Having just completed the annual IBM Intellectual Property training, and while thinking more about the CodePlex Foundation, I saw the following Open World Forum conference track description:
“The growing use of Open Source and economics of outsourcing have made testing for intellectual property (IP) cleanliness and proper satisfaction of legal obligations an essential task for ensuring quality and market acceptability. Real or perceived IP issues can delay product cycles and derail entire projects or business transactions. “
Upon further digging, I realized that Protecode, a company I wrote about back in 2008, was playing a key role in this track.
It goes without say that enterprises using open source code within their software development process should have policies in place to protect the enterprise. Clearly there’s a risk of contaminating a custom enterprise application by misusing open source code. But in most cases, the enterprise can be safeguarded unless the derivative work needs to be distributed outside of the enterprise’s walls. With applications delivered over the web, very few enterprises find the need to distribute their internally developed software. However, whether the enterprise is distributing the derivative work or not, there’s also a risk of patent infringement.
That’s where Protecode comes in with its three pronged approach:
Enterprises can, and should, create policies for developers, on the enterprise’s payroll and contracted via consultants or off-shoring, to utilize open source code appropriately. But that can’t be the only line of defense. Enterprises must be able to retroactively and proactively ensure that code their developers are writing is free of intellectual property concerns. Being able to analyze existing software assets with a product such as Protecode’s Enterprise IP Analyzer is step one. But the real goal should be validating IP on the fly, with a product such as Protecode’s Developer IP Assistant. There’s also the interim step of testing IP ownership during builds with a product such as Protecode’s Build IP Analyzer.
I wonder what portion of enterprises have analyzed their existing software assets to validate that they are in fact the rightful IP owners to the entirety of their internally developed software. Or better yet, what portion of enterprises that analyzed their software assets were surprised with the results!
Follow me on twitter at: SavioRodrigues
PS: I should state: “The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.”
rand($thoughts); 
09.17.09 at 3:52 am
[…] Avoiding pitfalls when using open source code in enterprise software development « rand($… a few seconds ago from Twhirl […]
09.17.09 at 4:21 am
[…] Avoiding pitfalls when using open source code in enterprise software development « rand($… a few seconds ago from Twhirl […]
09.17.09 at 12:33 pm
Savio.
I think that you are crying “wolf”. There is minimal intellectual property risk (of copyright violations) to using open-source software for internally developed applications unless you plan to distribute the software (or derivative works), and if your company is rich enough to sue for penalties. A surprisingly small number of companies fit this bill, and most of them have their IP risks covered by their suppliers of open-source software, and by internal patent and copyright policies.
I think that you make a good point about 3rd party suppliers from low-cost centres, and that is a source of potential risk, but again, only to rich companies that distribute software. In an age of hosted web apps, this number is going down.
For internally developed and internally used software, patent risks are even harder to track. I understand that companies such as Black Duck Software and Protecode track copyright infringement, but it is impossible to build a tool to track patent infringement. The best that such tools can do is hope that the issuers of software licenses such as GPL v3, AGPL, Apache 2.0, and Sun CDDL knew which patents they were granting licenses to, and that there are no other patented inventions in the software.
09.18.09 at 12:11 pm
[…] post: Avoiding pitfalls when using open source code in enterprise … By admin | category: developer software | tags: assessor, custom-enterprise, developer, […]
09.19.12 at 8:55 am
[…] other things) detect the use of open source in various computer programs. In a posting on his own blog, Savio Rodrigues writes “clearly there’s a risk of contaminating a custom enterprise […]
02.28.14 at 1:44 am
Delightful! Keep writing. :-D