Black Duck Blog

Timothy Kenny
Director of Marketing
Tkenny@blackducksoftware.com
We just delivered a webinar which covered the basics of open source, including open source definitions, and the different types of licenses.

Open Source Software legal experts, Karen Copenhaver and Mark Radcliffe, were both on hand to talk about the associated risks in using open source software. Mark and Karen pointed out that although there are risks associated with using open source, when managed and used correctly, the benefits will outweigh the risk.

Open source software has significant benefits and is free, but it is not free of obligations. Gartner Research recently found that while virtually all mainstream IT organizations leverage open source in one capacity or another, fewer than 30% currently have an OSS governance policy in place. With over 1,900 different licenses available today, each with their own obligations, it can be difficult to properly manage the use of open source.

Karen Copenhaver gave a comprehensive review of the legal framework including intellectual property and licensing. Karen answered questions such as:

• Who owns a copyright?

• What is a patent?

• What is a license and what is a sublicense?

• What is the same between commercial and open source licenses?

• What is different about an open source license?

Mark Radcliffe gave a great overview of the history of the open source movement. Mark pointed out that it was in the year of 1998 where the term “open source” was coined.

Mark also covered the various types of open source licenses which include:

• Restrictive: Requires licensor to make improvements or enhancements available under similar terms. The GPL would be an example of this kind.

• Permissive: Modifications/enhancements may remain proprietary. An example of this would be Apache.

• Single user license: Apple, Lucent

We’d be interested in your feedback as well as any additional questions.

Follow us on twitter @black_duck_sw and find us on Facebook.

Timothy Kenny
Director of Marketing
Tkenny@blackducksoftware.com
We just delivered a webinar looking at how trademarks and open source licenses work together.  Open Source Software legal experts, Karen Copenhaver and Mark Radcliffe, were both on hand to talk about the basics of trademark law an implications for open source projects.

Trademarks have come to play an increasingly important role in the open source community. While it may seem that the strict control required by trademark laws would be inconsistent with the freedoms preserved by the open source licenses, trademarks actually are an integral part of the rights which will make open source software successful.

Karen Copenhaver gave a comprehensive review of the typical misconceptions associated with trademarks.  She explained that one of the most common misconceptions is,“If the copyright does not say anything about trademarks, then there is no need to worry.” This simply is not the case.

Mark Radcliffe gave a great overview of what exactly trademarks are, different types of rights associated, and advice on how to secure and maintain them.

Mark was quoted as saying, “Trademarks are valuable assets for open source communities.”

We’d be interested in your thoughts as well as any additional questions.

The recording will be made available shortly.

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
Black Duck just started up a program to certify legal professionals as Black Duck Specialists. We provide this free service as a way to help both our customers and friends in the legal community. The program gives our customers access to a list of legal contacts whom we’ve trained and certified on working with Black Duck and the reports we generate.

If you know us for our products, you may not be aware that we offer code assessments as a service. We’ve been involved in over $40 Billion of acquisitions, and in any given week we are hired to support the due diligence efforts of multiple acquirers. Our professional service team does a terrific job using Protex to identify unknown open source components (and the associated legal, export and security issues) in a target’s code base and creating a report that lays out the contents and potential issues.

That’s where our job ends and the lawyers’ begins. Our customers take action based on the advice of their attorneys for whom the Black Duck report provides key input. For a variety of reasons it’s critical that those attorneys be very familiar with our process and technology behind it. M&A transactions are fragile and unpredictable and things happen fast, so a lawyer doesn’t have much time to learn.

The Black Duck certification takes M&A and IP attorneys through every aspect of the technology and process of an assessment. In that way lawyers who have been through the program know how to help the parties involved know what to expect going into the process and how to work with what comes out.

If you an M&A or IP lawyer advising clients on transactions, I advise you to check out our certification program here: http://www.blackducksoftware.com/certification

Timothy Kenny
Director of Marketing
Tkenny@blackducksoftware.com
With 65% of the more than 220,000 open source projects available on the Internet using GPL licenses, they are the most widely used open source licenses in the world, that’s one big cube. No matter which way you twist it, the way that software development organizations integrate code licensed under the GPL and AGPL into their applications and services, and depending on how that code is deployed, can expose a company and its intellectual property to significant risk.

Windows 7 USB/DVD download tool was found to contain GPLv2 code. Microsoft is claiming that the code in question was not intentional, but they are sharing the responsibility of the error with the third party contracted to create the tool. They made the source code as well as binaries for the tool available under the terms of the GPLv2.

Despite widespread adoption of GPL-based code, developers and end-users continue to try and solve the puzzle regarding the three main issues of GPL license use and obligations:

* What constitutes a derivative work?
* What constitutes a separate and independent work?
* What constitutes distribution?

Although these issues can be complex, we have seen some practical approaches for addressing them. Karen Copenhaver (Choate, Hall and Stewart) and Mark Radcliffe (DLA Piper), two of the software industry’s most prominent IP lawyers and domain experts with the GPL, recently discussed issues surrounding GPL license use along with some excellent tips and approaches in learning how to address them.

Timothy Kenny
Director of Marketing
Tkenny@blackducksoftware.com
Open source software has had a revolutionary impact on the software industry. With the success and ubiquity of many open source projects, most software development teams now mix open source, from external sources, with internal code to speed time to market and reduce costs.

While open source software has enormous potential to be used in new projects rather than reinventing the wheel, it is not free of potential twists in the road and each project comes with associated license obligations that must be managed properly.

In a recent example, a Paris Court of Appeals decided that the company Edu4 violated the terms of the GNU General Public License (GPL) when it distributed binary copies of the remote desktop access software VNC but denied users access to its corresponding source code. This decision was a landmark ruling as the suit was filed by a user of the software, instead of a copyright holder.

Industry experts, Karen Copenhaver and Mark Radcliffe recently presented on the top 10 open source licenses. They were quick to point that even though “incompatibility issues” can pop up when using open source software, simply learning and being educated on the most common licenses, languages and best practices for dealing with those issues will produce a successful outcome.