How to Draft the Perfect Open Source Software Policy
Carry out an audit on Software used
Whether you think your organisation does not use Open Source Software (OSS) directly or indirectly if you are questioned by a potential third party regarding the security mechanism of your software tools you need to be able to show that you have carried out an audit of all your software tools which can be used to evidence your stance on OSS if pushed.
Nowadays, most organisations use OSS somehow whether it is embedded in an organisation’s own information technology (IT) infrastructure or used to provide products and/or services to customers. By carrying out an audit of your software tools you will be able to identify what OSS tools that you are relying on and their subsequent licensing terms and conditions. The list of OSS used should be recorded and can either be stored in a machine readable format or in human readable source codes. This also enables lawyers to know from the outset what OSS is being relied upon so that lawyers can investigate the legal terms and conditions of the relevant OSS before an OSS is implemented within an organisation thereby reducing the potential risks and costs associated with implementing a restrictive OSS i.e. restrictive OSS are OSS that contain covenants that will need to be met and reduces the commercial viability of using the OSS for example many restrictive OSS requires organisations that use it to pass on the source code to end users thereby removing the chance for an organisation to gain commercial advantage from it.
Another benefit of carrying out an audit is that it enables an organisations’ lawyers to be keep abreast of the organisations’ approach to OSS thereby ensuring that the organisation’s OSS is kept up to date and relevant to the practical matters.
Lawyers should be active in any such audit that takes place and the following questions are worth asking during the course of the audit in order to obtain accurate key information to be used in the organisations OSS policy.
- Who are the key internal representatives that determine OSS suitability from a technical perspective?
- What is the process in place for dealing with standard OSS tools?
- What is the process in place for dealing with non-standard OSS tools?
- What OSS in summary is deemed okay and what OSS are deemed to be not acceptable to the organisation?
- How can the organisation avoid OSS license infringement claims and lawsuits?
- How is the technical team trained regarding OSS issues for the organisations?
- Have there been any OSS license infringement claims and lawsuits against the organisation in the past? If so details should be obtained for records.
- What is the purpose of the OSS that is currently being used/or will be used within the organisation?
- What controls can be introduced to ensure that the IT infrastructure of the organisation does not include software components that violate licensing?…
To read more please access the following website at : http://lawjournals.co.uk/journals/procurement-outsourcing-journal