Software Integrity

Archive for the 'Legal' Category

 

Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data.

Continue Reading...

Posted in Legal, Privacy, Security Standards and Compliance

 

GPLv2 and the right to cure

Many contracts contain language saying that if the licensee breaches/violates the license, the licensee will have an opportunity to cure that breach. But the GPLv2 provides no right to cure. Many contracts, either in their boilerplate form or as part of the negotiated give and take, contain some language that says that if the licensee […]

Continue Reading...

Posted in Legal, Open Source Security

 

Webinar: Black Duck Legal Certification Course

In our Nov. 14 Black Duck Legal Certification Course with Hal Hearst and Phil Odence (Synopsys), you’ll learn about software due diligence and how to answer your clients’ open source questions.

Continue Reading...

Posted in General, Legal, Open Source Security, Webinars

 

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]

Continue Reading...

Posted in Internet of Things, Legal, Security Standards and Compliance

 

Why you need to perform open source due diligence in an M&A transaction

Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, it has become the norm for acquirers to raise open source questions as part of technical and legal due diligence. […]

Continue Reading...

Posted in Legal, Open Source Security

 

Webinar: Effective policies for managing and releasing open source software

In our on-demand webinar with Mark Radcliffe (DLA Piper and OSI) and Tony Decicco (GTC), you’ll learn about using and releasing open source safely, and what it means for tech due diligence.

Continue Reading...

Posted in Legal, Open Source Security, Webinars

 

The Apache Software Foundation can take a joke, but not when it comes to licensing

The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their open discussions are useful to monitor if you want to keep tabs […]

Continue Reading...

Posted in Legal, Open Source Security

 

Software composition analysis & the secret ingredients for a successful M&A

Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]

Continue Reading...

Posted in Legal, Open Source Security, Software Composition Analysis

 

Celebrating freedom with free beer

America is unique (beyond being the only place on the planet not distracted by the World Cup). Amid heaps of controversy over our national identity, freedom remains central to the American culture and spirit. And so as we in the United States enjoy our hot dogs, beers, and fireworks on the Fourth of July, it […]

Continue Reading...

Posted in Legal, Open Source Security

 

Open source issues in an M&A target’s code: How do you know?

Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t […]

Continue Reading...

Posted in Legal, Open Source Security