Open Source License Compliance in Software Supply Chains


Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with [14, 20, 25]. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products [7, 21]. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products [4, 15, 19]. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.

Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability: Communications of NII Shonan Meetings