I continue to be in awe of this stat: the composition of today’s applications is often as high as 90% open source components and only 10% custom source code. A true testament to the value of open source in helping speed the delivery of custom built applications. (This amazing, but true, stat is based on our analysis of the Central Repository and 1000+ Repository and Application Healthcheck Risk Assessments.)
The pervasive use of Open Source components requires development organizations to understand and follow licensing conditions for each component and their many subcomponents. This is an often-perplexing task given the hundreds of open source license types, many with unique conditions. (Need a primer on Open Source Licenses? See below or check out the Trusted Software Alliance’s interview with Heather Meeker – the woman who literally wrote the book on this topic.)
Microsoft heard that message loud and clear from their customers and that is why they reached out to Sonatype for help. And we are excited to announce the integration of Sonatype’s license analysis for NuGet packages, including all subcomponents, into Microsoft’s NuGet Gallery and Visual Studio add-in. By putting this data directly into the .Net developers’ day-to-day toolset, they are now empowered to select the packages that best suit their organizations policies and legal requirements.
Sonatype has been providing this valuable license data – as well as critical security and architecture data – to make it easy for organizations to build high quality applications and ensure they are secure over time with the Sonatype Component Lifecycle Management (CLM) platform. This whitepaper provides the big picture of CLM. And if you are looking for a better understanding of open source licensing read on for a quick primer…
_____________________
WHAT IS OPEN SOURCE LICENSING?
Source-code authors own their work and it is protected by copyright. Open source licensing protects the intellectual property rights of the original creators and determines the way in which it may be used and distributed by others.
COMMON OPEN SOURCE LICENSE TYPES
There are hundreds of open source licenses, each with distinct rules and regulations regarding the licensing of OSS components. The most common types of open source licenses are:
Choosing the right license type for a new application and adhering to all open source license obligations throughout the software development lifecycle can be tricky. Several common license types are incompatible and cannot be combined into a new application. You’ll need the right tools and information to select appropriately licensed components – and ensure that you are complying with license terms.