book

The Open Source Alternative: Understanding Risks and Leveraging Opportunities

Name: The Open Source Alternative: Understanding Risks and Leveraging Opportunities
Author: Heather J. Meeker
ISBN: 9780470194995

by Heather J. Meeker

February 2008

Intermediate to advanced

285 pages

7h 6m

English

Wiley

Read now

Unlock full access

Copyright
Preface
How to Use this Book
1. Leveraging Opportunities
1. Introduction: How UNIX Gave Birth to Linux, and a New Software Paradigm
1.1. In the Beginning Was the Word, and the Word Was Unix1.2. Along Comes Linux1.3. Now, What is Open Source?1.4. And This is Just the Beginning
2. Free Software and Open Source
2.1. Viruses and Freedoms2.2. Philosophy of Free Software2.2.1. Open Source Initiative2.2.2. Mozilla Foundation2.2.3. Linus Torvalds2.3. Definitions: Free Software and Open Source2.4. What'S in a Name? The Viral and the Nonviral2.5. Open Source Development Model
3. Common Open Source Licenses and Their Structure
3.1. Direct Licensing3.2. GPL3.3. GPL + Exception (or Special Exception)3.4. GPL + FLOSS Exception3.5. LGPL3.6. Corporate Hereditary Software Licenses3.7. Other Hereditary Software Licenses3.8. Permissive Licenses3.8.1. Apache 1.03.8.2. Apache 1.13.8.3. Apache 2.03.8.4. Artistic License3.9. Miscellaneous Licenses3.10. Non-Software Licenses
4. Due Diligence, License Proliferation, and Compatibility
4.1. What is the Problem with Combining Software?4.2. What is Due Diligence?4.3. License Conditions and Diligence Problems4.3.1. Distribution of Executable Versions.4.4. License Compatibility4.5. Choices in an Incompatible World4.6. An Embarrassment of Riches?4.7. Reusability4.7.1. Derivative Works.
5. Audits and Compliance Initiatives
5.1. Provenance and Objective Checking5.2. Applying Policy and Legal Review5.3. Some Nuts and Bolts
6. Notice Requirements
7. Patents and Open Source
7.1. Patent Debate7.2. Patent Portfolio Management

8. Trademarks and Open Source
8.1. Trademark Law And Open Source Licensing8.2. Trademarks in the Open Source World8.3. At&t Unix Battle
9. Open Source and Open Standards
10. Developing a Corporate Open Source Policy
10A. Open Source Corporate Policy
10A.1. [Company] Open Source Software Policy10A.1.1. I. Introduction10A.1.2. II. Open Source Licenses10A.1.3. III. Protecting Company Intellectual Property in the Open Source Context10A.1.4. IV. Open Source Code Procurement and Support10A.1.5. V. Considerations in Marketing Open Source Products
11. Open Source Code Releases
A.1. Choosing a LicenseA.2. Effect on Patent PortfolioA.3. Effect on TrademarksA.4. Open Source Business ModelsA.5. Dual LicensingA.6. "Ur-Licensor" and Open Source Decision ModelsA.7. Contribution AgreementsA.8. Reissuing CodeA.9. Corporate Organization
11A. Open Source Trademark Policy
11A.1. This Form is an Example of a Policy for a Dual-Licensed Open Source Product. Foobar Trademark Policy11A.2. Trademarks and the GPL11A.3. Modified Software and Unmodified Software11A.4. Uses Permitted under This Policy11A.4.1. Developers and Affiliates11A.4.2. Linking11A.4.3. Services Related to Foobar Software11A.5. Policy Updates11A.6. Questions
2. Understanding Risks
12. Technical Background: Operating System Kernels, User Space, and Elements of Programming
A.1. What Is the Difference Between an Application and an Operating System?A.2. What Is an Operating System Kernel?A.3. What Is an Application?A.4. Dynamic and Static Linking, and Inline CodeA.5. Header FilesA.6. Monoliths and Loadable Kernel Modules
13. Enforcement of Open Source Licenses
A.1. Past EnforcementA.2. Enforcement ObstaclesA.2.1. Lack of Track Record: GPL Has Never Been Tested in CourtA.2.2. Waiver/Estoppel: Occasional and Selective Enforcement of GPL Means It Is UnenforceableA.2.3. Formation: GPL Is Not Validly Accepted by LicenseesA.2.4. GPL Constitutes Copyright MisuseA.2.5. Joint Work ArgumentsA.2.6. Standing and Joinder Arguments
14. The Border Dispute of GPL2
A.1. Defining the Border DisputeA.2. What the GPL SaysA.3. Rules of Contract ConstructionA.4. Applying the Four Corners Rule to GPL2A.5. Applying the Rules of Contract Construction to GPL2A.6. Trade Usage and Other Extrinsic EvidenceA.7. Derivative Works QuestionA.8. The FactsA.9. Legal RulesA.10. Analyzing the Case of Two WorksA.11. Is the Result One or Two Works?A.12. Policy ArgumentsA.13. Non-U.S. Law InterpretationsA.14. Approach of Legal RealismA.15. Outside the Four CornersA.16. Loadable Kernel ModulesA.17. The Hardest CasesA.18. LGPL Compliance
15. License or Contract?
A.1. Contract FormationA.2. Arguments Supporting FormationA.3. Implications of Absence of Contract FormationA.4. Incentives for Formation Arguments
16. Defining Distribution
17. Open Source in Mergers and Acquisitions and Other Transactions
A.1. Open Source in Licensing and Commercial TransactionsA.2. Development Agreements
18. GPL Version 3.0
A.1. What is the Effect of the Release of GPL3?A.2. Adoption of GPL3A.3. Politics and ContextA.4. "Derivative Works" ProblemA.5. "Propagation" and "Conveying"A.6. PatentsA.7. Digital Millennium Copyright Act ProvisionsA.8. "Java Problem"A.9. Disabling and ObfuscationA.10. ASP ProblemA.11. License Compatibility
19. LGPL Version 3.0
19.1. New Approach for LGPL19.2. Adoption of LGPL319.3. Politics and Context19.4. Definitions19.5. Compliance19.6. Drawbacks
A. Open Source Development Agreement
A.1. Agreement for Consulting By_____A.2. Statements of WorkA.2.1. Statements of WorkA.2.2. Lost TimeA.2.3. Acceptance TestingA.3. CompensationA.3.1. ServicesA.3.2. Status ReportsA.3.3. ExpensesA.3.4. PaymentsA.4. ConfidentialityA.4.1. DefinitionA.4.2. Non-Use and Non-DisclosureA.4.3. Return of MaterialsA.5. INTELLECTUAL PROPERTYA.5.1. DeliverablesA.5.2. Third-Party MaterialsA.5.3. Intellectual Property ClaimsA.5.4. Warranty and DisclaimerA.6. Term and TerminationA.6.1. TermA.6.2. TerminationA.6.3. SurvivalA.7. MiscellaneousA.7.1. Non-Assignment/Binding AgreementA.7.2. NoticesA.7.3. WaiverA.7.4. SeverabilityA.7.5. IntegrationA.7.6. CounterpartsA.7.7. Governing LawA.7.8. Independent ContractorsA.7.9. Attorney's FeesA.7.10. Non-SolicitationA.7.11. Limitation of Remedies and Damages
D. Glossary

Content preview from The Open Source Alternative: Understanding Risks and Leveraging Opportunities

Chapter 5. Audits and Compliance Initiatives

Much legal activity in the open source area consists of compliance analysis—in other words, determining whether a company is complying with all the relevant license conditions of its inbound open source licenses. This activity is the process by which companies conduct due diligence (as described in Chapter 4). This activity has many names—due diligence, open source counseling, and auditing—depending on context. Sometimes compliance work is performed in anticipation of a transaction, such as a merger or investment, and in those cases it is usually called due diligence. In other cases it is an ongoing process—partially to ensure that when a transaction occurs, the due diligence process will be quick and accurate. Lately the requirements of the Sarbanes-Oxley Act have motivated public or pre-public companies to undertake audits to minimize the risk of corporate or director liability. Finally, some companies undertake diligence as an ongoing process, simply to ensure good legal housekeeping and maintain their intellectual property house in good order.

Compliance work has two steps: information gathering and legal analysis. The first step is by far the most costly and time-consuming. In the contemporary technology company, open source compliance work has become a complex administrative task, and few companies have undertaken it from the beginning of their operations in a systematic and thorough way. The larger the organization, and the more ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470194959Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Open Source Alternative: Understanding Risks and Leveraging Opportunities

by Heather J. Meeker

Chapter 5. Audits and Compliance Initiatives

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.