Five steps to open source license management heaven

Here and now in 2011, most of us will agree that today’s software stacks generally combine elements of open source, commercial and other third party code, as well as contributions from internal developers and outsourced developers. By the time all of this software is integrated, tested and pushed towards a product release, it can be difficult to understand exactly what is in the final software being used by the business function.

Protecode has put together a list of steps to follow during the open source software adoption process, from establishing a software licensing policy to the pre-shipment software assessment.

“Increasingly, organisations are viewing open source and third party software license management as part of their software quality development process. Quality checklists may be evolved to include all or part of our following blueprint, which is based on Protecode’s experience gained by carrying out numerous software IP audits for technology organisations on the verge of a merger and acquisition activity, or before their software product is shipped out of the organization (into the end-market or to a client),” said Mahshad Koohgoli, CEO of Protecode.


Establishing a Software Licensing Policy – this step involves creating a license compliance policy acceptable to the organisation. The policy addresses questions such as what license terms are acceptable and unacceptable, what vendors are approved and what software products or packages are authorised for use.

Existing Portfolio Assessment – this step involves auditing the existing portfolio and establishing a baseline of what already exists in the organisation. Protecode says that establishing a baseline is best done with an automated tool, ideally linked to a digitally-captured licensing policy.

Regular Software Assessment – this stage, although popular, could be bypassed if automated library check-in or real-time preventive assessment steps are practiced.

Real-Time Library Check-in Assessment – this optional step ensures that any content committed to the organisation’s Source Control Management system is well understood from a licensing obligations viewpoint.

Pre-shipment Software Assessment – this necessary step ensures there is a full understanding of the content and obligations associated with the product before it is released to the market.

NB: This is a cut down version of Protecode’s original “eight” steps to open source software assessment.