Chapter 5. Audits and Compliance Initiatives

Much legal activity in the open source area consists of compliance analysis—in other words, determining whether a company is complying with all the relevant license conditions of its inbound open source licenses. This activity is the process by which companies conduct due diligence (as described in Chapter 4). This activity has many names—due diligence, open source counseling, and auditing—depending on context. Sometimes compliance work is performed in anticipation of a transaction, such as a merger or investment, and in those cases it is usually called due diligence. In other cases it is an ongoing process—partially to ensure that when a transaction occurs, the due diligence process will be quick and accurate. Lately the requirements of the Sarbanes-Oxley Act have motivated public or pre-public companies to undertake audits to minimize the risk of corporate or director liability. Finally, some companies undertake diligence as an ongoing process, simply to ensure good legal housekeeping and maintain their intellectual property house in good order.

Compliance work has two steps: information gathering and legal analysis. The first step is by far the most costly and time-consuming. In the contemporary technology company, open source compliance work has become a complex administrative task, and few companies have undertaken it from the beginning of their operations in a systematic and thorough way. The larger the organization, and the more ...

Get The Open Source Alternative: Understanding Risks and Leveraging Opportunities now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.