Software Integrity Blog

Archive for the 'Legal' Category

 

So Apache broke up with Facebook. How does that affect you?

Although the so-called Facebook BSD+Patents license has been in the wild for nearly three years, it recently became the subject of much commotion because the Apache Software Foundation tagged it as a Category X license, the group of licenses explicitly barred from inclusion in Apache projects. Apache’s decision affects only Apache projects, but the rationale […]

Continue Reading...

Posted in Legal, Open Source Security

 

The quietly accelerating adoption of the AGPL

The AGPL (Affero General Public License) has continued to gain in popularity and is showing up frequently in modern code bases. My blog Are SaaS Companies Immune to Open Source Risk? mentioned a key concern for SaaS or Cloud companies, a class of open source licenses that includes the Affero GPL designed to plug the SaaS loophole. […]

Continue Reading...

Posted in Legal, Open Source Security

 

Understanding the hows and whys of open source audits

If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source. And if you’re on the lookout for your next acquisition, you’ll be evaluating […]

Continue Reading...

Posted in Legal, Open Source Security

 

3 examples of why permissive licenses deserve a little respect

To the extent that tech companies manage open source risks, their primary focus tends to be on reciprocal licenses and the GPL in particular. As I’ve discussed earlier, the potential risks of open source are broader than just license compliance. Additionally, there are other licenses to consider beyond the GPL. Even permissive licenses deserve a little respect. […]

Continue Reading...

Posted in Legal, Open Source Security

 

A voracious appetite for open source software worldwide

At Synopsys, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them on how to build better code. Earlier this year, […]

Continue Reading...

Posted in Legal, Open Source Security, Software Composition Analysis

 

Encryption technology in your code impacts export requirements

US export laws require companies to declare what encryption technology is used in any software to be exported. The use of open source makes complying with these regulations a tricky process.

Continue Reading...

Posted in Legal, Open Source Security

 

Dramatic shifts in open source license enforcement

In February I wrote a post exploring dual licensing. Part of my message was to call out that open source license enforcement is steadily going through a dramatic shift. Historically, open source licenses such as the GNU General Public License were enforced primarily by groups such as the Free Software Foundation or the Software Freedom Law Center.

Continue Reading...

Posted in Legal, Open Source Security

 

Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?

Dave Gershgorn, an AI reporter, published an interesting article on Quartz late last week with the ungainly but click-baitable title, “This open-source tech company’s IPO filing reads like an argument against building a business on open source.”

Continue Reading...

Posted in Data Breach, Legal

 

How an open source software audit works

Most of our readers understand that an open source software audit involves expert consultants analyzing a proprietary code base using Black Duck tools. The deliverable is a report that identifies open source in the code as well as associated risks. If you’d like to understand our process — what comes before, during and after, read […]

Continue Reading...

Posted in Legal, Open Source Security

 

Software licensing decisions: Consider dual licensing

This post was co-authored by Benjamin Rosen. Selecting the optimal model for licensing software is a fundamental determination that, if successful, may drive business, encourage innovation, and provide safeguards for valuable intellectual property rights. As a copyright holder, the owner of a piece of software has broad latitude in determining how that software can be […]

Continue Reading...

Posted in Legal, Open Source Security, Security Standards and Compliance