Risk Analysis and Compliance Requirements for Open Source Licenses

Information helps development managers understand legal risks, and more comfortably comply with open source license requirements.

WhiteSource, the leading provider of SaaS Open Source Lifecycle Management solutions, published today on its open website information and analysis for some of the most frequently used open source licenses. The information was collected and enhanced by WhiteSource legal experts and until now was only available to customers as part of the review and approval processes implemented in the service.

“While open source software is open, there are often strings attached. Development managers regularly need to decide which open source licenses to use and what they need to do to legally comply with their conditions. Our goal was to help them, and create a succinct set of attributes that characterize different open source licenses. This same categorization can be used by our customers in their automated open source admittance policies, and by us to alert them to potential risk.” said WhiteSource CEO Rami Sass.

WhiteSource categorizes each open source license risk according to 7 main criteria: Copyright risk, Patent risk, Royalty requirements, Copyleft, Type of linking allowed, and whether or not they comply with OSI’s Open Source Definition. In addition, WhiteSource provides the full information about the license: Source, URL, and the license text. Finally, where relevant, WhiteSource summarizes the notices required to comply. For the convenience of its customers, WhiteSource also provides risk scores that we have computed based on all of the above.

“Understanding licenses risks is key for managing open source.” Sass adds. “One must also ensure to evaluate not only the open source libraries used by the project but also all of their dependencies. This is often a difficult task, as the number of dependencies can be very large. WhiteSource provides all this information immediately and automatically, saving much time, and reducing errors. In addition, WhiteSource learns about new components as soon as they are added by developers, through its integration with developing tools such as Apache Maven and Ant, Jenkins, JetBrains TeamCity, Red Hat OpenShift, and JFrog Artifactory.”

WhiteSource provides a comprehensive, yet simple to use, and very affordable solution for companies that need to manage their open source assets and ensure license compliance and control. With WhiteSource, software developers can avoid common pitfalls such as lawsuits, penalties, and lost business. Developers and managers use WhiteSource cloud-based SaaS solution to track, audit and report on open source components throughout the software development lifecycle.

WhiteSource is a cloud-based software-as-a-service solution for managing open source licenses. WhiteSource offers a free package that includes all basic open source license management and control functions. The company also offers a paid Premium subscription and Enterprise package.