Sector 7G's Learning Center

Articles • Tips • Tutorials

Consumer steps to mitigate ransomware

Jul 26, 2021 | Greg Butler

Topics: Cybersecurity

Audience & Level: Technical & Basic

Intro
Top OSS License Issues: Part 1 introduced a number of OSS license and related issues affecting OSS compliance. This follow-up addresses a number procedural or process-related OSS license composition and compliance issues.

License identification & analysis
Although not necessarily related to a particular license, identification and analysis tasks, and to the extent either are automated, may miss an app’s full license composition and potential compliance implications that Sector 7G finds. The amount may be significant and grows as the app itself incorporates additional OSS components.

Attribution
Depending on specifics, an OSS component’s license may require attribution: giving the OSS copyright holder(s) credit and analogous to citing references in a publication. Attribution details (e.g., the format) are normally defined by the license’s terms but differ across license types and apps’ constituent OSS components are typically covered by several types of licenses. Nevertheless, a single strategy should be adopted covering all components and license types while maintaining flexibility to accommodate changes to the apps, pipeline, policy, and other considerations.

Remediation options
Although Sector 7G does not provide legal advice (see DISCLAIMER below), we assist organizations, whether developing software or not, to understand, mitigate, and negate OSS license issues such as the examples here. We explain potential OSS compliance remediation paths according to license terms, how apps use the OSS, software/system architecture, and other relevant factors. As a result, stakeholders are provided a better understanding of compliance posture, risk, options, and actions.

DISCLAIMER
Sector 7G Consulting LLC (“Sector 7G”) does not provide, nor should anything from Sector 7G be construed as, legal advice nor the establishment of legal representation or attorney-client privilege. Additionally, Sector 7G strongly encourages review of all licensing with legal counsel.