Induction day

www.triplecheck.net

About this session

2

Morning 09:30 to 10:30 Open source context 10:40 to 11:40 Discovering licenses 11:50 to 12:30 Licensing practices

Afternoon 13:30 to 14:30 How to TripleCheck? 14:40 to 15:40 Code analysis 15:50 to 16:50 Interpreting results

Material/skills needed?

3

What is needed Paper, pencil to take notes Laptop with Internet for exercises

Optional USB flashdrive to share files (email as alternative) Git installed (and minimal know-how)

Found a typo during presentation? Something to improve?

Email with feedback is welcome. nuno.brito@triplecheck.de

Part 1: Context

4

- Today, software is built with 78% as third-party code

- 64% companies contribute code to public

- Only 16% companies inspect third-party licenses

“Today you can’t build a product without using open source software”

Samsung, May 2014

Everyday, code is copied

5

Legal issues scale to court

6

Court cases are on the news every couple of months, sometimes to contest the license terms (release private code as public)

Often, agreements are made between opposing parties before court decision is made. Indemnization terms and costs are not made public.

<- April 2015, Germany

License compliance life-cycle

7

Zip file for end-users

Your source code

List 3rd party components

Solve component conflicts

Find non-original code snippets

Solve non original code snippets

Prepare zip file for distribution

Collect 3rd party code

Create documentation

Technical due diligence

8

● Applicable licenses?

● Originality? (IP assets)

● Licensing quality?

Want to read the rest?

9

This was a demonstration. Get in contact, we'll be happy to provide more details and tailor this kind of presentation specifically for your company.

Thanks!