Software Licensing and Compliance

Software Licensing and Compliance

Customer: Attic Film School

Consultant: Lucky Star PublishingMichael Carter,CEO

Aaron Anderson, CIO

Customer: Attic Film School

Consultant: Lucky Star PublishingMichael Carter,CEO

Aaron Anderson, CIO

Problem Statement SummaryProblem Statement Summary

Attic Film School provides classes and training in various aspects of film making. In their classrooms, they use a variety of software applications such as Adobe Suite, Maya, etc. One of their key assets is a set of internally created animation training software. The protection, maintenance, and further development of this software is essential to their school’s success. They foresee a problem in this area and desire help specifically in performing routine "software compliance audits.”

Attic Film School provides classes and training in various aspects of film making. In their classrooms, they use a variety of software applications such as Adobe Suite, Maya, etc. One of their key assets is a set of internally created animation training software. The protection, maintenance, and further development of this software is essential to their school’s success. They foresee a problem in this area and desire help specifically in performing routine "software compliance audits.”

Licenses Recommendations

AuditsAudits

Software

Licensing and Compliance

Software

Licensing and Compliance

Internal External

Tips Developing Software

Using Software

Proprietary

Compliance

Open Source

LicensesLicenses

An agreement between a publisher and an end-user customer

VERY common in every-day life, both in business and non-business settings

Example: MS Windows Companies will have a licenses for specific

use and distribution that is easily violated

An agreement between a publisher and an end-user customer

VERY common in every-day life, both in business and non-business settings

Example: MS Windows Companies will have a licenses for specific

use and distribution that is easily violated

Proprietary versus Open Source Licenses

Proprietary versus Open Source Licenses

Proprietary Licenses Used when source code is guarded Generally cannot be manipulated and edited

Open Source Source code isn’t guarded Just because code is open source doesn’t mean

all rights are released!

Proprietary Licenses Used when source code is guarded Generally cannot be manipulated and edited

Open Source Source code isn’t guarded Just because code is open source doesn’t mean

all rights are released!

ComplianceCompliance

Simply making sure your usage aligns with your licenses

Non-compliance is generally synonymous with piracy (YouTube Video)

Often violated unintentionally Non-compliance fines are up to $150,000

per violation

Simply making sure your usage aligns with your licenses

Non-compliance is generally synonymous with piracy (YouTube Video)

Often violated unintentionally Non-compliance fines are up to $150,000

per violation

AuditsAudits

5 basic parts (as mentioned by customer) 1.) Identifying all software assets 2.) Determining all licenses, usages, and rights 3.) Finding gaps between rights and usages 4.) Closing gaps 5.) Recording all activity with a centralized

location

5 basic parts (as mentioned by customer) 1.) Identifying all software assets 2.) Determining all licenses, usages, and rights 3.) Finding gaps between rights and usages 4.) Closing gaps 5.) Recording all activity with a centralized

location

Audits (cont.)Audits (cont.)

Helpful overall, not harmful Part of risk management Falling out of compliance is easy and

punishments are sever so audits protect companies

Two types Internal External

Helpful overall, not harmful Part of risk management Falling out of compliance is easy and

punishments are sever so audits protect companies

Two types Internal External

Internal AuditsInternal Audits

Done my members of the same company Auditors know the workings of the

company. Finding gaps is easier because their eye is better trained in company operations

Disadvantages: May view non-compliance as routine May be biased

Done my members of the same company Auditors know the workings of the

company. Finding gaps is easier because their eye is better trained in company operations

Disadvantages: May view non-compliance as routine May be biased

External AuditsExternal Audits

Outside firm hired to assess compliance Auditors aren’t familiar with corporate

culture so they’ll tend to have less bias Because they don’t know the company

workings, investigation takes longer and costs more

Outside firm hired to assess compliance Auditors aren’t familiar with corporate

culture so they’ll tend to have less bias Because they don’t know the company

workings, investigation takes longer and costs more

Open Source Software LicensesOpen Source Software Licenses

A difference between proprietary and open source licenses is: in open source license, the ownership of the copy transfers to the copy owner instead of just the right to use it.

Granted similar rights as the copyright (left) owner.

A difference between proprietary and open source licenses is: in open source license, the ownership of the copy transfers to the copy owner instead of just the right to use it.

Granted similar rights as the copyright (left) owner.

Open Source Software License (cont)

Open Source Software License (cont)

Note: “copy owner” is not the same as “copyright owner”, only the ownership of copy changes hands.

Grants many of the same rights usually reserved for publisher.

Open Source License is optional. If agreement is not accepted, the following rights are not permitted: Redistribution of software. Right to modify software. Right to reverse engineer software.

Note: “copy owner” is not the same as “copyright owner”, only the ownership of copy changes hands.

Grants many of the same rights usually reserved for publisher.

Open Source License is optional. If agreement is not accepted, the following rights are not permitted: Redistribution of software. Right to modify software. Right to reverse engineer software.

Compliancy TipsCompliancy Tips

Know your policies thoroughly. Regularly perform internal audits. Establish and strictly enforce software

installation and usage policies. Centralize all software purchasing. Negotiate licensing agreements for your

organization.

Know your policies thoroughly. Regularly perform internal audits. Establish and strictly enforce software

installation and usage policies. Centralize all software purchasing. Negotiate licensing agreements for your

organization.

Our Recommendations: Purchased Software

Our Recommendations: Purchased Software

We recommend purchasing a compliance program that routinely checks software and licenses for violations.

AppStream, from Symactec; Centennial License Management, from Centennial Software.

Elite Discovery and Elite Reports, from Elite Compliance (Beta).

We recommend purchasing a compliance program that routinely checks software and licenses for violations.

AppStream, from Symactec; Centennial License Management, from Centennial Software.

Elite Discovery and Elite Reports, from Elite Compliance (Beta).

Our Recommendations: Developed Software

Our Recommendations: Developed Software

Create an Open Source version of the developed software utilizing basic functions of the program.

Establish a well written AUP for the Proprietary version of the program that has been developed.

Create an Open Source version of the developed software utilizing basic functions of the program.

Establish a well written AUP for the Proprietary version of the program that has been developed.

ReferencesReferences

http://en.wikipedia.org/wiki/Software_licencing http://en.wikipedia.org/wiki/Software_license_agreement http://www.bsadefense.com/resources/article_software_licensing.asp http://www.processor.com/editorial/article.asp?article=articles%2Fp28

04%2F30p04%2F30p04.asp http://www.scmagazineus.com/Simple-steps-for-ensuring-software-lic

ense-compliance/article/34587/ http://www.oreilly.com/catalog/osfreesoft/book/ch01.pdf http://www.elitecompliance.com/faces/articles/

Article20080301000000.jsp;jsessionid=318d80d1ed9cc420af76a43d5192

http://www.appstream.com/products-license-management.html http://www.centennial-software.com/products/license_manager/

http://youtube.com/watch?v=0Pnjyrzkepo&feature=related

http://en.wikipedia.org/wiki/Software_licencing http://en.wikipedia.org/wiki/Software_license_agreement http://www.bsadefense.com/resources/article_software_licensing.asp http://www.processor.com/editorial/article.asp?article=articles%2Fp28

04%2F30p04%2F30p04.asp http://www.scmagazineus.com/Simple-steps-for-ensuring-software-lic

ense-compliance/article/34587/ http://www.oreilly.com/catalog/osfreesoft/book/ch01.pdf http://www.elitecompliance.com/faces/articles/

Article20080301000000.jsp;jsessionid=318d80d1ed9cc420af76a43d5192

http://www.appstream.com/products-license-management.html http://www.centennial-software.com/products/license_manager/

http://youtube.com/watch?v=0Pnjyrzkepo&feature=related