Instructor: Todd Smithline
Length: 1 hour
Tools: Open Source Policy Approval Matrix; Open Source Approval Request Form; Presentation Slides
In this second Episode in our Open Source Series, we teach you how to create and implement an open source policy. This program takes the perspective of counsel to a proprietary technology company, but should be useful to anyone trying to understand the legal implications of using and distributing open source software.
- Open Source Basics (Quick Recap) – We recap from Episode 1 how open source licenses work, the major license types and the importance of attribution for compliance.
- Creating a Policy – We review the legal objectives and practical considerations for an open source policy. From there, we identify the different use cases for open source – internal and external, modified and unmodified – that will drive your policy and approval process.
- Approval Matrix – Using a hypothetical SaaS company called “ServiceHR”, we match each open source use case against the different open source license types to create an “Approval Matrix.” We then walk through two open source use requests from ServiceHR’s engineers and discover which will be approved and which will require further consideration.
- Attribution – We review the importance of ServiceHR providing appropriate attribution for the open source it includes in its mobile app, and provide step-by-step guidance on how the attribution should appear in its products and end user terms.
- Avoiding Unintended Usage – We discuss legal strategies for handling risk associated with open source received from contractors or third-party software vendors.
- Code Scan? We discuss the advantages and disadvantages from a legal perspective of running a scan on a code base.
- Putting It All Together – We summarize all of the steps to creating an open source compliance program.
- Questions from the Roundtable – We share questions and answers from our first Roundtables for this Episode.