Legal compliance and open source software
By Sorin Cohn-Sfetcu and Kamal Hassin, Protecode
Embedded.com (12/21/09, 02:28:00 PM EST)
In the age of open source and large scale outsourcing, both assuring the quality of software and taking it to market means ascertaining its legal compliance as well. Numerous legal cases in recent years have highlighted the business risks and the enormous costs incurred when this is not done properly.
These costs stem from involvement in judicial procedures, software recalls, fixing legal compliance issues post-release, and missed market opportunities caused by delays in the development process. Other consequences include lowered valuations in due diligence processes triggered by customers, potential or existing investors, mergers and acquisitions, and other major transactions.
Software is a pervasive element in most products and processes, and over time, its sources have multiplied. Sources include internal developments, suppliers of sub-systems and chips, outsourced development contractors, open source repositories and the previous work of the developers themselves. Software, unlike hardware, is easily accessed, replicated, copied and re-used.
Open source software has become a significant player in most software development, thanks to the wide availability of source code, its apparent free cost and its high degree of stability and security.
Open source code is generally free on the surface, but it's not without obligations. It comes laden with licensing and copyright conditions which are enforceable by law " sometimes with dire effects for users who are not careful to validate the pedigree of the code in their products; i.e. the origin and any associated obligations of all software components.
This doesn't mean that leveraging outsourcing and/or open source software is to be avoided. The issue is not with the use of open source, but with unmanaged adoption and lack of proper care to the copyright and licensing obligations it entails.
It's paramount that industrial managers validate the IP cleanliness of their products and services and ascertain that they meet all legal obligations before they reach the market.
E-mail This Article | Printer-Friendly Page |
Related Articles
- Using static analysis to detect coding errors in open source security-critical server applications
- Developing Silicon IP with Open Source Tools
- Making source code analysis part of the software development process
- A nuts and bolts engineering approach to using open source IP
- Open source in consumer electronics: What, why and how
New Articles
- Quantum Readiness Considerations for Suppliers and Manufacturers
- A Rad Hard ASIC Design Approach: Triple Modular Redundancy (TMR)
- Early Interactive Short Isolation for Faster SoC Verification
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
- Advanced Packaging and Chiplets Can Be for Everyone
Most Popular
- System Verilog Assertions Simplified
- System Verilog Macro: A Powerful Feature for Design Verification Projects
- UPF Constraint coding for SoC - A Case Study
- Dynamic Memory Allocation and Fragmentation in C and C++
- Enhancing VLSI Design Efficiency: Tackling Congestion and Shorts with Practical Approaches and PnR Tool (ICC2)