close

Open Source Software: Mitigating the Legal and Security Risks

The use and creation of Open Source Software is based on respecting the Open Source Licenses which are the backbone of the ecosystem. These licenses detail the required obligations that are to be followed if someone desires to use these Open Source Components. Research shows that the typical company is comprised of more than 50% open source software while these same companies are only away of less than 2% of their OSS usage. This lack of knowledge leads to license infringement, legal concern and vulnerabilities being left unpatched.

In Versata v. Ameriprise, Versata's proprietary software, Distribution Channel Management (DCM), used an open source XML parsing utility licensed under GPLv2 from XimpleWare. Versata licensed its DCM software to Ameriprise, a financial services company. Versata sued Ameriprise and other Versata customers for copyright and patent infringement for allowing a sub-contractor to de-compile their software. Ameriprise alleged that Versata's DCM came under the GPLv2 license, thus allowing the de-compilation. The text of the GPLv2 license had been stripped out of the open source portion of DCM.

Previous license infringements may have been resolved peaceably. But, this case may set a precedent for compensation for damages and injunctive relief. Furthermore, a lawsuit between Oracle and Google over copyright protection for implementation of Java APIs in the open source Android mobile operating system is another worth watching. A federal appeals court ruled that the code, structure, sequence, and organization of the API packages are entitled to copyright protection. This raises the possible need for API licenses for users.

Companies need to have an internal review of open source software licensing policies whether the software is supplied directly, with acquisitions, or from consultants.

In a two-hour LIVE​ Webcast, a panel of thought leaders and professionals assembled by The Knowledge Group will review recent litigation cases regarding Open Source Software and help companies in Mitigating Legal and Security Risks. The panel of speakers will provide the audience with a discussion of the increasing risk of litigation over open source software and help companies formulate sound compliance policies to avoid the most common risks and pitfalls.

Key topics include:

  • Open Source Software – A Legal Primer
  • Open Source Compliance Failures
  • Lessons from Legal Cases in Open Source Software
  • Versata v. Ameriprise (GPLv2 Licensing)
  • Oracle v. Google (Copyright Protection for APIs)
  • Open Source Licenses Requirements
  • Mitigating Legal and Security Risks
  • Best Practices