Across industries, open-source software provides the foundation for a significant number of applications, with open-source components per commercial application growing more than six-fold in the last five years. Given this growing prominence, it is critical for companies to understand the related risk and license compliance issues associated with open-source software management. If well managed, companies can benefit from the many advantages of leveraging open-source software, from its low cost to the speed at which it can be deployed, among other benefits.
Below are some best practices to consider when trying to make the most of open-source software.
- Establish an open-source policy and internal processes to implement it.
- Review and approve use requests and track the use of open-source software.
- Keep accurate records.
- Involve legal and developer organizations—the buy-in of both organizations is needed to achieve success.
- Develop a training program for developers on the safe use of open-source software.
- Create a system for people to submit requests to use open-source software and make sure that the scope of the approval of the request is limited to that purpose.
- Set up separate review tracks for different types of uses or licenses; for example, strictly internal uses of unmodified open-source software or open-source software used in distributed code.
- Consider developing a fast-track approval process for the use of a limited set of licenses or uses. Reevaluate these processes if use changes.
- Be mindful that open-source code use can be audited via code inspection or code review tools.
For more on this topic, including recent trends and developments, check out the Morgan Lewis IP Academy series presentation, Open-Source Software: Risks and Rewards.