Risk Analysis and Compliance Requirements for Open Source Licenses

Information helps development managers understand legal risks, and more comfortably comply with open source license requirements.

WhiteSource, the leading provider of SaaS Open Source Lifecycle Management solutions, published today on its open website information and analysis for some of the most frequently used open source licenses. The information was collected and enhanced by WhiteSource legal experts and until now was only available to customers as part of the review and approval processes implemented in the service.

“While open source software is open, there are often strings attached. Development managers regularly need to decide which open source licenses to use and what they need to do to legally comply with their conditions. Our goal was to help them, and create a succinct set of attributes that characterize different open source licenses. This same categorization can be used by our customers in their automated open source admittance policies, and by us to alert them to potential risk.” said WhiteSource CEO Rami Sass.

WhiteSource categorizes each open source license risk according to 7 main criteria: Copyright risk, Patent risk, Royalty requirements, Copyleft, Type of linking allowed, and whether or not they comply with OSI’s Open Source Definition. In addition, WhiteSource provides the full information about the license: Source, URL, and the license text. Finally, where relevant, WhiteSource summarizes the notices required to comply. For the convenience of its customers, WhiteSource also provides risk scores that we have computed based on all of the above.

“Understanding licenses risks is key for managing open source.” Sass adds. “One must also ensure to evaluate not only the open source libraries used by the project but also all of their dependencies. This is often a difficult task, as the number of dependencies can be very large. WhiteSource provides all this information immediately and automatically, saving much time, and reducing errors. In addition, WhiteSource learns about new components as soon as they are added by developers, through its integration with developing tools such as Apache Maven and Ant, Jenkins, JetBrains TeamCity, Red Hat OpenShift, and JFrog Artifactory.”

WhiteSource provides a comprehensive, yet simple to use, and very affordable solution for companies that need to manage their open source assets and ensure license compliance and control. With WhiteSource, software developers can avoid common pitfalls such as lawsuits, penalties, and lost business. Developers and managers use WhiteSource cloud-based SaaS solution to track, audit and report on open source components throughout the software development lifecycle.

WhiteSource is a cloud-based software-as-a-service solution for managing open source licenses. WhiteSource offers a free package that includes all basic open source license management and control functions. The company also offers a paid Premium subscription and Enterprise package. For more information, please visit mend.io.

About WhiteSource

WhiteSource is the leading provider of SaaS solutions for Open Source Lifecycle Management that is comprehensive, yet easy to use, and very affordable. Our solutions enable companies of all sizes to fully realize the advantages of open source software while mitigating the legal, business and technical risks. The WhiteSource solution features a dynamic repository of information about Open Source modules and their licenses that keep users informed about the latest legal and technical issues. Our patent pending process automation technology makes it easy to implement the best practices for open source usage and to make the right decisions for the organization. Founded in 2011 by experts in business process automation, compliance, and security, WhiteSource is a privately held company with offices in New York and Tel Aviv. For more information, visit WhiteSource – Open Source License  https://mend.io/