Posted on

Open Source License Compliance–Why and How? (Hendrik Schoettle, IEEE Computer Column)

I’m happy to report that the third article in the new Open Source Expanded column of IEEE Computer was published.

TitleOpen Source License Compliance–Why and How?
KeywordsOpen Source Software, Licenses, Software Packages
AuthorsHendrik Schoettle, Osborne Clarke, Munich, Germany
PublicationIEEE Computer, August 2019, pp. 63-67, vol. 52

Abstract: Compliance with open source software (OSS) license requirements is necessary but often overlooked. This article explains how OSS license compliance differs from compliance with commercial software licenses, why it is necessary even though OSS is generally free, and what requirements have to be met with OSS.

As always, the article is freely available (local copy).

Posted on

The Perfect Professor for University Startups

A professor, so my belief, can play an important role in generating startups from University research. Most professors don’t, but some do, and I wanted to summarize my experiences as to what would be the perfect combination in one person.

Situation

There are three ingredients to get a university startup set-up and off the ground: (1) team, (2) idea, and (3) seed funding. Team, as anyone in startup-land knows, is by far the most important ingredient, as the others ultimately follow from it.

Continue reading “The Perfect Professor for University Startups”
Posted on

Triple-Licensing Single-Vendor Open Source Components (Illustrated)

I thought I’d illustrate how I’d solve the current licensing conundrum of single-vendor open source firms like MongoDB and Elastic using some graphics. In short: While open source application vendors can still dual-license, open source component vendors (like the companies just mentioned) need to triple-license to get the benefits of open source yet keep their competitors at bay.

Continue reading “Triple-Licensing Single-Vendor Open Source Components (Illustrated)”
Posted on

On the Danger of Using Email Addresses as Identifying Information (Humor)

On a lighter note, someone with a similar name to mine just used one of my email addresses to register for the Lexus Remote app. Judging by the email I got, using this email address that I own, I can register for the app and presumably do something about the car behind it. Does Lexus already offer a “summon” feature? Seems like the car is based in the U.S. so it would be good if it was amphibious.

Posted on

Open Source License Compliance in Software Supply Chains

Abstract: Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.

Keywords: Open source licenses, open source license compliance, software supply chain, product model

Reference: Riehle, D., & Harutyunyan, N. (2019). Open-Source License Compliance in Software Supply Chains. In Fitzgerald B., Mockus A., Zhou M. (eds) Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, Singapore, pp. 83-95.

A preprint of the paper is available as a PDF file and as a web page. Alternatively, you can pay Springer for the final version.

Posted on

Do You Need a Macbook to Learn to Code? (Coding vs. Systems Building)

Someone on Twitter asked this question and people loved to weigh in. Most answered: “No, just get an old $200 laptop.” While not wrong, this answer misses the point. Coding, here, apparently means reading and writing code. For that, indeed, any cheap computer will do. However, being able to read and write code does not mean you will be able to build and ship systems, which is what customers pay for.

Continue reading “Do You Need a Macbook to Learn to Code? (Coding vs. Systems Building)”
Posted on

Why Software Engineering is Not Like Assembly Line Work

The other day I ran into one of the oldest software engineering tropes in the book: That software engineering should be more like work in a factory, and that developers are best equated to assembly line workers who put together a software product by assembling components to a specification. I wasn’t sure whether I should be amused or irritated. In any case, this nonsensical idea has long been debunked by Peter Naur, before it even took roots in later work by others. In Naur’s words, programming is (best viewed as) theory building, and this gets to the heart of the matter.

Continue reading “Why Software Engineering is Not Like Assembly Line Work”
Posted on

Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)

Abstract: Commercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and other risks. To mitigate these risks, companies must govern their use of open source through appropriate processes. This paper presents an initial theory of industry best practices on getting started with open source governance and compliance, focusing on private companies. Through a qualitative survey, we conducted and analyzed 15 expert interviews in companies with advanced capabilities in open source governance. We also studied practitioner reports on existing practices for introducing FLOSS governance processes. We cast our resulting initial theory in the actionable format of best practice patterns that, when combined, form a practical handbook of getting started with FLOSS governance in private companies.

Continue reading “Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)”
Posted on

Solving the Commercial Open Source Licensing Dilemma With Triple-Licensing

As you may have noticed, the move away from approved open source licenses to commercial almost-like-open-source licenses by single-vendor-owned open source projects has created a lot of bad press for the vendors behind such software. I don’t really understand this, because for all that I can tell, a triple-licensing rather than just a dual-licensing approach could have solved their problems. Let me explain.

Continue reading “Solving the Commercial Open Source Licensing Dilemma With Triple-Licensing”