CASE: Open Source Compliance

Open source compliance is the process by which users, integrators, and developers of open source software observe copyright notices and satisfy license obligations for their open source software components.

Open source compliance helps achieve four main objectives:

• Comply with open source licensing obligations.
• Facilitate effective use of open source in commercial products.
• Comply with third-party software supplier contractual obligations.
• Protect proprietary IP.

CASE

Customer: Enterprise Financial Service customer, with approx. 1000 developers (both internal and external), supporting about 500 applications.

Challenge: Over time the customer had lost control over which packages were being used and where. This caused compliance concerns, since some packages come with a bit odd license obligations. There are cases there your entire software becomes public domain, if certain packages are used commercially.

Solution: Together with the customers PO, we got tasked with the implementation of a supporting solution mitigating awry package use, across the entire organisation. The choice fell upon the Nexus Platform, and was implemented over period of 9 months.

Delivery included developer onboarding, producing online guides & best practices, integration with development tools (Microsoft Visual Studio, Eclipse and IntelliJ), access permissions, reporting, CVSS management and alert reporting to security team as well as 1st line support.