Open Source Software: Guidance for Corporate and Technology Counsel on Mitigating Legal and Security Risks

Many companies now use open source software due to its lower costs, faster innovation and time-to-market benefits. However, businesses and their counsel must fully understand the evolving legal and security vulnerabilities associated with open source software and ensure that policies and procedures are in place to manage such risks.

Until a few years ago, counsel considered license compliance the most significant risk of using open source software. There are a variety of open source licenses—from permissive to restrictive. Each license is subject to different terms and conditions and some license types are incompatible with others.

Recent major security vulnerabilities, including Devil’s Ivy, Heartbleed and Shellshock, spurred companies to evaluate security vulnerabilities with open source software. In its first five months of investigation, Google’s OSS-Fuzz (launched Dec. 1, 2016) identified over 1,000 bugs in major open source software projects, including more than 250 potential security threats.

Developing, implementing and ensuring compliance with open source usage policies are a must for all businesses using the software.

Listen as our panel of experienced technology law attorneys discusses the latest legal and security risks with open source software and best practices for minimizing exposure.

1. Latest business and legal trends with open source software
2. Legal risks of open source software
3. Security risks of open source software
4. Counsel’s role in mitigating legal and security risks

The panel will review these and other key issues:

• Legal risks of using open source software
• Security risks with open source software
• Ensuring compliance with open source license agreements
• Developing and ensuring compliance with open source security policies and procedures