开源风险_风险管理和开源

开源风险

One of the trickier parts of open source development is often when leveraging open source code and applications within commercial closed source solutions. Often the goal of the developers is to reduce the development lifecycle of an application by using proven open source components or applications already vetted by public use.

开源开发中最棘手的部分之一通常是在商业封闭源解决方案中利用开源代码和应用程​​序时。 开发人员通常的目标是通过使用经过验证的开放源代码组件或已经由公共用途审查的应用程序来减少应用程序的开发生命周期。

This may not be an issue for an internal-only private solution such as a private corporate intranet or extranet. Things can get sticky if this solution is shifted for distribution or sale to partners, clients or the public. Even more sticky if the completed solution is not intended to be distributed as open source.

对于仅内部私有解决方案(例如私有公司Intranet或Extranet)而言，这可能不是问题。 如果将此解决方案转移到合作伙伴，客户或公众手中进行分发或销售，事情就会变得很棘手。 如果完整的解决方案不打算作为开源发行，则更加棘手。

Clarification: Having worked on a mixed-source project, when I note a solution that would incorporate open source but sell commercially as closed source, it is understood that this solution would adhere to the open source licenses for those components included and provide the source for those pieces with the application while not disclosing any code intended to remain proprietary.

澄清：在从事混合源项目时，当我注意到一个将包含开源但作为封闭源商业出售的解决方案时，可以理解的是，该解决方案将遵守所包含那些组件的开源许可证，并为这些部分与应用程序一起使用，而没有公开任何旨在保持专有性的代码。

Intellectual property (IP) management, risk management and code escrow have been around in some form for some time. These fields are in varying levels of maturity and often grow as court systems set precedent to be interpreted.

知识产权(IP)管理，风险管理和代码托管已经存在了一段时间。 这些领域的成熟程度各不相同，并且通常随着法院系统树立先例而得到发展。

However, the legal system is expensive, and for firms seeking to reduce risk, a software maker has come to the table with a potential solution.

但是，法律制度非常昂贵，对于寻求降低风险的公司而言，软件制造商已经提出了具有潜在解决方案的解决方案。

Black Duck Software announced on Monday the release of a new risk management tool for software developers. protexIP/Development is a software tool that integrates with development enviroments (including cvs-style repositories) and includes a knowledge base of open source licenses and can check against project parameters and code to find instances of conflict.

Black Duck Software周一宣布为软件开发人员发布一种新的风险管理工具。 protexIP / Development是一款与开发环境(包括cvs风格的存储库)集成的软件工具，包括开放源代码许可的知识库，并且可以检查项目参数和代码以查找冲突实例。

This is not an inexpensive tool, however, for anyone developing and distributing commercial web applications with open source components, well worth review. The cost is $2500 per seat annually.

但是，对于任何使用开放源代码组件开发和分发商业Web应用程序的人来说，这都不是便宜的工具，值得回顾。 每年每个席位的费用为2500美元。

Additionally, the firm hosts the protexIP/Registry, which offers developers the opportunity to submit a project profile securely to Black Duck, and once confirmed free of IP or other license conflicts, are listed in a registry reflecting their compliance. This can assist with client relations as well as with situations where insurance is being included in the sale or deployment of a web application. The cost for this service is $1000 per project.

此外，该公司还托管protexIP / Registry，它为开发人员提供了向Black Duck安全提交项目资料的机会，并且一旦确认没有IP或其他许可证冲突，就会在注册表中列出来反映其合规性。 这可以帮助客户关系以及Web应用程序的销售或部署中包括保险的情况。 这项服务的费用是每个项目$ 1000。

While I am not endorsing these products, it is one of the first to marry together the worlds of commercial and open source software and shows just how prevalent the combination of the two are becoming in application development.

尽管我不认可这些产品，但它是将商业软件和开放源代码软件结合在一起的第一个产品，它表明了两者的结合在应用程序开发中的普及程度。

翻译自: https://www.sitepoint.com/risk-management-and-open-source/

开源风险