Open Communication. Understand the Issues. Mitigate Risks.

As an attorney, you need to provide comprehensive and accurate analysis — fast. When it comes to software licensing issues for open source and third party software, cutting through the complexity of license versions and incompatible obligations is difficult at best. Communication bottlenecks between lawyers and engineers add to the risks.

How can legal counsel help software engineering manage mixed-origin code without slowing them down?

• Promote Code Reuse Policies. Increasingly, cutting-edge companies that assemble mixed-origin software are adopting code reuse approval processes. Over time, a library of approved, reusable code that has already been vetted by legal and technical teams is built, removing the guess work from both software development and licensing reviews. One successful method is to capture policies that reflect organizational goals along with software and legal guidance in an automated, rule-based system. Such approaches tend to appeal to engineers, who appreciate technology-enabled solutions.

• Mitigate Risks. The growing use of open source code components, which are governed by diverse and often incompatible licenses, introduces legal risks. Such licenses govern the distribution of those components and any modifications made to them. Searching for licenses and comparing their terms by hand is unduly time consuming and error prone. Similarly, relying on memory, manual records, and honor systems to disclose code origins works poorly. Increasingly, companies identify, mitigate, and avoid such risks by using automated solutions.

• Share Information. By instituting clear policies and providing systems that facilitate information exchange, interdepartmental communication barriers can be overcome. By establishing a transparent code approval process with multiple criteria and accurate, up-to-date licensing information, developers get a set of rules they can use and each department understands what is needed.

Use the logical solution. Participate in establishing a software governance platform that facilitates the creation, use, management, and licensing of component-based software development.

Black Duck Software provides products and services that help organizations manage rapidly changing software capabilities and legal parameters. As a company-wide solution, automated code component reuse and license management lowers costs, increases accuracy and efficiency, and mitigates risks. The same system can validate outsourced and offshore software. Preparing due diligence for an M&A or IPO event? Ask about Black Duck’s hosted, short-term assessment support and professional services. Black Duck can also help you prepare for export compliance by identifying encryption codes and providing the technical data for required filings. These are perfect opportunities to demonstrate what is possible when you Know Your Code.

How can you find out more information?

• Read the whitepaper, A Breakthrough in Software Supply Chain Communications, which explains how using a standard format, everyone in the supply chain from engineering to legal, can now speak the same language as regards the contents of your software. Negotiations will be easier and issues can be resolved between technical and non technical decision makers, paving the way for faster time to market.

• View Know Your Code: Due Diligence Preparedness, an online presentation which covers how to be prepared for any Due Diligence event, including what to expect in a software asset Due Diligence process, how to manage your code review and what you need to do to make Due Diligence work for you.