Harman designs, manufactures and markets premier audio, visual, infotainment and integrated control solutions for the automotive, consumer and professional markets. One of Harman’s biggest challenges when supplying its systems is ensuring it can prove its code complies with applicable license terms. The code must also be free of security and quality risks that could impact the integrity of the finished products. But what happens when the code is open source? While software developed in-house can be closely monitored, software that comes in through third parties is harder to track. How can Harman accurately report on operational and legal risks for components and projects it didn’t develop? Join this presentation from Alyssa Harvey Dawson, Vice President Legal, Global Intellectual Property at Harman, and Black Duck Software, covers: - Current open source trends - An in-depth review of popular licenses (including GPL) - Harman's take on open source compliance - The impact of security and technical risks beyond compliance

1. 5 STEPS TO ENSURING COMPLIANCE IN THE SOFTWARE
SUPPLY CHAIN: THE HARMAN CASE STUDY
© 2014 Black Duck Software, Inc. All Rights Reserved.
Black Duck Software
@black_duck_sw

2. SPEAKERS
Matthew Jacobs
General Counsel
Black Duck Software
Alyssa Harvey Dawson
Vice President, Global Intellectual Property & Licensing
Harman International Industries
2 © 2014 Black Duck Software, Inc. All Rights Reserved.

3. AGENDA
• Open Source Trends
• License Review
• OSS Compliance – Harman’s point of view
• Q&A
3 © 2014 Black Duck Software, Inc. All Rights Reserved.

4. FIRST OF ALL…
“Software is Eating the World.”
Marc Andreessen (Netscape Founder)
August ’11, Wall Street Journal
“Open Source is ubiquitous… having a policy against open source [use]
is impractical and places you at a competitive disadvantage.”
4 © 2014 Black Duck Software, Inc. All Rights Reserved.
Mark Driver, Gartner

5. …AND THERE IS A GROWING APPETITE FOR OPEN
SOURCE
• 4.0 billion files
• Nearly 1M de-duplicated projects
• 10+ million staff years of development
• Billions of $s of development
• 2,300+ unique software licenses
2,000,000
1,500,000
1,000,000
500,000
0
2007 2009 2011 2013 2015
5 © 2014 Black Duck Software, Inc. All Rights Reserved.
Black Duck
KnowledgeBase
Open Source Projects

6. WHAT IS OPEN SOURCE SOFTWARE
(OSS)?
• It’s third party software
• No single “official”
definition
Third-Party
Software
6 © 2014 Black Duck Software, Inc. All Rights Reserved.
Open
Source
Software

7. PRIMARY OSS LICENSE CATEGORIES
• Permissive Licenses
• Licensee can use, copy, modify and distribute the
software
• Licensee is allowed to combine the source with open
source or proprietary software
• Licensee is NOT obligated to distribute the source code
of derivative works
• Copyleft Licenses
• Any Licensee modifications to the software must be
distributed under the same reciprocal OSS license
• Copyleft licenses are substantially more complex than
permissive licenses
7 © 2014 Black Duck Software, Inc. All Rights Reserved.
Permissive:
• BSD
• MIT
Copyleft:
• GPL
• MPL

8. TOP 20 OPEN SOURCE LICENSES
Ranked according to number of
open source projects using the
license:
 Top 10 licenses account for 94%
 Top 20 licenses account for 97%
 GPL family of licenses account
for 46%
Rank License
1. GNU General Public License (GPL) 2.0
2. MIT License
3. Apache License 2.0
4. GNU General Public License (GPL) 3.0
5. BSD License 2.0 (3-clause, New or Revised)
6. Artistic License (Perl)
7. GNU Lesser General Public License (LGPL) 2.1
8. GNU Lesser General Public License (LGPL) 3.0
9. Microsoft Public License (MS-PL)
10. Eclipse Public License (EPL)
11. Code Project Open License 1.02
12. Mozilla Public License (MPL) 1.1
13. Simplified BSD License (BSD)
14. Common Development and Distribution License (CDDL)
15. Microsoft Reciprocal License
16. GNU Affero General Public License v3 or later
17. Sun GPL With Classpath Exception v2.0
18. CDDL-1.1
19. zlib/libpng License
20. Common Public License (CPL)
Source: https://www.blackducksoftware.com/resources/data/top-20-
open-source-licenses October 2014
8 © 2014 Black Duck Software, Inc. All Rights Reserved.

9. IDC ON OPEN SOURCE USE
“Open source makes up
30% or more of the
code at G2000
organizations”
“ ‘Next generation’ companies
such as Amazon, Google,
Netflix, etc., handle
development in fundamentally
different ways leveraging open
source software”
9 © 2014 Black Duck Software, Inc. All Rights Reserved.

10. BLACK DUCK’S EXPERIENCE ANALYZING
CODE
• 99% of code audits find open
source.
• 95% of audits find unknown open
source
• 75% of audits contain unknown
licenses.
• 50% of code audits contain GPL.
• Audits on average contain 33%
open source.
10 © 2014 Black Duck Software, Inc. All Rights Reserved.

11. TODAY DEVELOPMENT IS MULTI-SOURCE
11 © 2014 Black Duck Software, Inc. All Rights Reserved.

12. …BUT OFTEN OSS ENTERS A CODE BASE
UNCHECKED
Open Source
Code Base
Commercial
3rd Party
Code
Purchasing
• Licensing?
• Security?
• Quality?
• Support?
12 © 2014 Black Duck Software, Inc. All Rights Reserved.
SECURITY RISK
Which components
have vulnerabilities
and what are they
LEGAL RISK
Which licenses are
used and do they
match anticipated
use of the code
OPERATIONAL RISK
Which versions of
code are being used,
and how old are they

13. HARMAN CASE STUDY
A Real-World Perspective on Open Source
13 © 2013 Black Duck Software, Inc. All Rights Reserved.

14. HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2013. ON STAGE,
AT HOME,
IN THE CAR, OR
ON THE GO
LEGENDARY, DISCIPLINED,
VISIONARY
14
TECHNOLOGY
INNOVATION
GLOBAL
GROWTH
PREMIUM
BRANDS
HARMAN BRINGS YOUR CONNECTED LIFESTYLE AND
ENTERTAINMENT EXPERIENCES TOGETHER THROUGH PREMIUM
INFOTAINMENT AND AUDIO SOLUTIONS FOR THE STAGE, AT HOME,
IN THE CAR, OR ON THE GO.

15. FY14 REV $5.3B
~16,000 FTEs
NUMBER ONE
IN ALL MARKETS
L I FESTYLE
BRANDED AUDIO PRODUCTS
FOR HOME, CAR, ON THE GO
LTM REVENUE $1,580M
LTM EBITDA 14.3%
PROFESSIONAL
PRO AUDIO & LIGHTING
FOR CINEMA, BROADCAST,
TOUR & INSTALLED SOUND
LTM REVENUE $826M
LTM EBITDA 16.3%
HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2014. 15
INFOTAINMENT
NAVIGATION, MULTIMEDIA,
CONNECTIVITY, & SAFETY
SOLUTIONS
LTM REVENUE $2,680M
LTM EBITDA 10.5%
LTM = Last Twelve Months, ending Mar. 31, 2014, and exclude non-recurring expense

16. R&D LEADER
IN INFOTAINMENT & AUDIO
HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2013. 16
STRONGEST GLOBAL R&D
FOOTPRINT
• IN-HOUSE DEVELOPMENT OF CORE
TECHNOLOGIES
POWERFUL INNOVATION
PIPELINE
• 4,900+ PATENTS & PATENTS PENDING
• SOLUTION ORIENTED TECHNOLOGY ROADMAP
DISRUPTIVE INNOVATION
CULTURE
• SCALABLE PLATFORM REDEFINED INDUSTRY
LANDSCAPE
• REVERSE INNOVATION PIONEER IN AUTO
• RE-INVENTOR OF SURROUND SOUND

17. EXPAND TECHNOLOGY
LEADERSHIP
ACCELERATING
THE PACE OF
INNOVATION
PATENT GROWTH TREND
1,800+
2,700+
3,600+
4,900+
FY ‘07 FY ‘09 FY ‘11 FY ‘13
HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2013. 17
4,900+
PATENTS

18. CONNECTED,
SAFE, GREEN
AND
INTELLIGENT
INNOVATION =
PASSION + TECHNOLOGY
DIGITAL SIGNAL
PROCESSING
USER EXPERIENCE
NETWORK
INTEL L IGENCE
HARMAN INTERNATIONAL. CONFIDENTIAL. COPYRIGHT 2013. 18
CONNECTIVITY
HARMAN CLOUD PLATFORM
ADVANCED SAFETY
ENERGY
EF F ICIENCY
2XP E R F O R M A N C E @ 5 0 % E N E R G Y

19. OPEN SOURCE AT HARMAN
APPRECIATE THE BENEFITS
• Simplified and rapid development opportunities
• Many projects offer reliable and well supported code
• Open standards and vendor independence
TECHNOLOGY LEADERSHIP
• OS has moved from margins to the mainstream
• Key part of any development process
COMPLIANCE
• Respect third party rights
• Protect IP position
• Minimize adverse product impact
19 © 2014 Black Duck Software, Inc. All Rights Reserved.

20. FIVE STEPS TO OPEN SOURCE COMPLIANCE:
STEP 1: UNDERSTAND PRODUCT DEVELOPMENT
PROCESSES
COLLABORATE WITH
PRODUCT DEVELOPMENT
OBTAIN MANAGEMENT BUY-IN
CREATE A TEAM WITH KEY PRODUCT
DEVELOPMENT PROFESSIONALS
ENABLE TEAM OWNERSHIP OF REVIEW
SEEK TO LEARN AND UNDERSTAND FIRST
20 © 2014 Black Duck Software, Inc. All Rights Reserved.

21. FIVE STEPS TO OPEN SOURCE COMPLIANCE
STEP 2: OPEN SOURCE USAGE EVALUATION
EVALUATE KEY OPEN
SOURCE USAGE
DIFFERENTIATE INTERNAL VS. EXTERNAL USAGE
UNDERSTAND PRODUCT/SERVICES USAGE
PAY ATTENTION TO DISTRIBUTION
UNDERSTAND CONTRIBUTIONS
ASCERTAIN KEY STAKEHOLDERS
21 © 2014 Black Duck Software, Inc. All Rights Reserved.

22. FIVE STEPS TO OPEN SOURCE COMPLIANCE:
STEP 3: TRANSLATE REVIEWS INTO POLICY
DEVELOP AN OPEN
SOURCE POLICY
ESTABLISH A POLICY THAT WORKS WITH YOUR PRODUCT
DEVELOPMENT PROCESSES
POLICY SHOULD FILL IN THE GAPS UNCOVERED BY YOUR
PROCESS REVIEW
SET UP OPEN SOURCE GOVERNANCE COMMITTEE APPROPRIATE
FOR YOUR ORGANIZATION
OBTAIN BUY-IN FROM KEY STAKEHOLDERS
DESIGN A PROCESS WITH YOUR CUSTOMERS IN MIND
MAKE SURE KEY COMPONENTS ARE ADDRESSED
22 © 2014 Black Duck Software, Inc. All Rights Reserved.

23. FIVE STEPS TO OPEN SOURCE COMPLIANCE:
STEP 4: IMPLEMENT THE POLICY
IMPLEMENT THE POLICY
EDUCATE KEY GROUPS ON OPEN SOURCE
TRAIN KEY GROUPS ON THE POLICY
OBTAIN FEEDBACK
CREATE DOCUMENTATION TO SPEED UP REVIEWS
BE TRANSPARENT WITH KEY CONSTITUENCIES SUCH AS
CUSTOMERS, SUPPLIERS
23 © 2014 Black Duck Software, Inc. All Rights Reserved.

24. FIVE STEPS TO OPEN SOURCE COMPLIANCE:
STEP 5: AUDIT THE POLICY AND PROCESS
REGULARLY REVIEW
POLICY
ANNUAL REVIEWS
UPDATE AS ORGANIZATION CHANGES
• DIVISION REORGS
• NEW PERSONNEL
• ACQUISITIONS
LISTEN TO FEEDBACK
KEEP WHAT WORKS, CHANGE WHAT DOESN’T
ONE SIZE DOES NOT FIT ALL; TAILOR FOR YOUR COMPANY
24 © 2014 Black Duck Software, Inc. All Rights Reserved.

25. CONCLUSION
• Software development has changed
• Componentization and re-use
• Open source is ubiquitous and an important element of
software strategy
• Open source has significant benefits, but needs to be
managed properly
• An effective compliance program includes policy,
process and automation technology
25 © 2014 Black Duck Software, Inc. All Rights Reserved.

26. VIEW THIS WEBINAR PRESENTATION AT:
WWW.BLACKDUCKSOFTWARE.COM/RESOURCE
S/WEBINAR/5-STEPS-ENSURING-OPEN-SOURCE-COMPLIANCE-
SOFTWARE-SUPPLY-CHAIN-HARMAN-
CASE-STUDY
@black_duck_sw