Having One Single Standard for Open Source Licensing Compliance is Crucial

0
41
compliance

The OpenChain Project makes open source licence compliance simpler and more consistent, thus enhancing trust in the open source software used to build solutions. Mishi Choudhary & Associates (MCA) is the India law firm partner of the OpenChain Project and organiser of the ‘MCA OpenChain India Working Group Meetup’, which was held virtually earlier this year. Speakers at this event were Keith Bergelt, CEO of Open Invention Network; Shane Coughlan, general manager at OpenChain Project; Mishi Choudhary, founder and managing partner, MCA; and Ramakrishna Yekulla, senior specialist solution architect with Global Partners and Alliances at Red Hat. This article touches upon what each speaker said at this meet.

Shane Coughlan, general manager at the OpenChain Project, is an expert in communications, security and business development. In his address at the virtually held ‘MCA OpenChain India Working Group Meetup’, he said, “At OpenChain, we have an international standard for open source licensing compliance. Having one single standard changes the entire field of copyright in open source. All of the uncertainty that we previously had while managing these licences is now gone. In 2021, our mission is to make sure that the standard goes deep into the supply chain and that it’s used for sales, advertising, procurement, and so on.

“We spent years to develop and refine this standard. User companies collaborated over a considerable period, putting in thousands of hours to develop the standard precisely to ensure that not only do we meet the licence requirements effectively, but can also increase efficiency. Because it is efficient and simple, OpenChain allows us to dramatically reduce resource costs in open source licence compliance. We have a very simple process of going through a supply chain to identify where a mistake or failing may have happened.

“OpenChain as a standard has great potential. During the long time we took to build this standard, we have explicitly and consciously built resources to support companies in adoption. We have over 1000 documents including checklists, templates, and guides. These are reference documents created by user companies to help others. We have an online and downloadable self-certification questionnaire to help companies adopt the standard on their own terms and at their own pace. We have built a global network of partners, including MCA, to support companies who are adopting OpenChain or refining their process. We have local workgroups in many jurisdictions including China, Japan, Korea, Taiwan, India, UK, and USA.

Shane Coughlan, general manager at OpenChain Project
Shane Coughlan, general manager at OpenChain Project

“In India, we have such an interesting and vibrant ecosystem. We have innovative Indian companies making products and solutions. We have a tremendous outsourced technology industry as well. For the Indian market, we are in the early days. We do have partner companies such as the MCA. But we have such a big market space in India with thousands of companies. India might be the pivotal area for us. If we can work with the large system integrators and outsourcing companies, I think we might be able to accelerate the adoption of this standard. In doing so, it will dramatically reduce costs as well as risks. When it comes to key geographies, we are looking at India, China and virgin markets like Brazil,” said Coughlan.

Lawyers are working behind the scenes, while technologists are working with them

In his presentation at the same event, Keith Bergelt, CEO of Open Invention Network, said, “Right now, lawyers are working behind the scenes, and technologists are working with them. We are establishing a set of norms, and a code of conduct for copyrights as well as for patents.”

 Keith Bergelt, CEO of Open Invention Network
Keith Bergelt, CEO of Open Invention Network

He added, “Entities like OpenChain Project and OIN (Open Invention Network) are facilitating participation from some of the smallest to the largest companies in the world so that we can all take advantage of each other’s ideas, and create a sense of novelty that otherwise would be unattainable.”

Everybody cares about the abuse of IP rights

Speaking at the meetup, Mishi Choudhary, founder and managing partner of MCA, added, “When it comes to defending the rights of Linux and open source software, people generally don’t think about sectors like banks. That has changed. Very recently, Barclays and TD Bank Group joined the OIN. Why did they do so? Everybody cares about the abuse of IP rights.”

Mishi Choudhary, founder and managing partner, MCA
Mishi Choudhary, founder and managing partner, MCA

“OpenChain has become an ISO standard and this development is extremely important. For the longest time, companies were working individually but not really coming together for licensing compliance as and when open source code development happened. But now, there are people who are there to help them out, who have put in a serious number of hours and energy into developing this standard,” she said.

The role played by open source in fighting Covid-19
Choudhary added, “2020 was a very tough year. When the pandemic began in March last year, the open source community tried to help in whatever way it could by understanding what Covid-19 was all about. That included using open data to create dashboards and apps, designing ventilators and developing protective gear. Teams at various universities collaborated with AI firms and used open source tools to identify signs of Covid-19. The data sets were made available on GitHub.

“Lawyers played an important role when the government of India open sourced the code of its contact tracing app Aarogya Setu. It took some time to ensure that all the source code in the app was open sourced — not only the consumer side code but the server side as well. We explained to the Central government which licence would work better and how to open source the app. This shows that the community understood the importance of putting the code on GitHub to fight against the pandemic.

“Right now, there are so many licences. We also see continuous demand for different types of licences. There are certain issues which individuals or companies feel are not being addressed by the licences available to us at present,” she concluded.

Ramakrishna Yekulla, senior specialist solution architect with Global Partners and Alliances at Red Hat
Ramakrishna Yekulla, senior specialist solution architect with Global Partners and Alliances at Red Hat

Ramakrishna Yekulla, senior specialist solution architect with Global Partners and Alliances at Red Hat also spoke at the event. He said: “India is one of the largest consumers of open source, and most users are not aware about the challenges of mixing and matching incompatible software licences. Most startups in companies are not aware of what these licences are; they see an interesting open source project that tries to solve a problem, and they just take the code and mix it to arrive at a solution.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here