Executive Sumary
Improving the legal quality and legal safety of components or component-based software released under open source licenses, is globally considered as a key issue for the software industry as well as for open source software communities, editors or/and users.
The QualiPSo project is addressing these questions in the “Legal Issues” Activity, contributing to enhance the awareness of the open source ecosystem to these issues. The present deliverable is aiming at providing a general, conceptual framework for Intellectual Property Rights Tracking (IPRT) management of Component-Based and Collaboratively Developed software (CBCDS). However, the methodology proposed in this document is as generic as possible and should apply not only to open source Software or components, but also to hybrid software (proprietary software containing components under permissive licenses) or even to fully proprietary software (with no non-permissive components such as “Copyleft” components) or to software exploited in a Software as a Service –SaaS model.
The underlying model in which the IPRT methodology is proposed consists in considering the coupling between a “licensing in” process – reuse of preexisting components - and an exploitation scheme of the CBCDS that is most often a “licensing out” – distribution - process.
The “legal roadmap” is the name given to this “licensing out” / “licensing in” coupling formalization.
The goal and objective of an IPRT methodology or framework are presented is this report as well as the main concept for IPRT, the Legal Status of Software. The report proposes an IPRT methodology and describes the key elements that have an impact on the legal status of the software. The developers have a key role to reach a Legal Status that is compliant with exploitation intentions or model of the editor, as the Legal Status is formed through their actions and with this respect, so called “good IPR development practices” are of tremendous importance.
IPRT is a tool to make sure this “legal roadmap” is followed during the development process and more generally to make sure that the Software’s legal status is compatible with the exploitation scheme. A dedicated audit team is set up to plan and implement the six steps IPRT framework to a given development situation. Development team provides a detailed description of the software (1.) Goals and objectives of the audit are defined, as well as a “licensing in” and “licensing out policies” (2.) Legal status is determined by comparing “perceived” legal status – based on a questionnaire (Annex 1) – and “determined” legal status – based on a code mining tool such as FOSSology™ (3.) Problem Identification and Risk Evaluation is operated (4.) Critical problem solving is performed (5.) Residual Risk (if any) is covered by insurance before dissemination/distribution (6.)
A use case is given to illustrate the implementation of the methodology done at INRIA.
The associated tool box to establish the Legal status of CBCDS is provided.
Already existing tools are helping to gain productivity, such as the FOSSology open source license checker. However, strong standardisation needs were encountered (name of the licenses, structure and content of the headers, etc…) to reduce the time spent on and costs of CBS’s analysis of tools results. New tools are to be developed, to avoid bottleneck phases of the audit process (mapping license checker’s results to functional zones for example.)
