Protecode Blog

Open Source License Compliance – Where Do I begin?

Chances are there is at least some open source code in your software product. Do you have to be worried? Not necessarily.

 How do you find this code? How do you know if you’re violating the terms of an open source license?

The first step to answering these questions is to find what the open source license policy for your project is.  The project in this context can be a product group, a project group, or the whole company.

The policy addresses questions such as “is open source software allowed or not?”  If so, what licenses and under what conditions are acceptable and which ones are not, which vendors are approved, and what software products or packages are authorized for use. The policy also defines the procedure for pre-approval of packages, for auditing software at different stages of development, and what to do once a policy violation is detected.  Capturing the licensing policy digitally allows linking the policy with automated license management tools used in other steps of an open source software adoption policy.

The open source adoption process should include the name of the contacts within the organization who are responsible for implementing the policy, encompassing technology and corporate functions.

Typically the business manager, a licensing or legal counsel, and a representative of the development agency determine the licensing policy and the mandated workflow for the detection of policy violations in the code base.

The open source licensing policy is the base on which your company’s open source adoption process will be built on.

To learn more about the open source adoption process view our open source license policy video:

Does your company have licensing policy in place? Share in the comments below!