Software compliance used to mean making sure that all copies of each software application in use at your business had a corresponding license from the vendor. These days, however, that's not enough.
In a blog post at IT-Director.com, Quocirca analyst Clive Longbottom notes that the more open source and public use software out there, the greater the chances that reusable code will end up in companies' proprietary software offerings. And there is a wide variety of licenses under which public use software is released, from the GNU General Public License, to the Common Development and Distribution License to the Beer License. If GPL'ed software is used -- even the smallest snippet -- the entire end product must also be released under the GPL. The Beer License, Longbottom says, merely requires the licensee to buy the licensor a beer if the opportunity presents itself.
So what's the best approach to software compliance in the world of mixed environments? Must you compare your software to every available public use/open source license? Of course not. As Longbottom points out, that would take entirely too long. Productivity gained with the reusable code would be lost. He also rejects the idea of completely forbidding the use of open source/public use code in proprietary development projects.
Instead, Longbottom endorses Black Duck Software's offerings, which scan code as it is being developed to identify segments of code that have been released under different public use licenses and flag them so that legal and business decision-makers in the company can address the potential issues they may raise before they negatively affect the company's business.
Interestingly, he also suggests that Black Duck should investigate the possibility of a similar system to detect copyrighted content on the Web. With YouTube and MySpace and the proliferation of user-generated blogs, the market is certainly ripe for it.