Maintaining open source license compliance in an enterprise development and production environment can sometimes be a complex task. Applications can pull from multiple open source projects, each with their own licensing requirements and obligations.
That’s where the Open Logic Exchange (OLEX) comes into play with a hosted Software-as-a-Service (SaaS) solution to the challenge of open source source license compliance. OLEX has been in marketsince 2007 and is now being expanded with new collaboration features to help make it easier to identify and understand open source license obligations.
“What we’ve learned over the last several years is that open source compliance is not a one person game,” Kim Weins, senior vice president of OpenLogic told InternetNews.com. “Compliance involves a whole set of people throughout the enterprise that are involved in understanding what open source they are using and ensuring they are meeting the open source license obligations.”
Weins added that stakeholders including technical, business and legal staff within an enterprise all need to be involved. There are also supply chain partners that need to be involved. Those partners include vendors that are providing software that will be included in a product.
“When software moves outside of the organization or comes into the organization, there are a whole set of open source requirements for compliance,” Weins said. “That movement triggers all of the appropriate distribution clauses of the various open source licenses.”
The enhanced OLEX platform provides all the various stakeholders with a way to collaborate around the whole process of open source code usage and license compliance. The new version includes collaboration features that look at the full ecosystem of partners and stakeholders in an open source development process. The system also tracks a history of the communications and actions which is a critical component of compliance.
“As you start to involve multiple people in an audit and compliance process, it’s important to have a trail of what changed, when, by whom and why the change was made,” Weins said.
Weins added that open compliance and obligations depend on how organizations use open source code in addition to the actual license itself. So the fact that code is licensed under GPL as opposed to a BSD license is important, but the fact that the code is modified, distributed or linked with another project will impact which license requirements come into play.
“We’ve created a new model to allow people to collaboratively work on the usage model, since it’s usually a collaborative process between technical and legal people,” Weins said.
The usage model process feeds the OLEX obligations model, which identifies the open source obligations that need to be met. Weins explained that the Open Logic legal teams have broken down all the open source licenses into their requirements components. They have also identified the triggers within each license that require a certain obligation to be met.
“The triggers become the set of questions that you have to answer between your legal and technical teams,” Weins said. “So we have a nice user interface where an enterprise can determine whether they’ve taken an action that triggers a set of obligations.”
Weins noted that the challenge of open source license compliance is one of awareness and correctly understanding the requirements.
“The challenge companies face is in interpreting the obligations and deciding how to comply with them,” Weins said. “There are some obligations that are fairly straightforward of what you need to do and there are some that create a little more ambiguity, at least in the minds of some companies.”