Managing the use of Open-source software (OSS) for any software development company might be a challenging task. However, software development companies can set boundaries on OSS usage through a comprehensive IP Policy. The IP policy for an organization can define guidelines and compliance procedures for inclusion of OSS in any deliverable. The policy and procedures could be applied whenever employees, independent contractors, and/or vendors incorporate OSS into the company’ products that are or may be distributed externally. Development companies can set it as the responsibility of the manager retaining independent contractors to ensure the independent contractors are aware of, and follow, the OSS and IP policy. Policy and procedural steps would also apply whenever a company employee contributes to a work-related OSS project or whenever company contemplates contribution of code to a FOSS project. The compliance process can include identification of all OSS contained in the company’s deliverable, review (including architectural dependency analysis, provenance analysis for identified FOSS, license identification and analysis, analysis of potential impact to intellectual property rights, etc.), approval decision, identification and satisfaction of obligations to be satisfied.
Since the IP policy would apply to packaged software licensed by vendors as well as contracted development of custom software, any developer that delivers software to your company must disclose any OSS contained in its deliverable, including a list of all OSS components, including their version numbers, all applicable licenses (not only the main license but each applicable license), material for product documentation (including but not limited to license texts, copyright notices, acknowledgments and attributions), source code for the OSS (when applicable), including any modifications made by the developer, dependency charts illustrating the dependencies, interfaces, and interactions between the OSS components and any other product components.
For learning more about IP policy and managing the use of Open-source software (OSS) in your organization, please connect with us at firstname.lastname@example.org