Abstract
Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with [14, 20, 25]. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products [7, 21]. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products [4, 15, 19]. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This article is a follow-up to the NII Shonan Meeting on “Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability” where the first author was tasked with summarizing research questions in the domain of open-source license clearance and software supply chain management.
- 2.
Free Software Foundation, What Is Copyleft? at https://www.gnu.org/licenses/copyleft.en.html.
References
B.W. Carver, Share and share alike: understanding and enforcing open source and free software licenses. Berkeley Technol. Law J. 443–481 (2005)
B. Fitzgerald, The transformation of open source software. MIS Q. 587–598 (2006)
Free Software Foundation (2007). GNU General Public License: Version 3, 2007, at http://www.gnu.org/licenses/gpl.html
D. German, M. Di Penta, A method for open source license compliance of java applications. IEEE Softw. 29(3), 58–63 (2012)
D.M. German, A.E. Hassan, License integration patterns: addressing license mismatches in component-based development. in Proceedings of the 31st International Conference on Software Engineering. IEEE Computer Society (2009), pp. 188–198
GitHub (2017). Open source guides at https://opensource.guide/
I. Haddad, Open Source Compliance in the Enterprise (The Linux Foundation, San Francisco, 2016)
M. Helmreich, D. Riehle, Geschäftsrisiken und Governance von Open-Source in Softwareprodukten, in Praxis der Wirtschaftsinformatik (HMD 283), 49. Jahrgang (2012), pp. 17–25
A. Hemel, S. Coughlan, Practical GPL Compliance (Linux Foundation, San Francisco, 2017), pp. 43–47
J. Henkel, Open source software from commercial firms–tools, complements, and collective invention. Z. Für Betr.Swirtschaft 4, 1–23 (2004)
Hewlett-Packard Development Company L.P. (2007). Best practices in open source governance. White paper
C. Jensen, W. Scacchi, Governance in open source software development projects: a comparative multi-level analysis. Open Source Software: New Horizons (2010) pp. 130–142
D.M. Kennedy, A primer on open source licensing legal issues: copyright, copyleft and copyfuture. Louis Univ. Public Law Rev. 20, 345 (2001)
A.M.S. Laurent, Understanding Open Source and Free Software Licensing: Guide to Navigating Licensing Issues in Existing & New Software. (O’Reilly Media Inc, Sebastopol, 2004)
C. Link, Patterns for the commercial use of open source: legal and licensing aspects, in Proceedings of the 15th European Conference on Pattern Languages of Programs, ACM, (2010), p. 7
Linux Foundation (2017). The open chain project at https://www.openchainproject.org/
R.J. Mann, The commercialization of open source software: do property rights still matter?. The University of Texas School of Law. Law and Economics Research Paper No. 58 (2005)
D. McGowan, Legal implications of open-source software. U. Ill. L. Rev. 241 (2001)
H.J. Meeker, Open (Source) for Business: A Practical Guide to Open Source Software Licensing, 2nd ed. (CreateSpace Independent Publishing Platform, Scotts Valley, 2017)
H.J. Meeker, The open source alternative: understanding risks and leveraging opportunities. (Wiley, New York, 2008)
C.H. Nadan, Open source licensing: virus or virtue. Tex. Intellect. Prop. Law J. 10, 349 (2001)
H.E. Pearson, Open source licenses: Open source—the death of proprietary systems?. Comput. Law Secur. Rev. 16(3), 151–156 (2000)
D. Riehle, The commercial open source business model. Value Creation in E-Business Management (2009), pp. 18–30
D. Riehle, The economic motivation of open source software: stakeholder perspectives. Computer 40(4) (2007)
C. Ruffin, C. Ebert, Using open source software in product development: a primer. IEEE Softw. 21(1), 82–86 (2004)
H. Schöttle, U. Steger, Managing open source software in the corporate environment. Comput. Law Rev. Int. 16(1), 1–7 (2015)
K. Stewart, P. Odence, E. Rockett, Software package data exchange (SPDX) specification. Int. Free. Open Source Softw. Law Rev. 2(2), 191–196 (2011)
S. Zhu, Patent rights under FOSS licensing schemes. Shidler J. Law Commer. Technol. 4, 4–13 (2007)
Acknowledgements
We would like to thank our colleagues Daniel German and Matti Rossi for the discussions and collaboration at the 2017 workshop on FLOSS ecosystems at Shonan Village, Japan. We also would like to thank Maximilian Capraro, Shane Coughlan, Michael Dorner, Monika Schnizer, and Axel Teichert for their feedback on this article.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Riehle, D., Harutyunyan, N. (2019). Open-Source License Compliance in Software Supply Chains. In: Fitzgerald, B., Mockus, A., Zhou, M. (eds) Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, Singapore. https://doi.org/10.1007/978-981-13-7099-1_5
Download citation
DOI: https://doi.org/10.1007/978-981-13-7099-1_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-7098-4
Online ISBN: 978-981-13-7099-1
eBook Packages: Computer ScienceComputer Science (R0)