SlideShare ist ein Scribd-Unternehmen logo
1 von 31
Downloaden Sie, um offline zu lesen
1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1
How to keep developers
happy and lawyers calm
2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2
Presenter
Rod Cope
CTO
Rogue Wave Software
rod.cope@roguewave.com
3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3
1. Introduction
2. Common OSS myths
3. Risks and challenges of OSS
4. Developers and lawyers
5. Q&A
Agenda
4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4
5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5
Introduction
6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6
Legal disclaimer
• Perforce and Rogue Wave Software, Inc. are not engaged in the rendering
of legal advice. This presentation provides legal information, which should
not be confused with legal advice
• I am not an attorney
7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7
Common OSS myths
8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8
Common OSS myth
MYTH:
It’s free so I don’t have any license obligations
FACT:
Copyright law protect authors, many have taken
licensees to court or taken other legal action
9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9
Common OSS myth
MYTH:
It’s in the public domain, so I can use it anyway I want
FACT:
Only some OSS is public domain
The rest is protected by license or copyright
10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10
Common OSS myth
MYTH:
It’s free, so unlike commercial software, I don’t need to track it
FACT:
OSS is software, so it has bugs and security vulnerabilities.
How will you respond to the next Heartbleed if you don’t know
which OSS you’re using and where it is?
11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11
Common OSS myth
MYTH:
I don’t need support
FACT:
Yes, you do.
What happens when your system goes down at 2am?
12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12
Risks and challenges of OSS
13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13
Legal risks and challenges
Copyright
Without proper permission you may lose
right to use
Compliance
Potential legal action for
non-compliance
Patents
Use of OSS may force loss of patent
rights
Indemnification
No protection from damages
14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14
Technical & security risks and
challenges
Security
OSS can introduce
security flaws and
vulnerabilities into your
software
Quality
OSS can potentially affect
the quality of your
application
15© 2017 Rogue Wave Software, Inc. All Rights Reserved. 15
Support & contribution risks and challenges
Support
Who do you call
when you have a
problem?
Community
Is contribution to
OSS allowed?
16© 2017 Rogue Wave Software, Inc. All Rights Reserved. 16
Managing risks
Knowledge Learn and understand the risks
Become a stakeholder in your organization’s
risk management
Action Take steps to manage OSS
Be active in compliance process
Monitor and track OSS you use
Understand
and
manage
cost of
OSS use
Training
Support
Maintenance
17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17
Developers and lawyers
18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18
Developers have a job to do
Don’t add process that will unduly slow
them down
Don’t ask them to do additional jobs
that take them away from their real job
Don’t create rules or processes that take
away ability to use OSS
19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19
Developers will use OSS regardless of
policies
(intentionally and un-intentionally)
Blog articles, stack overflow
Commercial products that contain OSS
Code reuse (other in-house code that contains OSS)
Indirect acquisition (code developed by contractors, outsourcers)
Net: You can’t stop the use of OSS unless you force developers to write
every line of code in your application.
20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20
How open source enters your
codebase?
Open source
community
Legacy code
Internally
developed code
Reused code
Third-party
components
Supply chain
code
Outsourced
code
Production
code
21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21
Your developers are stakeholders in your success, they’re
not going to sabotage their own efforts
They won’t intentionally violate licenses or create a
situation where your company gets sued for copyright
infringement
If provided the right information, developers will use OSS in
a way that reduces risks
Developers aren’t malicious, unless they
are
22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22
Lawyers have a job to do
They don’t expect developers to understand law any more than
developers would expect lawyers to understand how to write
code
They do expect developers to understand basic concepts of
law like how licenses work, what is a copyright, and how
things like patents can be affected by OSS
OSS may reshape the way developers and lawyers work
together
23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23
How lawyers and developers work
together
Ignorance is a powerful force
• Creating boundaries can help developers know
when it’s okay to use OSS and when to ask for
legal assistance in determining risk
• An open dialog on OSS issues reduces risk and
workload over time
• If developers don’t know there’s an issue they
don’t know to ask a lawyer for help
24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24
So how do you keep developers happy?
OSS awareness
education
• By arming
developers with
basic knowledge of
risks of OSS you
empower them to
identify, manage,
and mitigate risks
Simple processes and
guidelines that don’t
slow development
• Developers don’t
want to guess what
to do with regards to
OSS
• Guess = ignore
Tools or services to
manage OSS
• Don’t make it harder
than it has to be
When it comes to using OSS:
25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25
How do you keep lawyers calm?
OSS audits
• Outsource an initial
audit of products
(developers don’t
need to do the work,
and outsourcers who
specialize in OSS
audits will provide
comprehensive
assessment of
current risks)
Process for reporting
OSS usage
• Make development
teams (now armed
with their new
knowledge of OSS)
report all OSS usage
going forward as
they download/use
• Delineate based on
license types and
usage
OSS usage guidelines
• At one extreme that
can mean a
company-wide OSS
policy defining every
aspect of OSS
• At the other, it can be
a simple set of
guidelines designed
to mitigate risk and
plans to deal with
issues as they arise
26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26
Developing a compliance process
Audit
Review
licenses
Usage
model
Compliance
checklist
Compliance
actions
27© 2017 Rogue Wave Software, Inc. All Rights Reserved. 27
What developers need to know about OSS
How OSS is defined by your organization
The difference between a commercial and an OSS
license
Guidelines and policies
Copyright, patents, indemnification, disclaimers of
warranty, and liability
OSS license compliance
Managing and monitoring OSS
28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28
Training sources
• Linux foundation OSS compliance material and training
– https://training.linuxfoundation.org/free-linux-training/linux-training-
videos#compliance
– https://training.linuxfoundation.org/linux-courses/open-source-
compliance-courses/compliance-basics-for-developers
• OpenChain project
– https://www.openchainproject.org/curriculum
• Rogue Wave Software Open Source Awareness training for developers
• www.roguewave.com
29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29
Conclusion
• Legal, security, support
Know your risk
• Track, monitor, comply
Proactively manage your OSS and compliance
• Time to market, innovation, no license fees, readily accessible,
robust community
Remember: Benefits of OSS far outweigh risks
30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30
Q&A
31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31

Más contenido relacionado

Ähnlich wie How to Keep Developers Happy and Lawyers Calm

Open source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsOpen source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 
Related OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareRelated OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareOpenStack
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a  collision course?Are open source and embedded software development on a  collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyAll Things Open
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBlack Duck by Synopsys
 
When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open sourceRogue Wave Software
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Strategies for Commercial Software Developers Using Open Source Code in Propr...
Strategies for Commercial Software Developers Using Open Source Code in Propr...Strategies for Commercial Software Developers Using Open Source Code in Propr...
Strategies for Commercial Software Developers Using Open Source Code in Propr...Mary Lou Wakimura
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseFINOS
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseOpen Source Strategy Forum
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceRogue Wave Software
 
How APIs are transforming large enterprises
How APIs are transforming large enterprisesHow APIs are transforming large enterprises
How APIs are transforming large enterprisesRogue Wave Software
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 

Ähnlich wie How to Keep Developers Happy and Lawyers Calm (20)

Open source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsOpen source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trends
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 
Related OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareRelated OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a  collision course?Are open source and embedded software development on a  collision course?
Are open source and embedded software development on a collision course?
 
Speed and security for your PHP application
Speed and security for your PHP applicationSpeed and security for your PHP application
Speed and security for your PHP application
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
 
When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open source
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 application
 
Strategies for Commercial Software Developers Using Open Source Code in Propr...
Strategies for Commercial Software Developers Using Open Source Code in Propr...Strategies for Commercial Software Developers Using Open Source Code in Propr...
Strategies for Commercial Software Developers Using Open Source Code in Propr...
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash Course
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash Course
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open source
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
Unit testing for project managers
Unit testing for project managersUnit testing for project managers
Unit testing for project managers
 
How APIs are transforming large enterprises
How APIs are transforming large enterprisesHow APIs are transforming large enterprises
How APIs are transforming large enterprises
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 

Mehr von All Things Open

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityAll Things Open
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best PracticesAll Things Open
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public PolicyAll Things Open
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...All Things Open
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashAll Things Open
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptAll Things Open
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?All Things Open
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractAll Things Open
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
 Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlowAll Things Open
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and SuccessAll Things Open
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblyAll Things Open
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksAll Things Open
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptAll Things Open
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramAll Things Open
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceAll Things Open
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamAll Things Open
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsAll Things Open
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
 
Building AlmaLinux OS without RHEL sources code
Building AlmaLinux OS without RHEL sources codeBuilding AlmaLinux OS without RHEL sources code
Building AlmaLinux OS without RHEL sources codeAll Things Open
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 

Mehr von All Things Open (20)

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of Observability
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best Practices
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public Policy
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScript
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart Contract
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
 Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and Success
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssembly
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in Haystacks
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit Intercept
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship Program
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open Source
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache Beam
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 
Building AlmaLinux OS without RHEL sources code
Building AlmaLinux OS without RHEL sources codeBuilding AlmaLinux OS without RHEL sources code
Building AlmaLinux OS without RHEL sources code
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are using
 

Último

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 

Último (20)

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 

How to Keep Developers Happy and Lawyers Calm

  • 1. 1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1 How to keep developers happy and lawyers calm
  • 2. 2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2 Presenter Rod Cope CTO Rogue Wave Software rod.cope@roguewave.com
  • 3. 3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3 1. Introduction 2. Common OSS myths 3. Risks and challenges of OSS 4. Developers and lawyers 5. Q&A Agenda
  • 4. 4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4
  • 5. 5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5 Introduction
  • 6. 6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6 Legal disclaimer • Perforce and Rogue Wave Software, Inc. are not engaged in the rendering of legal advice. This presentation provides legal information, which should not be confused with legal advice • I am not an attorney
  • 7. 7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7 Common OSS myths
  • 8. 8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8 Common OSS myth MYTH: It’s free so I don’t have any license obligations FACT: Copyright law protect authors, many have taken licensees to court or taken other legal action
  • 9. 9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9 Common OSS myth MYTH: It’s in the public domain, so I can use it anyway I want FACT: Only some OSS is public domain The rest is protected by license or copyright
  • 10. 10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10 Common OSS myth MYTH: It’s free, so unlike commercial software, I don’t need to track it FACT: OSS is software, so it has bugs and security vulnerabilities. How will you respond to the next Heartbleed if you don’t know which OSS you’re using and where it is?
  • 11. 11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11 Common OSS myth MYTH: I don’t need support FACT: Yes, you do. What happens when your system goes down at 2am?
  • 12. 12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12 Risks and challenges of OSS
  • 13. 13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13 Legal risks and challenges Copyright Without proper permission you may lose right to use Compliance Potential legal action for non-compliance Patents Use of OSS may force loss of patent rights Indemnification No protection from damages
  • 14. 14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14 Technical & security risks and challenges Security OSS can introduce security flaws and vulnerabilities into your software Quality OSS can potentially affect the quality of your application
  • 15. 15© 2017 Rogue Wave Software, Inc. All Rights Reserved. 15 Support & contribution risks and challenges Support Who do you call when you have a problem? Community Is contribution to OSS allowed?
  • 16. 16© 2017 Rogue Wave Software, Inc. All Rights Reserved. 16 Managing risks Knowledge Learn and understand the risks Become a stakeholder in your organization’s risk management Action Take steps to manage OSS Be active in compliance process Monitor and track OSS you use Understand and manage cost of OSS use Training Support Maintenance
  • 17. 17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17 Developers and lawyers
  • 18. 18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18 Developers have a job to do Don’t add process that will unduly slow them down Don’t ask them to do additional jobs that take them away from their real job Don’t create rules or processes that take away ability to use OSS
  • 19. 19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19 Developers will use OSS regardless of policies (intentionally and un-intentionally) Blog articles, stack overflow Commercial products that contain OSS Code reuse (other in-house code that contains OSS) Indirect acquisition (code developed by contractors, outsourcers) Net: You can’t stop the use of OSS unless you force developers to write every line of code in your application.
  • 20. 20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20 How open source enters your codebase? Open source community Legacy code Internally developed code Reused code Third-party components Supply chain code Outsourced code Production code
  • 21. 21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21 Your developers are stakeholders in your success, they’re not going to sabotage their own efforts They won’t intentionally violate licenses or create a situation where your company gets sued for copyright infringement If provided the right information, developers will use OSS in a way that reduces risks Developers aren’t malicious, unless they are
  • 22. 22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22 Lawyers have a job to do They don’t expect developers to understand law any more than developers would expect lawyers to understand how to write code They do expect developers to understand basic concepts of law like how licenses work, what is a copyright, and how things like patents can be affected by OSS OSS may reshape the way developers and lawyers work together
  • 23. 23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23 How lawyers and developers work together Ignorance is a powerful force • Creating boundaries can help developers know when it’s okay to use OSS and when to ask for legal assistance in determining risk • An open dialog on OSS issues reduces risk and workload over time • If developers don’t know there’s an issue they don’t know to ask a lawyer for help
  • 24. 24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24 So how do you keep developers happy? OSS awareness education • By arming developers with basic knowledge of risks of OSS you empower them to identify, manage, and mitigate risks Simple processes and guidelines that don’t slow development • Developers don’t want to guess what to do with regards to OSS • Guess = ignore Tools or services to manage OSS • Don’t make it harder than it has to be When it comes to using OSS:
  • 25. 25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25 How do you keep lawyers calm? OSS audits • Outsource an initial audit of products (developers don’t need to do the work, and outsourcers who specialize in OSS audits will provide comprehensive assessment of current risks) Process for reporting OSS usage • Make development teams (now armed with their new knowledge of OSS) report all OSS usage going forward as they download/use • Delineate based on license types and usage OSS usage guidelines • At one extreme that can mean a company-wide OSS policy defining every aspect of OSS • At the other, it can be a simple set of guidelines designed to mitigate risk and plans to deal with issues as they arise
  • 26. 26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26 Developing a compliance process Audit Review licenses Usage model Compliance checklist Compliance actions
  • 27. 27© 2017 Rogue Wave Software, Inc. All Rights Reserved. 27 What developers need to know about OSS How OSS is defined by your organization The difference between a commercial and an OSS license Guidelines and policies Copyright, patents, indemnification, disclaimers of warranty, and liability OSS license compliance Managing and monitoring OSS
  • 28. 28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28 Training sources • Linux foundation OSS compliance material and training – https://training.linuxfoundation.org/free-linux-training/linux-training- videos#compliance – https://training.linuxfoundation.org/linux-courses/open-source- compliance-courses/compliance-basics-for-developers • OpenChain project – https://www.openchainproject.org/curriculum • Rogue Wave Software Open Source Awareness training for developers • www.roguewave.com
  • 29. 29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29 Conclusion • Legal, security, support Know your risk • Track, monitor, comply Proactively manage your OSS and compliance • Time to market, innovation, no license fees, readily accessible, robust community Remember: Benefits of OSS far outweigh risks
  • 30. 30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30 Q&A
  • 31. 31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31

Hinweis der Redaktion

  1. Primary difference between OSS and commercial software in an enterprise: no procurement department.
  2. We are not lawyers. This presentation provides legal information, which should not be confused with legal advice.
  3. Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths. You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance. The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
  4. Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths. You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance. The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
  5. Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths. You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance. The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
  6. Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths. You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance. The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
  7. Most of the time people think of Legal risk when they think about using OSS. It is very important to understand the legal risk but it is equally important understand security risks and support challenges. The non compliance with licenses and copyright notices can result into loss of right to use the software, law suits and litigation and loss of patent rights. OSS with security flaw can open up your proprietary code for security vulnerability putting your entire source cod at risk of attack and hence affecting the quality of software. OSS is free to use and various open source software have robust community behind them to provide support but the support is not guaranteed. If you run into a situation, where you have trouble with part of the your source code using OSS in middle of the night and you do not know how to fix it. It can shut down your system and severely affect your productivity.
  8. Most of the time people think of Legal risk when they think about using OSS. It is very important to understand the legal risk but it is equally important understand security risks and support challenges. The non compliance with licenses and copyright notices can result into loss of right to use the software, law suits and litigation and loss of patent rights. OSS with security flaw can open up your proprietary code for security vulnerability putting your entire source cod at risk of attack and hence affecting the quality of software. OSS is free to use and various open source software have robust community behind them to provide support but the support is not guaranteed. If you run into a situation, where you have trouble with part of the your source code using OSS in middle of the night and you do not know how to fix it. It can shut down your system and severely affect your productivity.
  9. Most of the time people think of Legal risk when they think about using OSS. It is very important to understand the legal risk but it is equally important understand security risks and support challenges. The non compliance with licenses and copyright notices can result into loss of right to use the software, law suits and litigation and loss of patent rights. OSS with security flaw can open up your proprietary code for security vulnerability putting your entire source cod at risk of attack and hence affecting the quality of software. OSS is free to use and various open source software have robust community behind them to provide support but the support is not guaranteed. If you run into a situation, where you have trouble with part of the your source code using OSS in middle of the night and you do not know how to fix it. It can shut down your system and severely affect your productivity.
  10. Managing risk– part of learning and understanding the risk is why we are dong this training. When you begin to learn the risk then you become a stakeholder. You are no longer ignorant of the problems that can arrive using OSS. As a good corporate citizen, it allows you to take ownership of the problems. With this knowledge now you can understand the process and manage the risk and cost of ownership of using open source software. So it goes like this – You get knowledge which will help you to take informed actions like compliance and tracking and which in return help you manage cost in terms of training, maintenance and support.
  11. Moral: Who does that?
  12. OSS license compliance Standard steps to comply with most OSS licenses Licenses and license terms to look out for When to get help from your legal staff Managing and monitor OSS When to report usage What to look for Security concerns
  13. After going through the risks and challenges of using OSS it is very important to note that the benefits of OSS far outweigh the risks. Don’t forget the benefits of quick conversion time shifting the developers time to more important core issues, it is free, readily accessible, the support of the robust community out there to help you.