




	Compliance Best Practices
	Step One
	Step Two
	Step Three


	See Other IP Ingredients on the Internet
	Form to publish IP Ingredients URL
	IP Compliance Blog

Create Your Own Ingredients

Open source is being widely used for system software and application development, often without much internal visibility. Who in an organization keeps track of open source selection, modification and implementation? Without governance, organizations put themselves at risk of unintended violation of open source licenses and inadvertent loss of their own intellectual property rights. Open source alone or combined with proprietary software, introduces new risks and management challenges. Yet many organizations lack the policies, procedures, and trained personnel to minimize the business and legal risks of using open source.

Software components offered by proprietary vendors are typically presented as neat and symmetrical stacks with no functional gaps and limited legal risks. By comparison, organizations that wish to take advantage of open source software face a new reality. With tens of thousands of open source components available, there are infinite combinations, differing licenses, and varying levels of compatibility and coverage. Open source stacks used by organizations therefore tend to evolve much differently.

In the past, organizations could rely on proprietary vendors to shoulder the support and legal risks associated with their software. For instance with proprietary software, legal risk is mitigated by contractual indemnification backed by the assets of the vendor. By comparison, with open source components, the software is provided "as-is" and not necessarily associated with an organization or even a person. When it comes to pointing the finger, users of open source and their legal counsel encounter an empty chair. Therefore, the burden of mitigating functional and legal risk shifts entirely from the supplier to the open source user. Just as they have learned to manage their use of proprietary software components, organizations need to educate their developers, and sensibly govern the use of open source components.

According to a 2005 Forrester report, cost management was the most important management metric for application development. No wonder the large interest in royalty-free open source. Other strong points of open source include faster innovation and use of improvements. The key question is how design organizational policies and procedures that facilitate, not inhibit, these open source strengths.