This presentation will provide an overview of the Eclipse Foundation’s Intellectual Property Due Diligence process, which will include a high-level discussion about the historical challenges that have confronted the open source software community regarding licensing and copyright, a summary of the Eclipse Foundation’s current approach to IP due diligence, and a preview of some of the initiatives we are working on to improve the accuracy and efficiency of our IP due diligence process in the future.
We’ll begin with a short history of the open source software movement and how it revolutionized how technology is developed and shared, but also how the practice of freely sharing software presented significant legal challenges in some cases (SCO/UNIX vs. Linux being a prime example). The complexities surrounding intellectual property rights and the potential vulnerability to claims of IP infringement necessitated the establishment of clear licensing frameworks and, in the case of the Eclipse Foundation, maintaining a team of IP specialists who work to ensure that code submissions are compliant from a licensing and copyright standpoint.
Next, we’ll talk about the current state of the Eclipse Foundation’s IP Due Diligence process. The transfer of our IP workflow environment from the outdated and problematic IPZilla to our current GitLab-based environment, IPLab, was completed at the end of 2022 , and we’ll provide a summary of how IP due diligence is currently handled in IPLab from the creation of an IP issue to the final decision, leveraging scanning tools such as the Dash License Tool and Fossology to identify potential issues with licensing and copyright.
Finally, we’ll briefly discuss some of the things we’re working on to make the IP due diligence process at the Eclipse Foundation more accurate and efficient, through the potential use of SBOMs to help identify various components within a code submission and any licensing or security vulnerabilities that may exist in the code, as well as exploring the use of resources such as Eclipse SW360, which is a catalogue for software components.
We hope that this talk will provide insight into the importance of a robust IP Due Diligence process in the open source development community, a better understanding of how our processes help to mitigate risk from licensing and copyright issues, and an assurance that the Eclipse Foundation is always working to find better ways to keep our open source community secure and compliant.