Who’s Involved in Open-Source Compliance?

Several departments are involved in ensuring open-source compliance. Here’s a generic breakdown of the different departments and their roles in achieving open-source compliance:

• Legal: advises on licensing conflicts, participates in OSRB reviews, and reviews and approves content of the opensource external portal.

• Engineering and product team: submits OSRB requests to use open-source software, participates in the OSRB reviews, responds promptly to questions asked by the compliance team, maintains a change log for all open-source software that will be made publicly available, prepares source code packages for distribution on the company’s open-source public portal, integrates auditing and compliance as part of the software development process checkpoints, and takes available open-source training.

• OSRB team: drives and coordinates all open-source activities, including driving the open-source compliance process; performs due diligence on suppliers’ use of open source; performs code inspections to ensure inclusion of open-source copyright notices, change logs and the like in source code comments; performs design reviews with the engineering team; compiles a list of obligations for all open-source software used in the product and passes it to appropriate departments for fulfillment; verifies fulfillment of obligations; offers open-source training to engineers; creates content for the internal and external open-source portals; and handles compliance inquiries.

• Documentation team: produces open-source license file and notices that will be placed in the product.

• Supply chain: mandates third-party software providers to disclose open-source software used in what is being delivered.

• IT: supports and maintains compliance infrastructure, including servers, tools, mailing lists and portals; and develops tools that help with compliance activities, such as linkage analysis.

Source of Information : Linux Journal 185 September 2009

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...