Who’s Involved in Open-Source Compliance?

Several departments are involved in ensuring open-source compliance. Here’s a generic breakdown of the different departments and their roles in achieving open-source compliance:

• Legal: advises on licensing conflicts, participates in OSRB reviews, and reviews and approves content of the opensource external portal.

• Engineering and product team: submits OSRB requests to use open-source software, participates in the OSRB reviews, responds promptly to questions asked by the compliance team, maintains a change log for all open-source software that will be made publicly available, prepares source code packages for distribution on the company’s open-source public portal, integrates auditing and compliance as part of the software development process checkpoints, and takes available open-source training.

• OSRB team: drives and coordinates all open-source activities, including driving the open-source compliance process; performs due diligence on suppliers’ use of open source; performs code inspections to ensure inclusion of open-source copyright notices, change logs and the like in source code comments; performs design reviews with the engineering team; compiles a list of obligations for all open-source software used in the product and passes it to appropriate departments for fulfillment; verifies fulfillment of obligations; offers open-source training to engineers; creates content for the internal and external open-source portals; and handles compliance inquiries.

• Documentation team: produces open-source license file and notices that will be placed in the product.

• Supply chain: mandates third-party software providers to disclose open-source software used in what is being delivered.

• IT: supports and maintains compliance infrastructure, including servers, tools, mailing lists and portals; and develops tools that help with compliance activities, such as linkage analysis.

Source of Information : Linux Journal 185 September 2009