SBN

What to Consider When Crafting Your OSS Policy

Free and open source software (OSS) continues to dominate the software development landscape, with an astounding 1.5 trillion component downloads in 2020. With this growth, organizations are finding it more important than ever to make sure that they have documented policies in place to govern their use, distribution, and contribution of OSS.

This post offers an introduction to the topic and discusses some motivations for developing an OSS policy (open source policy) for your organization. It also describes best practices that companies should follow when implementing their own OSS policies.

What is an OSS policy and why should I have one?

An OSS policy is a document developed and maintained by a company to govern how and when employees should use or contribute open source components. It sets out requirements that must be followed when:

  • Incorporating OSS code into software developed by the organization

  • Distributing and otherwise making code available to third parties

  • Contributing code to OSS projects

Effective OSS policies are crafted collaboratively with all stakeholders, and will help ensure compliance with your software license obligations. Poor OSS hygiene can result, among other things, in the loss of proprietary rights.

What are my license obligations?

Despite being “free” and “open,” OSS is subject to license terms with which your organization must comply. A single set of principles for internal developers helps ensure that your company does not inadvertently violate the terms of open licenses. These violations risk giving up exclusive rights to proprietary Intellectual Property (IP) and create exposure to infringement claims.

Your OSS policy can make sure that you are keeping track of your attributions and create a structured process to resolve issues.

Other Business Considerations

Beyond compliance with license terms, there are several reasons to implement an OSS policy:

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Filipp Kofman. Read the original post at: https://blog.sonatype.com/what-to-consider-when-crafting-your-oss-policy