[LRUG] Open Source and the Enterprise
Gavin Heavyside
gavin at heavyside.co.uk
Wed Jul 30 11:03:49 PDT 2014
On 30 July 2014 06:22, Sasha Gerrand <chat-lists.lrug.org at sgerrand.com>
wrote:
> On 30 Jul 2014 00:53, "Alan Buxton" <alanbuxton at gmail.com> wrote:
> >
> > So I have a mini project right now to put together some policy
> guidelines for The Enterprise on using open source to cover things like
> >
> > · When is it appropriate to use it (e.g. in certain industries
> it might be less appropriate)
> >
> > · What should you consider when choosing a piece of open source
> technology
> >
> > · From an IP point of view how would you make the tradeoff
> between building something using open source components vs creating it
> yourself from scratch
>
> In my experience, the biggest issue that "Enterprise" companies have with
> open source software revolves around the licencing (chained or otherwise).
> Everything else is secondary.
>
I spent some time working for ARM a few years back. Every third-party
component we used, whether open-source or not, had to be approved by the
legal department. Nearly all of ARM's revenue is from IP licensing and they
are meticulous in vetting all inclusions, as they want (need?) to be seen
as whiter-than-white when it comes to IP ownership. This meant that not
only the license, but also the provenance of every file of source code, had
to be validated and signed off.
The key thing I remember from ARM's policy is that examining the software
licenses was not sufficient. How do you know that the code Joanne Bloggs
published to github under the BSD license was her copyright to release?
What if that handy library includes a section of copyrighted code lifted
from someone else, perhaps even inadvertently via a snippet on Stack
Overflow? What if the coder, who generously released their weekend project
to widespread adoption, has a contract with terms and conditions so onerous
that their employer actually owns the copyright and decides to seek
licensing revenues, or issues a C&D?
To most of us, me included these days, this goes beyond the scope of what
is necessary or proportionate to protect our businesses. With larger, more
legally minded enterprises, particularly those with enterprise and/or
potentially litigious customers, projects with a CLA or other attribution
agreement required for all contributions might be easier to get approval
for.
Gavin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20140730/981adfaa/attachment.html>
More information about the Chat
mailing list