Featured
![](https://cdn.brighttalk.com/ams/california/images/communication/599673/image_951329.png?width=640&height=360)
The 2023 Open Source Year in Review
Tony Decicco, GTC Law Group / Chris Stevenson, DLA Piper / Phil Odence, Synopsys
Gain insights into important legal developments from two of the leading open source legal experts, Tony Decicco, Principal at GTC Law Group & Affiliates and Chris Stevenson, Of Counsel at DLA Piper.
This annual review will highlight the most significant legal developments related to open source software in 2023, focusing on topics that were resolved, those that got started and what we can expect to see in coming years.
We’ll cover:
• Updates on key open source-related litigation and disputes
• The Cyber Resilience Act and the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
• Potential liability for developers releasing and contributing to open source software
• The impacts of GAI coding tools, such as GitHub Copilot and Amazon CodeWhisperer
• Open source software controversies, deals, and hacks
• And much, much more
Register today!
CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, Illinois MCLE Board, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
• California: 1.5 Credit (1.5 General, 0.0 Ethics)
• Illinois: 1.5 Credit (1.5 General, 0.0 Professional Responsibility)
• New Jersey: 1.8 Credits (1.8 General, 0.0 Ethics)
• New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics)
CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.
All episodes
-
Open Source Risks with New Technologies: AI, GitHub Copilot, Blockchain & More
Mark Radcliffe, DLA Piper, Anthony Decicco, GTC Law Group, Sam Ip, Osler, Hoskin, & Harcourt
The evolution of newer technologies, like artificial intelligence, machine learning, GitHub Copilot, blockchain, cryptocurrencies, DeFi, APIs, containers, and SaaS/PaaS/IaaS, raise new open source legal issues and license selection and compliance considerations.
With these technologies becoming increasingly common place, do you have a strategy to manage your risk and compliance?
Join this live Synopsys webinar to learn how open source legal experts navigate the complex and ever- changing impact of new technologies. Topics covered include:
• A brief history of technological evolution in relation to open source software
• Legal and other considerations raised by these new technologies
• Practical strategies to mitigate related risksDon’t miss this informative webinar - register today.
CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, Illinois MCLE Board, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
• California: 1.0 Credit (1.0 General, 0.0 Ethics)
• Illinois: 1.0 Credit (1.0 General, 0.0 Ethics)
• New Jersey: 1.2 Credits (1.2 General, 0.0 Professional Responsibility)
• New York: 1.0 Transitional & Non-Transitional Credit (1.0 Professional Practice, 0.0 Ethics and Professionalism)
CLE credit will be applied in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico. -
Software Construction & Business Risk: A Crash Course for Investors and Lawyers
Declan Burns & Phil Odence, Synopsys
If you’re involved in software due diligence, you understand that acquiring software assets can bring any number of risks. By learning how software is built, and the choices and tradeoffs developers make during construction, you’ll better understand the risks that can impact a deal. As the saying goes, “forewarned is forearmed.”
Join this Synopsys webinar to learn how the software design and development process inherently creates quality and security risks in a transaction. We’ll cover:
• How software engineers do what they do
• How mistakes and shortcuts can lead to particular problems in the software
• The facets and implications of technical debt that can build up through the accumulation of such issues -
Software Construction & Business Risk: Best Practices for Software Due Diligence
Declan Burns and Phil Odence, Synopsys
The purpose of software due diligence is to identify risks in software. Understanding how software is developed and what kinds of issues can lurk in that software gives you a head start.
Join this Synopsys webinar to learn how shortcuts in the software development process creates design quality, code quality, security and open source/3rd party code problems in software – and what you can do about it. We’ll cover:
• How mistakes and shortcuts can lead to problems in software
• What to look for in each of the categories of risk
• Best practices for software due diligence -
Open Source Software Audit vs Scan: What’s Right for M&A?
Emmanuel Tournier and Phil Odence, Synopsys
Understanding the risks associated with open source software has become the norm in tech due diligence, but not all approaches are created equal. Knowing what’s in the software you’re acquiring is the first step. Few targets are able to produce an SBOM and when they do, it tends to be about 50% accurate. Is “good enough” good enough for M&A?
Join this live Synopsys webinar to learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:
• The risks associated with open source software
•Why depth of analysis matters, and what it results in during M&A diligence
•Why accuracy, reporting and expert human analysis are keys to thorough diligenceDon’t miss this informative webinar. Register today.
-
Software Due Diligence: Mitigating Multiple Dimensions of Risk
Phil Odence, Synopsys
Most software due diligence playbooks involve peer-to-peer discussions about products, processes, and people. That’s all extremely important as investors often bet on future development. But mitigating software risk in M&A requires not only evaluating the state of the target’s processes and organization, but also understanding the dimensions of technical debt that may lurk in the code.
Join this Synopsys webinar to learn how your software due diligence process can uncover technical debt and reduce post-close headaches. We’ll cover best practices for evaluating:
• The organization and processes
• Quality of the architecture and code
• Application security risks
• Open source/third-party software -
SBOMs and SPDX: Now and in the Future
Gary O'Neall, Source Auditor and Phil Odence, Synopsys
If software is an important part of your business and you need to comply with license terms and protect against security vulnerabilities, you need to know and track what is inside your software. Lists of software components and dependencies are typically referred to as Software Bills of Materials (SBOMs).
Standardizing the format for SBOMs can improve the accuracy and efficiency for managing software license compliance and security vulnerabilities – especially if your software is the result of a long list of suppliers (e.g., a commercial product which depends on a commercial library which uses an open-source library which includes source from a different open-source project).
With the May 12, 2021 U.S. Presidential Executive Order on Improving the Nations Cyber Security, several software suppliers are being required to produce their SBOMs in a standard format.
SPDX is a standard format for SBOMs. Although it has been around for more than 10 years, it has gone through some significant evolution such representing data on security vulnerabilities. There is a forthcoming major release which supports several new use cases such as tracking the build process and tracking data about artificial intelligence models.
In this talk, we will start with how you can use the widely adopted SPDX 2.3 spec to represent security vulnerability and license compliance data and then go into some of the new features of the SPDX 3.0 specification. We will touch on what goes into making a quality SBOM.
At the conclusion of the talk, you will have a better understanding how you can make use of SPDX whether you are producing software or evaluating software you use (or plan to use).
-
By the Numbers: 2024 Open Source Risk in M&A
Phil Odence, Synopsys
Open source is widely used in software development because it allows you to create high-quality software quickly - especially with the use of AI-assisted coding tools. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.
Join this live Synopsys webinar for an inside look at the data Black Duck Audits complied in 2023 from the hundreds of tech transactions and thousands of codebases we audited. We’ll cover:
• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks -
The 2023 Open Source Year in Review
Tony Decicco, GTC Law Group / Chris Stevenson, DLA Piper / Phil Odence, Synopsys
Gain insights into important legal developments from two of the leading open source legal experts, Tony Decicco, Principal at GTC Law Group & Affiliates and Chris Stevenson, Of Counsel at DLA Piper.
This annual review will highlight the most significant legal developments related to open source software in 2023, focusing on topics that were resolved, those that got started and what we can expect to see in coming years.
We’ll cover:
• Updates on key open source-related litigation and disputes
• The Cyber Resilience Act and the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
• Potential liability for developers releasing and contributing to open source software
• The impacts of GAI coding tools, such as GitHub Copilot and Amazon CodeWhisperer
• Open source software controversies, deals, and hacks
• And much, much moreRegister today!
CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, Illinois MCLE Board, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
• California: 1.5 Credit (1.5 General, 0.0 Ethics)
• Illinois: 1.5 Credit (1.5 General, 0.0 Professional Responsibility)
• New Jersey: 1.8 Credits (1.8 General, 0.0 Ethics)
• New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics)
CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.