, Inc. was a startup founded in 2003, acquired by

Google in 2005

± In 2007, the Open Handset Alliance was created to developmobile device standards, announced the Android project

± First release of the Android operating system under and Apache

license was in 2008

The Android opportunity± Used in more than 60 mobile phone models

± Branching out to other devices

Tablets, e-readers, netbooks, HDTV¶s, etc.

7




Android ± The Complexity

Components± 243 Git repositories

± ~185 components

Licenses± Declared license for the Android project: Apache 2.0

± Sub components contain references to 19 different licenses± External components

Linux, Webkit use reciprocal licenses (GPLv2, LGPL)

± Internal components: more than 30 of them (dbus, grub,emma, e2fsprogs, bluez, Bison, etc.) also use reciprocallicenses (GPL, LGPL, CPL, etc.)

± Non- OSI approved licenses are used, including OpenSSL andBzip2.

Rapid change± Daily commits from the community, a variant of the Linux

kernel

8




Android Platform Architecture

9





10





11




Vendor Innovation

Developers

Typical areas of vendor/developer innovation

12




Android Code Lines

13




The Android Project

Over 240

dynamic GitRepositories

14




A Look Inside Two Android Components:Bionic, Webkit

WebL

¡

ense ¢

£

pes

n ¤ ¥

ndr¦

d-¥

ndr¦

d- § . § _r̈ -p ©

¥

¢

f ¦

rm-extern¥

© -web

t.tar.gz

Lic

n

cad

mic F

Lic

n

pach

v

B

t Lic

n

BSD

C

ptix Lic

n

Dua

MPL & GPLF

BSD

GPL v

! CU

! NR !

Lic

n

! nt

"

SL

LGPL GNU C Lib a

LGPL v

M!

#

MPLNPL

Pub ic D

main$ %

C

X & &

X N

t

zLib

B nL

¡

ense types

n ¤ andr¦

d-andr¦

d- § . § _r̈ -p © atf ¦

rm-b

¦

n

¡

.tar.gz

L

¡

ense

pach

v

BSD

Ca n '

ie Mellon Universit

Cryptix License

FreeBSD

Historical f ree (

ith copyright clause

INRIA License

Intel "

SL

Internet Soft(

are Consortium

MIT

Public Domain

Python

X Net

15




2.2 Android License References

16




OSS3rdParty

LegacyCode

OSS

Managing Open Source in the Mobile Ecosystemand Software Supply Chain

OSS3rdParty

LegacyCode

Typical Smartphonehas over 300 components

Device

Corporate-Owned IP Proprietary/Licensed IP XML Security Networking

Email Graphics Database Web Services

Customer

Development/Integration

Out Source/Offshore

YourCompany

Development/Integration

InternalCode

OSSOSS OSS

17




Meeting Open Source License Obligations

There is no "mobile device" or small appliance exceptionwhich alters obligations under open source licenses

When there is an obligation to provide source code, theobligation is met only by providing the source code for thespecific device that is owned by the person requesting the

code The benefits of an open platform place the burdens of

compliance on every vendor that ships the platform

There is no downstream defense for upstream violations

Managing complexity requires the establishment of consistent processes

18




Legal and IP Issues Depend on YourPosition in the Ecosystem

Middleware, component developer± Integration of your code with OSS has implications for

your IP

± How downstream customers use your code may impactyour IP

Device manufacturer± Device driver code± open source it or not?

± Responsible for the entire bundle of components fromsuppliers

Trust but verify

Application developer± Integration of your code with OSS has implications for

your IP

± Integration of your code with the device platform andOSS may have implications for your IP

Int

egrati

on

19




Best Practices for Managing Android

Adopt and enforce an open source and third-partycode policy

Identify and track all external code that is used

Automate validation at the point of acquisitionand development

Automate monitoring and tracking of Android

components Control the use of components and promote

standardization

Policy Process Technology

20




Summary

Android is highly successful and ischanging the mobile landscape

Like many FOSS projects, there iscomplexity inside

The legal and IP issues may dependon your role in the mobile supplychain/ecosystem

Effective management and controlrequires training, tools, and processes

21




Information Resources

Android white paper± //www.blackducksoftware.com/android

FOSS Webinar library± //www.blackducksoftware.com/webinars/legal/

Whitepapers on FOSS management and bestpractices± //www.blackducksoftware.com/resources/whitepapers

Sample FOSS Policy Document± Send request to: [email protected]

22

Documents

Android - FOSS Case Study FINAL (5)