Open Source Software Policies and Procedures Needed
Companies that use open source software need policies in place and resources devoted to monitor and maintain compliance with licensing requirements. Efforts should be directed at controlling how and when modifications are made to the software and how it is distributed to third parties.
This excellent and informative article from PLI's All-Star Briefing explains that a "best practices" opens source software policy should cover the following topics:
"Defining "Open Source": As an introductory matter, an open source policy should define open source in terms that can be understood by employees...
Choosing a Source:...An open source policy should... specify the sources from which such software may be obtained... A company should also require that its programmers go through an approval process before they can use open source...
Review of License Terms...the Company's open source policy should require that each open source license be reviewed using the same processes and internal controls as the company uses for proprietary software licenses.
Guidelines for Modifications...An open source policy should...require that, before any modification can be made, those involved in the programming process consider: (a) whether modifications will even be allowed; (b) whether the open source will only be used internally (in which case the source code to the modifications will not have to be made public); and (c) if the open source is to be distributed to third parties, whether the company is comfortable releasing the source code for its modifications...
Guidelines for Distribution...Companies need to establish careful guidelines as to how open source can be included in programs distributed to third parties, and make sure that control mechanisms are in place governing such use...
Contributions to the Open Source Community...If a company elects to go this route, it must make sure that it has very stringent controls in place for determining what software is released...that any copy of the software that is so distributed is linked to an open source license governing the permitted use of the software...
Tracking the Use of Open Source: Once a company has decided how it will use open source, it should implement a system for approving, monitoring and tracking how the company is actually using open source..."