Software Integrity Blog

Archive for the 'Legal' Category

 

Top 10 FOSS legal developments in 2018

2018 saw developments in many free and open source software legal issues, including copyright, license compliance, patent nonaggression, and antitrust law.

Continue Reading...

Posted in Legal, Open Source Security, Webinars | Comments Off on Top 10 FOSS legal developments in 2018

 

Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.

Continue Reading...

Posted in Legal, Open Source Security, Webinars | Comments Off on Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

 

Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data.

Continue Reading...

Posted in Legal, Privacy, Security Standards and Compliance | Comments Off on Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

 

GPLv2 and the right to cure

Many contracts contain language saying that if the licensee breaches/violates the license, the licensee will have an opportunity to cure that breach. But the GPLv2 provides no right to cure. Many contracts, either in their boilerplate form or as part of the negotiated give and take, contain some language that says that if the licensee […]

Continue Reading...

Posted in Legal, Open Source Security | Comments Off on GPLv2 and the right to cure

 

Webinar: Black Duck Legal Certification Course

In our Nov. 14 Black Duck Legal Certification Course with Hal Hearst and Phil Odence (Synopsys), you’ll learn about software due diligence and how to answer your clients’ open source questions.

Continue Reading...

Posted in General, Legal, Open Source Security, Webinars | Comments Off on Webinar: Black Duck Legal Certification Course

 

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]

Continue Reading...

Posted in Internet of Things, Legal, Security Standards and Compliance | Comments Off on Better passwords in California won’t help much

 

Why you need to perform open source due diligence in an M&A transaction

Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, it has become the norm for acquirers to raise open source questions as part of technical and legal due diligence. […]

Continue Reading...

Posted in Legal, Open Source Security | Comments Off on Why you need to perform open source due diligence in an M&A transaction

 

Webinar: Effective policies for managing and releasing open source software

In our on-demand webinar with Mark Radcliffe (DLA Piper and OSI) and Tony Decicco (GTC), you’ll learn about using and releasing open source safely, and what it means for tech due diligence.

Continue Reading...

Posted in Legal, Open Source Security, Webinars | Comments Off on Webinar: Effective policies for managing and releasing open source software

 

The Apache Software Foundation can take a joke, but not when it comes to licensing

The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their open discussions are useful to monitor if you want to keep tabs […]

Continue Reading...

Posted in Legal, Open Source Security | Comments Off on The Apache Software Foundation can take a joke, but not when it comes to licensing

 

Software composition analysis & the secret ingredients for a successful M&A

Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]

Continue Reading...

Posted in Legal, Open Source Security, Software Composition Analysis | Comments Off on Software composition analysis & the secret ingredients for a successful M&A