Our firm specializes in helping companies implement a long-term, customized open source compliance strategy, often starting from bare bones and finishing with a sophisticated, efficient, highly automated process that exceeds industry standards. Our goal is to establish a process for you that is intuitive, well-documented, and which you will be able to sustain for the lifetime of your company long after your engagement with us ends. We don’t just provide advice, we help you configure all your tools, design your workflows, and review individual pieces of source code as needed. Whether your company offers free and open source software products or merely uses open source components, we can help. For all companies, we advise on:
- Creating a customized “white list” reflecting which third party open source licenses are compatible with the way you license your products and the programming languages and frameworks your company uses. This is a key element of any open source compliance strategy and cannot simply be copied and pasted: factors including whether you are writing code in an interpreted language, whether your product is hosted, what technologies you already rely on, what third party products your code interacts with, even whether your products are used in nuclear facilities, etc., all play a role in shaping this list.
- Implementing open source scanning tools.
- Helping you make sense of the open source scan results: all tools on the market still produce false positives and false negatives and only an actual look at the underlying source code can help you weed these issues out. We will help you produce a clean list of problem items and advise you on how best to address them on a case by case basis.
- Negotiating re-licensing of third party open source components.
- Creating open source disclosures that properly attribute the authors of any open source software you are using.
- Identifying code you need to make available in source code form to your customers.
- How to mark your code and what notices to include in your products.
- Assessing third party contributor agreements if you want to make contributions to the open source community.
- Training employees on how to follow your open source policy.
For companies that want to release some products under open source licenses, we also advise on:
- Commercialization strategies: what part of your products should be released as free and open source software.
- Which open source licenses to license your products under.
- Which third party open source software is compatible with your open source products.
- Whether contributor agreements make sense for your projects.
- Managing an open source community.
Building a free and open source software compliance process is above all an exercise in prioritization. We’ll help you figure out where to start, create timelines that work with your development schedule and available resources, and work our way through areas and products with the highest risks first.