Open Source Software: Mitigating the Legal and Security Risks
The use and creation of Open Source Software is based on respecting the Open Source Licenses which are the backbone of the ecosystem. These licenses detail the required obligations that are to be followed if someone desires to use these Open Source Components. Research shows that the software product of a typical company is comprised of more than 50% open source software while these same companies are only aware of less than 2% of their OSS usage. This lack of knowledge leads to potential infringement, legal concern and vulnerabilities being left unpatched.
In Versata v. Ameriprise, Versata's proprietary software, Distribution Channel Management (DCM), used an open source XML parsing utility licensed under GPLv2 from XimpleWare. Versata licensed its DCM software to Ameriprise, a financial services company. Versata sued Ameriprise and other Versata customers for copyright and patent infringement for allowing a sub-contractor to de-compile their software. Ameriprise alleged that Versata's DCM came under the GPLv2 license, thus allowing the de-compilation. The text of the GPLv2 license had been stripped out of the open source portion of DCM.
Previous license infringements may have been resolved peaceably. But, this case may set a precedent for compensation for damages and injunctive relief. Furthermore, a lawsuit between Oracle and Google over copyright protection for implementation of Java APIs in the open source Android mobile operating system is another worth watching. A federal appeals court ruled that the code, structure, sequence, and organization of the API packages are entitled to copyright protection. This raises the possible need for API licenses for users.
Companies need to have an internal review of open source software licensing policies whether the software is supplied directly, with acquisitions, or from consultants.
In a two-hour LIVE Webcast, a panel of thought leaders and professionals assembled by The Knowledge Group will review recent litigation cases regarding Open Source Software and help companies in Mitigating Legal and Security Risks. The panel of speakers will provide the audience with a discussion of the risk of not knowing what open source software is being used and of failing to comply with the conditions of open source licenses and help companies formulate sound compliance policies to avoid the most common risks and pitfalls.
Key topics include:
- Open Source Software - A Legal Primer
- Open Source Compliance Failures
- Lessons from Legal Cases in Open Source Software
- Versata v. Ameriprise (GPLv2 Licensing)
- Oracle v. Google (Copyright Protection for APIs)
- Open Source Licenses Requirements
- Mitigating Legal and Security Risks
- Best Practices
Jeff Luszcz, Founder & CTO
- The explosion of the use of open source use in all companies
- How this change happened and how it affects security and legal compliance
- The top issues affecting companies due to their use of open source
- Steps to set up a process to discover and manage your use of open source
Stephen D. Gillespie, Partner
Fenwick & West LLP
- Understanding Open Source Licenses as “Conditional” Licenses
- Legal and Practical Consequences of Failure to Comply with Open Source Conditions
- The Continuum of Open Source Licenses: From Permissive to Restrictive
- The Meaning of “Copyleft” and its Legal Implications
- Open Source Implications of On-Premise vs. SaaS/Cloud based Delivery Models
- Best Practices for Managing Open Source Compliance
Who Should Attend:
- Software Engineers
- Software Developers
- System Architects
- System Engineers
- System Administrators
- Software Vendors
- Business Developers
- Top Level Management
- Private and Public Companies
- Other Related/Interested Professionals and Organizations
As the Founder & CTO of Palamida, a leading provider of Open Source discovery and vulnerability management tools, Jeff helps software companies understand how to best use open source while complying with their license obligations and staying on top of security issues. Jeff also leads the Professional Services team responsible for open source compliance and security audits. His team has performed reviews for some of the largest mergers and acquisitions in the technology industry. Jeff spent six years as a software engineer at NASA Ames Research Center where he implemented software for simulation and visualization of flat panel display technology and their related human factors. Jeff has been active in the Java, Macintosh and Open Source software communities and is the author of several well-known Macintosh software utilities and has served as a technical editor for Wrox Press.
As the Founder & CTO of Palamida, a leading provider of Open Source discovery and vulnerability management tools, Jeff helps …
Stephen Gillespie provides strategic and legal advice to software, new media and technology companies. He helps his clients build and protect their value through careful management of the legal and intellectual property aspects of their key transactions. He structures, drafts, and negotiates mission critical agreements, including national and international development and distribution agreements, licenses, strategic alliances, and business process outsourcing transactions. He also manages the intellectual property aspects of mergers and acquisitions, including as lead outside IP counsel on acquisitions for Cisco, Symantec, Electronic Arts and other acquirers. In addition, he has significant experience in cloud/SaaS and open source business models and export control regulations.
Stephen Gillespie provides strategic and legal advice to software, new media and technology companies. He helps his clients build and …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge and Applications
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Palamida Inc.
Palamida provides products and services for software composition analysis. Our customers identify and track open source and other externally-written software in their development projects in order to manage and secure their software against risks resulting from intellectual property infringement and security vulnerabilities. Palamida analysts have conducted thousands of audits projects (billions of lines of code) ranging from quick one-day inspections to comprehensive due diligence projects to multi-product internal baselines. In all cases, our analysts use Palamida Enterprise Edition software as well as extensive domain expertise to produce a highly readable and actionable report. Reports can be tailored to specific requirements and can include open source and commercial content, analysis of subcomponents, multi-media content, and cut-and-paste source code. Palamida Professional Services play a crucial role when time is tight and domain expertise is essential in auditing for open source use.
About Fenwick & West LLP
Fenwick & West provides comprehensive legal services to ground-breaking technology and life sciences companies – at every stage of their lifecycle – and the investors that partner with them. We craft innovative, cost-effective and practical solutions on issues ranging from venture capital, public offerings, joint ventures, M&A and strategic relationships, to intellectual property, litigation and dispute resolution, taxation, antitrust, and employment and labor law. For more than four decades, Fenwick has helped some of the world's most recognized companies become and remain market leaders.