All small businesses are short on money and time, often putting free and open source software compliance (FOSS) at the bottom of their priorities. But FOSS compliance is not merely a matter of legal risk, it can deeply affect a company’s reputation and with it, the ability to hire engineers, form partnerships, and present a good external image. Moreover, a basic level of FOSS compliance is generally a must for companies going through funding rounds and M&A events. And a compliance journey also implies understanding the provenance of third-party software in use with other applications such as security or quality.
Traditionally, FOSS conferences have featured presentations by large companies that begin with “my Open Source Program Office handles…”. They describe tooling and processes for companies with thousands of employees, none of which small companies can even attempt to replicate. What small companies need is a way to prioritize their tasks and risks and to break down the process of getting into compliance into discrete and tangible steps supported by free and open source compliance tools. Some steps make sense at a one person company, others at 50 and yet others at 500.
This presentation aims to help small businesses understand:
-the basics of what is necessary to be compliant with most FOSS licenses,
-which products pose the highest FOSS compliance-related risks,
-which entities are most likely to cause legal trouble for them,
the first steps they should take on their journey to becoming compliant,
-the common challenges in early compliance efforts,
-an overview of what comprehensive compliance should look like at -the end of the compliance journey,
-and what are the free and open source tools they can use to fulfill their compliance tool needs for efficient and cost effective compliance automation.