APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Open Source
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 )
    left
    The OpenSource Innovation Revolution

    Ray Estevez,

    Digital Disruption and the Role Open Source Plays

    Kenneth Owens, CTO-Intercloud Services, Cisco

    Fast-changing Enterprise from Industrial to an Information-based Society

    Lee Congdon, CIO, Red Hat

    How open-source can be the true catalyst for digital change

    Peter Lees, Chief Technologist, SUSE Asia-Pacific

    The Role of Open Source in Data Center Transformation Brought About by Software Defined Infrastructure and the Internet of Things

    Imad Sousou, VP and GM-Open Source Technology Center, Intel Corporation

    Open Source -The Crown Jewel of Enterprise Development

    Dr. Angel Diaz, VP-Cloud Architecture & Technology, IBM

    How Open Source Software Enabled Big Data for the Masses

    Dave Corchado, Chief Data and Product Officer, iCrossing

    right

    Free and Open Source Software : Managing Risk

    Mark Radcliffe, Partner, and DLA Piper

    Tweet
    content-image

    Mark Radcliffe, Partner,

    The use of free and open source software (FOSS) has become ubiquitous across all industries from financial services to retail. Technology research firm Gartner recently estimated that 95 percent of mainstream IT organizations will use open source software in mission critical systems in 2015. One commentator estimated that more than one million FOSS projects are available. Many FOSS products are used across wide variety industries such as the Linux operating system, which runs products from televisions to nuclear reactors. Even Microsoft Corporation, once the most ardent supporter of proprietary software, has joined the FOSS movement: among other actions, Microsoft open-sourced its .NET framework.

    Yet, according to Gartner, less than 50 percent of companies have a policy for managing the use of FOSS. Such policies are essential if companies want to remain compliant with the obligations under FOSS license. The failure to comply with some of those terms in many FOSS licenses will result in the automatic termination of the rights to use the FOSS projects. Such automatic termination occurs when a company violates several of the terms of the General Public License, version 2 (GPLv2).

    " The most effective way to manage the use of FOSS and avoid litigation against you and your customers is to have a FOSS Use Policy "

    GPLv2 is the most widely used FOSS license, therefore compliance is increasingly important because of the increase in litigation to enforce FOSS licenses. In the past, community groups, such as the Software Freedom Law Center and Software Freedom Conservancy, have enforced FOSS licenses primarily through community pressure with a focus on compliance rather than litigation or damages. However, the traditional community enforcement groups are getting more aggressive.

    The Software Freedom Conservancy, for example, is supporting litigation in Germany brought by a contributor to the Linux kernel, Christoph Hellwig, against VMware claiming that the integration of its ESXi product with the Linux kernel violates the terms of GPLv2. The lawsuit claims that the ESXi product is so tightly integrated with the Linux kernel that VMware’s propriety product is a “derivative work” of the Linux kernel

    and must be distributed under GPLv2. If correct, VMware would need make the source code of the ESXi product available to all of its licensees at no cost and permit its licensees to modify and redistribute such software under the terms of the GPLv2.

    However, in the past two years, a new group of enforcers has appeared: commercial companies who, unlike community enforcers, are interested in traditional commercial remedies such as damages and court orders stopping distribution of products. A good example of this new trend involved Versata Software Inc. (a vendor of proprietary software), which became entangled in three lawsuits because Versata incorporated software from Ximpleware licensed under GPLv2 into Versata’s software. The Ximpleware software was “dual” licensed under the GPLv2 and a proprietary license. Versata used the GPLv2 version, but deleted all Ximpleware

    notices as well as copies of the GPLv2 license. These actions violated the terms of the GPLv2.These failures were discovered by one of its customers when Versata tried to terminate the agreement with such customer. This defense by Ameriprise raised so many issues that the termination was delayed for more than two years. In addition, Ximpleware sued Versata for patent and copyright infringement and Ximpleware sued all of Versata’s licensees.

    These disputes have led to customers demanding that companies provide contractual assurances that they are in compliance with the FOSS licenses. And potential acquirers also are focusing on these issues and many large companies now have a separate due diligence process focused entirely on FOSS license compliance.

    The most effective way to manage the use of FOSS and avoid Versata’s problems is to have a FOSS Use Policy. Although the FOSS Use Policy will deal with legal compliance, it also should provide a framework for managing the use of FOSS, including a framework for selection and validation of FOSS projects.

    The FOSS Use Policy should include infrastructure and should be flexible and lightweight so that the engineers do not try to avoid it. It needs to cover use by company employees as well as FOSS from third-party products integrated into your products and FOSS from acquisitions.

    The critical components of a FOSS Use Policy as are as follows:

    ► A company should recognize it is using FOSS and manage that use.

    ► Companies should develop a process for reviewing proposed FOSS projects and validating that they have necessary security and functionality.The process should include a legal component to ensure that the FOSS license is consistent with the underlying business goal. For example, some companies ban the use of copyleft software (such as GPLv2) because of the uncertainty of the scope of its obligations. In addition to legal compliance, the policy should include input from engineering and business parts of the company. Many companies use the “green light-yellow light-red light” approach: some licenses are automatically permitted (green), some licenses are permitted for certain uses (yellow), and some licenses are not permitted except in rare circumstances (red).

    ► The process needs to be implemented and managed effectively. This implementation is most effective if the process becomes part of the development process rather than being a final check prior to release when there is enormous pressure to release the product. Many companies use a committee with representatives of the company’s legal, business and engineering functions to make these decisions.

    ► The FOSS Use Policy should also include a process for approving contributions by employees to FOSS projects. Many recent computer graduates already contribute to FOSS projects and want to join companies that are “FOSS friendly”. Such approvals are important because many FOSS licenses include patent licenses, which could affect the patents of your company. Consequently, the FOSS Use Policy should address these issues.

    The use of FOSS use is ubiquitous, but needs to be managed, to the cost and risk of failing to manage FOSS use is increasing.

    tag

    Financial

    Weekly Brief

    loading
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Transforming Cybersecurity Leadership in Critical Industries

    Transforming Cybersecurity Leadership in Critical Industries

    Joel Earnshaw, Senior Manager, Cybersecurity, Perenti
    The Blueprint behind Modernizing Branch Networks

    The Blueprint behind Modernizing Branch Networks

    Ronaldo S. Batisan, Senior Vice President - Branch Channel Management Head Of Union Bank Of The Philippines
    The Blueprint behind Modernizing Branch Networks

    The Blueprint behind Modernizing Branch Networks

    Ronaldo S. Batisan, Senior Vice President - Branch Channel Management Head Of Union Bank Of The Philippines
    Meeting Business Travel Demands with Intelligent Platforms

    Meeting Business Travel Demands with Intelligent Platforms

    Zamil Murji, Chief Technology Officer, Corporate Travel Management – Asia
    From Friction to Function: How Winc Turned Customer Feedback into Business Growth

    From Friction to Function: How Winc Turned Customer Feedback into Business Growth

    Cara Pring, Digital & Cx Director, Winc Australia
    Why Contact Centres are Becoming Strategic Hubs for Social Insight

    Why Contact Centres are Becoming Strategic Hubs for Social Insight

    Cindy Chaimowitz, GM Wholesale & Customer Service and Karen Smith, Head of Customer Service, Foodstuffs North Island
    Why Compliance Needs a Seat at the Strategy Table

    Why Compliance Needs a Seat at the Strategy Table

    David Koh, Head, Legal & Compliance (Singapore) and Operational Risk Management Country Lead, Perpetual Limited
    Streamlining Operations and Empowering Teams in Facilities Management

    Streamlining Operations and Empowering Teams in Facilities Management

    Shaye Rogers, Workflow Support Manager, Cushman & Wakefield
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://open-source.apacciooutlook.com/cxoinsights/free-and-open-source-software-managing-risk-nwid-847.html