Open Source, Encryption and Export Regulations & The New Compliance Frontier
Open Source, Encryption and Export Regulations & The New Compliance Frontier – Mark Gisi, Wind River Systems
The percentage of Open Source Software (OSS) that commercial software solutions are composed of is growing rapidly. It is not uncommon for Linux and other OSS components to represent the lion share of the software running on an embedded device. In recent years a lot of attention and effort has gone into developing OSS license compliance best practices. Another area given less attention yet continues to grow in importance is software export compliance. Although different governments have different regulations for software, what’s universal is that software export compliance centers on the use of encryption software. It is often difficult to answer questions about the existence or use of encryption software for OSS that a developer uses (but did not write). We discuss best practices used to identify encryption in software, and open source tools that can assist with the task.
About Mark Gisi
Mark Gisi, Directory of Intellectual Property and Open Source at Wind River Systems (an Intel subsidiary), has been responsible for managing Open Source policies, processes and programs for the past 10 years. Mark has extensive experience managing the use of open source software to both maximize ROI and mitigate risk. That includes managing Open source software to go beyond reducing costs such as: accelerating innovation; fostering internal code sharing and reuse; accelerating product adoption; obtaining ROI on strategically positioned open source projects; strengthening an organization’s brand; and facilitating the attraction/retention of highly skilled technical staff. Mark is a key contributor to the Linux Foundation’s SPDX and OpenChain projects. Mark holds a MS degree in Computer Science and a BS degree in Mathematics.
by The Linux Foundation
linux foundation
