Understanding and Reducing Open Source License Risks
In today’s business climate, using Open Source Software (OSS) components as part of the development of new products is imperative. At the same time, the risks of using OSS improperly are enormous.
OSS usage introduces legal, business and technical risks. Legally, failure to comply with OSS licensing requirements may result in penalties and other costs. In some cases, companies may even be forced to remove their software from the market. From a business perspective, due diligence processes for M&A and investments require a thorough audit of all OSS components, and deals have been aborted due to tainted IP and expensive licensing obligations. In addition, some resellers and even enterprise customers have started to enforce OSS policies, and to demand transparency from software vendors. From a technical perspective, OSS security vulnerabilities may call for intruders who can review the publicly available code searching for holes. Thus, it is important to maintain good visibility into your OSS usage, and to make informed decisions in real time.
Most companies are addressing OSS challenges using spreadsheets and other static documents. This leads to missing and out of date information, lack of collaboration, and no clear way to evaluate risk. Some commercial tools are available but require companies to exert substantial effort to track and validate OSS. With these tools, much of the compliance work is done near major and high risk events such as M&A, OEM deals, and new version releases.
White Source, the leading SaaS Open Source Lifecycle Management platform, introduces a new approach. White Source provides a comprehensive, yet affordable, solution for companies that need to manage their open source assets and ensure license compliance. White Source SaaS service is easy to use, requires very little effort from developers and is always up-to-date.
With White Source, new open source components are automatically detected when first used, and classified by their license type and risk profile. This allows the organization to immediately address the respective risks and license requirements, rather than wait until release time, thereby risking substantial development effort, and unnecessary delays.
White Source integrates seamlessly and can automatically enforce organizational open source policy with leading development tools such as Apache maven, Apache Ant, Jenkins, JetBrains TeamCity, RedHat OpenShift, CloudBees and JFrog Artifactory.
White Source is hosting a free webinar on November 13th, 10am EST titled “Open Source Legal Blues: Do You Comply?”
The webinar will feature renowned IP legal expert Haim Ravia, and White Source CEO Rami Sass.The session will cover:
- Open source legal, business, and technical risks.
- How to effectively manage the open source adoption process, review procedures, and compliance requirements.
- How to do so without impacting development and release schedules, and without spending a small fortune.