Klokstraat 14, 2600 Antwerpen, Belgium

hello@leadoutsolutions.com

Last week, Leadout co-hosted a highly informative webinar on LinkedIn, focusing on the integration of open-source software (OSS) license management within Software Asset Management (SAM) teams. This event aimed to raise awareness of the risks associated with open-source licenses and share practical strategies for gaining control over OSS usage. Walter Mauricci, Head of Software Asset Management at Folksam, provided valuable insights into how his organization is navigating this initiative with the support of Leadout.

The Growing Importance of OSS License Management

Open-source software has become an integral part of the technology landscape, often chosen as a cost-effective alternative to proprietary solutions. Developers are increasingly embracing OSS, but they may not always be fully aware of the associated license obligations. This lack of awareness can lead to significant compliance risks if organizations fail to manage these licenses effectively.

In a mature SAM organization, integrating OSS license management is essential for ensuring compliance, mitigating risks, and enhancing overall governance. By adopting best practices in license management, SAM teams can support development efforts while safeguarding the organization from potential legal pitfalls.

Key Insights from the Webinar

Open Source Software Recap

The webinar began with an overview of open-source software, emphasizing that OSS is characterized by source code that is freely available for inspection, modification, and enhancement by anyone. However, OSS is governed by various license agreements, which can impose obligations that organizations must carefully navigate.

Identifying Challenges and Drivers

The presenters outlined several challenges organizations face in managing OSS licenses, including:

  • Lack of Visibility: Many organizations struggle to identify how many and which open-source licenses they are using, leading to uncertainty about compliance obligations.
  • Risk Awareness: There is often no clear understanding of the risks associated with the open-source components utilized by developers.
  • Centralized Repository: Organizations may lack a centralized inventory of developed applications, making it difficult to track OSS usage and compliance.

In addressing these challenges, the speakers highlighted key drivers for SAM teams, including compliance with regulations, risk management, and the increasing demand for guidance from development teams.

A Practical Approach to OSS License Management

The presenters proposed a structured approach to onboarding OSS license management within SAM teams, broken down into four key stages:

  1. Assess: Understand potential risks and create an open-source licensing risk assessment report.
  2. Design: Develop a future-proof operating model that outlines an OSS license usage policy.
  3. Build: Implement and configure the OSS license usage policy and program.
  4. Operate: Manage the OSS governance process, review policies regularly, and adapt to changes in the open-source landscape.

Results and Insights

The webinar highlighted several promising results from Folksam’s OSS license management efforts:

  • An analysis of 18 targeted applications revealed 1,175 components, with 609 unique components.
  • No strong copyleft licenses were found in network-accessible applications, although several ‘unknown’ licenses were identified.
  • The majority of OSS licenses in use were found to be permissive (e.g., Apache and BSD-like licenses).

Next Steps and Recommendations

The speakers emphasized the importance of ongoing collaboration and risk mitigation in OSS license management. Key recommendations included:

  • Configuring Compliance Checks: Ensure that scanning tools are aligned with the OSS license policy to facilitate ongoing compliance.
  • Regular Reviews: Implement a periodic inventory of licenses in use and update the approved license table to reflect new developments.
  • Communication Campaigns: Educate the organization about the importance of OSS license compliance to foster a culture of awareness.

Conclusion

The insights shared during the webinar provide a roadmap for SAM teams looking to embrace open-source software license management. As organizations continue to leverage OSS, it is crucial to establish robust governance frameworks that protect against compliance risks while enabling innovation.

We extend our gratitude to Walter Mauricci for sharing Folksam’s journey in this initiative and to Leadout for facilitating such an enlightening discussion. For those interested in learning more about OSS license management, we invite you to watch the full webinar on our LinkedIn page.

Share this message: