Embed Size (px)
DESCRIPTION
Recognizing transactions and other in-house activities likely to involve the use of open source code; potential approaches to identifying and negotiating open source terms in licensing and service agreements; best practices for the internal use of open source code
Citation preview
In-House Management of Open Source Licenses
May 7, 2010
Jennifer Buchanan O’Neill
Vice President and Managing Assistant General Counsel, Product Development
AIPLA Spring Meeting
Notices and Disclaimers
Copyright © 2010 Jennifer Buchanan O’Neill. All rights reserved. Apache is a trademark of The Apache Software Foundation. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
The statements and opinions expressed herein are those of the author and are not necessarily those of CA, Inc. (“CA”).
To the extent permitted by applicable law, the content of this presentation is provided “AS IS” without warranty of any kind. In no event will the author or CA be liable for any loss or damage, direct or indirect, arising from or related to the use of this information, including, without limitation, lost profits, lost investment, business interruption, goodwill or lost data, even if expressly advised in advance of the possibility of such damages. Neither the content herein nor any software product referenced serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, “Laws”) referenced herein or otherwise. You should consult with competent legal counsel regarding any such Laws.
CA CONFIDENTIAL -- PREPARED IN ANTICIPATION OF LITIGATION
Agenda
Recognizing transactions and other in-house activities likely to involve the use of open source code
Potential approaches to identifying and negotiating open source terms in licensing and service agreements
Best practices for the internal use of open source code
CA CONFIDENTIAL -- PREPARED IN ANTICIPATION OF LITIGATION
Where May Open Source Be An Issue?
Inbound technology licenses Professional or technical services
agreements Business process outsourcing Employment agreements Mergers and acquisitions Internal business use
Where May Open Source Be An Issue? (cont.)
Joint research and development/CRADAs Customer sales contracts In-house software development Participation in industry alliances and
standards bodies Internal policies for Internet and email
usage
What Do I Do Now?
If my client wants to license code from a third party:• Require that party to identify all open source code that
it uses and distributes, together with the governing license and a description of how the code is used
• Assess that party’s compliance with applicable licenses. AVOID BEING A DOWNSTREAM INFRINGER.
• Obtain sufficient contractual protections against infringement in the form of warranties and indemnification
What Do I Do Now?
If my client wants to license code to a third party:• Determine what open source code has or will be used
by your client, including documentation of any modifications made
• Determine whether your client’s product must be distributed under an open source license, in whole or in part
• Assess current compliance and remediate any potential issues prior to external distribution of code
• Determine to what extent your client is willing to serve as “insurer” of open source code liabilities
What Do I Look For?
Where can I find the license agreement?– Online open source community or project web site– User documentation– Clickwrap agreement accompanying software– LICENSE, NOTICE, or other *.txt file in the program’s source or
object code– Confirm licensing on a third-party site like Ohloh or Koders
Look for dual/tri-licensing scenarios Determine requirements for use, redistribution
and modification of code – Wide range of licenses with different ramifications for
commercial users– Scan the source code if there’s any doubt as to origin
Other Key Concerns
Is the open source component critical to your client’s business (as a service provider or otherwise)?
Verify how the open source project or community ensures the pedigree of the code.
• Contributors may have submitted code under terms other than those of the community• Proprietary code may have been incorporated in violation of applicable licenses • Established open source communities like Apache Software Foundation and Eclipse Foundation have implemented best practices for maintaining integrity of contributions.• Review terms of the project’s Contributor License Agreement (or equivalent)• Again, when in doubt, SCAN the code
Best Practices for Code Management
Document review and approval process for requests to use or distribute open source code, with management and legal as key participants Create database of open source components, identifying applicable license requirements and how/where open source is used by client Create path for publishing source code where required Implement procedure for providing notices, attributions and licensing terms to external customers Require awareness training for developers and IT department
Questions?
About CA
CA (NASDAQ: CA), the world's leading independent IT management software company, helps customers optimize IT for better business results. CA's Enterprise IT Management solutions for mainframe and distributed computing enable Lean IT—empowering organizations to more effectively govern, manage and secure their IT operations. Founded in 1976, CA today is a global company with headquarters in the United States and 150 offices in more than 45 countries. CA serves more than 99% of Fortune 1000® companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide.
