Author Box
Articles Categories
All Categories
Articles Resources

Preparing Open Source Software Compliance Guidelines

January 09, 2012 | Comments: 0 | Views: 186


The purpose of these Open Source Software Compliance Guidelines (Guidelines) is to provide guidance in the development of procedures designed to verify compliance with the license requirements of various open source software applications and code (OSS) used internally or included in products for distribution. Technology lawyers, advisors and consultants need to be aware of issues surrounding open source software in order to properly advise their clients.

The output of these Guidelines should be (1) an Open Source Software Compliance Policy (OSS Policy) that describes the policies and procedures applicable to the company's use of OSS, and (2) an inventory (OSS Inventory) of all OSS approved for use within the company.

The OSS Policy must be designed with the company's culture and specific way of operating in mind in order to be effective. The OSS Policy should also be reviewed and updated on a regular basis.

The OSS Inventory is the ultimate output of these Guidelines and the OSS Policy. However, it will also serve as a ready document, in modified form, that can be provided to customers that may request a listing of OSS contained in distributed products and to a potential partner or acquirer which is performing due diligence.

It is important to note that 3rd party proprietary software will often contain OSS components. Therefore, particularly when such software is being included in a distributed product, it is necessary to have the vendor identify all OSS components so that they can be considered along the lines as set forth below.

Designated Gatekeeper:

A person or committee should be designated for approval of all OSS proposed to be used internally or included in products for distribution. In order for this procedure to be effective, notice must be provided to relevant company personnel that the company requires prior approval of all OSS utilized in any manner within the company. Such notice must be conspicuous and repeated at regular intervals. In addition, supervisors must also be instructed to reinforce this requirement. Special attention must be paid to development teams which are accustomed to pulling OSS from various places, and usually operate subject to tight deadlines.

Request for Approval:

1. Requests for approval should be submitted within the amount of time prior to use/implementation as stated in the OSS Policy. The approval process should be initiated with the submission of a document that contains at least the following information:

2. Name/Version Number/Source of Open Source Software

3. Name of Applicable License (e.g., GNU General Public License v.2, zlib, BSD), and Source Address for the License

4. Name of Entity/Person Granting License

5. Source Address from which OSS will be Obtained

6. Description of How OSS will be Used (e.g., internally, as a development tool, embedded in distributed product, etc.)

7. If included in distributed product, description of the manner in which these OSS will interact with the company's proprietary source code (i.e., will the OSS be compiled and/or linked statically or dynamically with the company's proprietary source code?)

8. The manner in which the OSS will be implemented (e.g., modified vs. unmodified, standalone, statically linked, dynamically linked, etc.).

9. Description of whether the OSS will be modified

10. Statement as to whether the OSS is a key product component

11. Statement as to whether the OSS well-known and widely used

12. Target date for OSS use/implementation

Approval Process:

The approval process involves examining risk areas relating to using the particular OSS. Risk areas may include:

1. Does the OSS license require making modified source code publicly available?

2. Does the OSS license require that source code for company's proprietary software be made publicly available? (e.g., will there be static linking of GPL code with company's proprietary software?)

3. Has there been litigation or other issues relating to the subject OSS?

4. Does the OSS license contain ambiguous terms, thereby potentially placing a cloud on company's rights to use the OSS in a certain manner?

5. Will lack of warranties and intellectual property indemnification pose a risk to company vis-à-vis customer expectation and demands?

It is important that the approval process be conducted quickly, and the expected time period for approval should be set forth in the OSS Policy. Otherwise, users and developers are likely to get frustrated and find ways to get around the procedures as deadlines approach.

When new versions of approved OSS are used, an expedited approval process should take place. This allows the OSS Inventory to be kept up to date, and will prevent gaps forming in the inventory that could end up becoming large holes.


The goal of an OSS Policy is to achieve compliance with each OSS license. Depending upon the licenses involved, compliance may include any of the following:

1. Inclusion in appropriate documentation of warranty disclaimers, liability exclusions, author attribution, and proprietary rights notices.

2. Inclusion in appropriate documentation of the applicable OSS end user license agreement.

3. Public delivery or availability of source code for the unmodified version or the modified version.

4. Public delivery or availability of source code for company's proprietary software if linked to a "copyleft" open source software code in a manner that requires this result.

5. Marking of modifications made to the OSS source code.


On a periodic basis, at least annually, an audit should take place to verify that the OSS Inventory is accurate and up to date. The audit process can be as simple as distributing the OSS Inventory to key personnel who will sign off on it, or as complex as installing monitoring software that will identify OSS on the company's computer system. The extent of the audit will depend upon company's needs and the volume of open source OSS in use.

OSS Training:

Current and new employees should participate in an OSS Policy training session to ensure that they are aware of the company's procedures and requirements in this area.

William Galkin, Esq. is an Internet lawyer who has dedicated his legal practice to representing Internet, website, e-commerce, computer technology and new media businesses in the U.S. and around the world. Learn more about agreements needed by websites.

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Open Source Software


Technology Law


Internet Lawyer


Internet Attorney

Thus, you can apply for the negligence compensation under such circumstances in order to recover your loss, Negligence Claims, Negligence compensation Involvedness of Negligence Claims. The court

By: Simon Liva l Legal > Personal Injury l December 13, 2012 lViews: 291

If a lawyer is not able to devote enough time to your case then your defense is likely to suffer. Moreover specialization in one stream or other of defense is important so that the attorney can

By: Simon Liva l Legal > Criminal Law l December 12, 2012 lViews: 429

Filing a business bankruptcy can be a complex and critical task, but you have several options. You can consult your bankruptcy attorney to know which among those options is right for you.This is a

By: Harvard McIntosh l Legal > Corporations LLC l December 11, 2012 lViews: 235

You can always check for the treatments that are covered. This is because there are some policies which do not give you claims if you meet any kind of head injury.You can always check for the

By: Simon Liva l Legal > Personal Injury l November 05, 2012 lViews: 240

In Colorado, you have many Personal Injury Lawyers to choose from. When you choose the Law Offices of Andrew C. Bubb you instantly put years of experience and legal know how in your corner. Attorney

By: Dilshad l Legal > Personal Injury l October 25, 2012 lViews: 389

If you have been charged with a crime, speak with Boulder criminal defense attorney Steven Louth immediately to protect your rights. Steven Louth is a criminal defense attorney and criminal trial

By: Dilshad l Legal > Personal Injury l October 18, 2012 lViews: 244

Anonymity on the Internet is a major impetus behind online chaos and counterfeiting. Requiring registrants of domain names to disclose verifiable identifying information would go a long way toward

By: Joseph C Gioconda, Esql Legal > Cyber Lawl May 31, 2012 lViews: 222

E-Business security is a very sensitive process. It need to be handled very carefully. That's why the organization leaders need to be very careful and take proper steps in order to ensure a good

By: Archi Cripsl Legal > Cyber Lawl April 10, 2012 lViews: 344

Defining Cyber crime is not so simple and perhaps that is why there has not been a single definition that is collectively approved by all the law enforcing bodies. Cyber crime is a criminal offense

By: Lance Brookel Legal > Cyber Lawl April 09, 2012 lViews: 257

Laws and regulations are an integral part of modern society, and they have been with us for a very long time, many centuries to be exact, giving us a guide to follow and conventions to respect. Well,

By: Dan Karasl Legal > Cyber Lawl March 06, 2012 lViews: 169

Bill C-28, Canada's anti-spam legislation, was recently passed and will come into effect later this year. While its intended target is deceptive forms of spam, Canadian small and medium sized

By: Lionel Perezl Legal > Cyber Lawl February 28, 2012 lViews: 249

The Consumer Protection Regulations that were introduced on the 31st of October 2000 were created to help protect consumers who bought products or paid for services by phone, online, through digital

By: Chris A Parlourl Legal > Cyber Lawl February 02, 2012 lViews: 208