Avoiding pitfalls when using open source code in enterprise software development

Enterprise policies must be paired with automated analysis of existing and in-progress software code to validate IP ownership of internally developed software

Having just completed the annual IBM Intellectual Property training and while thinking more about the CodePlex Foundation, I saw the following Open World Forum conference track description:

The growing use of Open Source and economics of outsourcing have made testing for intellectual property (IP) cleanliness and proper satisfaction of legal obligations an essential task for ensuring quality and market acceptability. Real or perceived IP issues can delay product cycles and derail entire projects or business transactions.

Upon further digging, I realized that Protecode, a company I wrote about back in 2008, was playing a key role in this area.

[ Enterprises must also worry about what to do when developers take code snippets with them. | Stay up to speed with the open source community via InfoWorld's Technology: Open Source newsletter. ]

It goes without say that enterprises using open source code within their software development process should have policies in place to protect the enterprise. Clearly, there's a risk of contaminating a custom enterprise application by misusing open source code. But in most cases, the enterprise can be safeguarded unless the derivative work needs to be distributed outside of the enterprise's walls. With applications delivered over the Web, very few enterprises find the need to distribute their internally developed software. However, whether the enterprise is distributing the derivative work or not, there's also a risk of patent infringement.

That's where Protecode comes in with its three-pronged approach:

3927353715_d3df21317d_m.jpg
Enterprises can and should create policies for developers -- whether on the enterprise's payroll, contracted via consultants, or offshoring -- to utilize open source code appropriately. But that can't be the only line of defense. Enterprises must be able to retroactively and proactively ensure that code their developers are writing is free of intellectual property concerns. Being able to analyze existing software assets with a product such as Protecode's Enterprise IP Analyzer is step one. But the real goal should be validating IP on the fly, with a product such as Protecode's Developer IP Assistant. There's also the interim step of testing IP ownership during builds with a product such as Protecode's Build IP Analyzer.

I wonder what portion of enterprises have analyzed their existing software assets to validate that they are in fact the rightful IP owners to the entirety of their internally developed software -- or better yet, what portion of enterprises that analyzed their software assets were surprised with the results!

Follow me on Twitter: SavioRodrigues.

p.s.: I should state: "The postings on this site are my own and don't necessarily represent IBM's positions, strategies, or opinions."

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies