At a conference Wednesday sponsored by Open Bar, Open Source Risk Management Group, and Riseforth held in Santa Clara, Heather Meeker, a lawyer at Greenberg Traurig LLP, gave some practical advice on open source risk management. Some of her comments (courtesy of Theresa Bui Friday from Palamida who attended) are below...
...There are real commercial advantages for using open source software...(open source can be) more stable, more secure, quick to customize and lower cost of ownership
...open source licenses require interpretation...the industry context is important
...but more important than interpretation is provenance ie. where did this software come from
...finally, code audits should be an on-going process
So, no huge breakthrough here, but it does tie in with a few of the points that we think are important. First of all, software shouldn't attempt to make legal decisions. Thats why setting your 3rd party software policies requires the proper legal advice. Then let computers do what they are good at - laborious, repetitive tasks that insure that you are operating with full knowlege of whats in your code. Also, that auditing for third party code should be be an on-going part of the software development process.