Kamal Hassin is Director of R&D and Product Management at Protecode. He can be reached at email@example.com.
Software is a massive enabler for the semiconductor industry. It's difficult to find a device that isn't enabled by software in some way. Evolving from simple components to complex systems on a chip (SOC), semiconductor-based products now require many categories of software. The list starts with drivers to configure operating modes. On top of that, real-time operating systems (RTOS), SDKs, networking and security, administration, media formatting and compression, and of course an endless list of applications. Unsurprisingly, the semiconductor industry now spends more on software development than on all other R&D aspects.
How do developers build all of this software at a reasonable cost? Increasingly, they supplement custom coding with outsourced code, commercial libraries and open source software. Open source has become a significant component of all software development, intentionally and sometimes unintentionally, thanks to the abundance of available code, its apparent free cost, and a high degree of stability and security.
But while open source code can appear to be free, it is not without obligation. It typically comes laden with licensing and copyright responsibilities that are enforceable by law. Even accidental infringements can result in fines and injunctions which can play havoc with manufacturing schedules, inventory control and supply chain management. Given the significant deployment volumes for semiconductors and the products into which they embed, it is important to ensure that software licensing obligations are managed. Ignoring these obligations or simply being ignorant of them can have significant consequences, as some recent legal cases have shown. For example, a lawsuit regarding an open source component called "BusyBox" affected many large companies, including Verizon, Samsung, and others. Another case filed by the Software Freedom Law Center (SFLC) against Cisco sought an injunction for the distribution of Linksys firmware as well as damages and costs.
There are a number of approaches to license management, ranging from doing nothing to fully automated real-time scanning of software to detect and report license obligations. All approaches can be viewed from a cost perspective, with the aim of maximizing developer productivity while minimizing legal risk. The cost of managing software license obligations is analogous to managing defects in the development process. It is well understood that the earlier a defect is identified and corrected, the less expensive it is -- and the same is true for licensing obligations. Likewise, the earlier a development organization identifies "licensing bugs" that attract unacceptable license obligations, the less expensive it is to adjust the software to achieve licensing compliance.