GSUkw8wg

1IP training notes:
2
3--- Introduction:
4
5Types of IP
6- copyright
7- patent
8- trademark
9- trade secret
10
11IP can be sold (transfer ownership), licensed (give permission to use), stolen (used illegally/not_buying/licensing properly)
12
13third party ip: any ip not 1--% owned by windriver.
14- includes opensource, proprietary, sdks, images, documentation, trademarks, customer and partner confidential information
15- includes both open source and commercial ip
16- each and every component requires a licence
17- ex: vxworks has over 100 licences 
18- 3rd party dependency is growing y/y
19- moving towards open source, companies are encouraged / pressured into using open source 
20ip
21
22- need to maintain a BOM for licenses used in windriver products
23
24potential consequences:
25- legal damages and fees
26- loss of intellectual property
27- loss of productivity
28- revenue lost from court halting product distribution
29- damaged reputation as trusted software vendor 
30
31certification = trust
32- certify product quality, safety, safety, quality, open source compliance
33
34Open chain conformance:
35- ...
36
37Malware protection:
38- any software designed to damage or destroy computers and computer systems
39- customers expect protection from malware (in our contracts...)
40- need to be on the look out and report known cases of malware that infect third party IP 
41
42--- Copyright Principles
43
44Copyright protects:
45- creative expression
46- does not protect ideas, facts, methods and algorightms
47- can protect a particular edpression of idea, fact, method, or algorithm
48
49Requirements:
50- work myst be at least minimally creative
51- work must be original (not copied)... Not necessarily novel
52- must be fixed in a tangible form (written or recorded) 
53
54Covers:
55- literary, musical, dramatic,
56- movies, sounds
57- pictures, graphics
58- even architectural and software
59
60Expression and software:
61- algorithm cannot be copyrighted
62- BUT specific form of expression (implementation) of algo can be protected.
63- implementations that lack creativity are not protected (ex: hello world)
64
65- EX: bubble sort algorithm
66
67other copyrighted material:
68- website, images, documentation, marketing, sales presentations, whitepapers, blogs, etc.
69
70What is not copyrightable:
71- list of rules (lacks creativity)
72- list of phone numbers
73- recipe (algorithm)
74- ideas, facts, theories
75- things that have utility or function - eg design structure, methods of operation, a process
76
77All rights reserved:
78- copy, modify, distribute, perform, and display 
79- all rights reserved (unless explicitly granted via a license)
80- copyright valid for:
81  - individual: 70 years after the death of author
82  - corporation: 95 years from first publication or 120 years from creation
83
84Derivative Work:
85- a whole new work based on one or more other works
86- copyright of original work may have an impact on the derivative work
87- Ex: new book about Mickey Mouse, new movie about Mickey Mouse, book to movie (eg Harry Potter), book modification & redistribution
88Ex: modified source code file, binary file (derived of compiled source code), linked binaries to create new work
89- need to look at the licenses of the work from which new work is derived
90
91Public Domain:
92- creative works not copyright protected > no owner
93- anyone is free to make copied of public domain works
94- no license is required
95- includes: copyright expired, donated works (renounce copyright), works produced by US government
96
97Summary:
98- Copyright must be: minimally creative, original, fixed in a tangible form
99- Copyright protection is immediate
100- Copyright controls copying, modification and distribution
101- license grants these permissions
102- derivative work is: new work based on or derived from one or more preexisting works, where at least one work may be recast, transformed or adapted
103- modification and or integration of source code creates a new work which is derived work of the original files
104- non-copyright creative works are in the public domain.
105
106--- Open-source & Licensing
107
108License:
109- permission to do something
110- permission to display, perform, copy, modify & distribute
111- copyright =/= license
112- copyright ~= deed/ownership of the property
113- license ~= written permission to use the property
114
115- Copyright holder controls:
116- who can have license
117- which license to use (commercial vs open source)
118- whether to offer mnultiple different licenses
119- whether to change the license (ex: from commercial to open source)
120
121Types of Licenses:
122- Proprietary licenses: typically between two parties, promotes commercial win-win 
123- open source licenses:
124 > Attribution: BSD, MIT, Apache, share code in exchange for attribution, available to everyone
125 > Copyleft: GPL, LGPL, AGPL, MPL, EPL: Share code in exchange for sharing future modifications, available to everyone 
126
127Attribution Licenses: BSD, MIT, Apache
128- impose minimal obligation and restrictions on redistribution
129- openly grant right to: copy, modify and distribute
130- in return: provide acknowledge (attribution), preservation of license and copyright notices in source code
131- Also called: permissive or academic licenses
132
133Copyleft License: GPL, LGPL, AGPL, MPL, EPL
134- Yield some rights to end users (give up some control)
135- free as in freedom 
136- software user has the freedom to : copy the software, get source code, modify or use pieces of source code, distribute (requires the user to pass on the same freedoms to other users)
137
138GPL (GNU public license):
139- Strong sharing
140- use as you plase, no restrictions on internal use (copy, get source, modify, use ...)
141- If you distribute the software, then you must:
142 > provide source code
143 > provide copy of the GPL license
144 > redistribute GPL software under the GPL (including modifications
145 > distribute all derivative works under the GPL
146 > preserve source code copyright notices, license notices, disclaimers
147
148LGPL (library / Lesser GPL):
149- Weak sharing
150- use as you plase, no restrictions on internal use (copy, get source, modify, use ...)
151- if you distribute software, must:
152 > provide LGPL source code under LGPL (including modifications)
153 > provide a copy of hte LGPL license
154 > if new works statically linked, provide either object code or source for all code the LGPL code links with
155 > give prominent notice that the LGPL code is used
156
157Derivative works:
158- Check 12:15 for a table of what the New Work's License(s) will be if using work under various licenses
159- ex: if vxworks proprietary code is integrated with GPL licensed code?
160 > the new work will be licensed under GPL license, wind river will be required to give out its proprietary source code (under GPL license)
161
162License popularity: MIT, Apache (together these are ~50%), then GPL ...
163
164Third party propriety license:
165- often requires fee / royalty (not always)
166- does not impase source distribution requirements
167- typically does not require attribution notice
168- may provide guarantees (protection from lawsuit)
169- flexible about redistribution
170- may restrict use (via contract )
171- not viral (does not change your code license)
172
173Five license considerations:
1741. understand rights granted (copying, modification, distribution)
1752. satisfy "distribution" requirements, to obtain rights above
1763. avoid license contamination (no mixing of commercial  + GPL)
1774. ensure license compatibility (new work: able to satisfy all license obligations simultaneously) 
1785. License is consistent with product's IP policy (discussed in next training module)
179
180Summary:
181- copyright holder controls who can: copy, modify, distribute
182- a license grants permission to do these
183- a license is what makes software, opensource software
184- discussed four types of licenses:
185 > Proprietary/commercial: promotes win/win between parties
186opensource
187 > Attribution: promotes software donations (BSD, MIT, Apache)
188 > Strong copyleft: promotes strong software sharing (GPL)
189 > Weak copyleft: promotes weak software sharing (LGPL, MPL, EPL)
190- programs can be created by combining commercial and open source software (program - new derivative work of linked components)
191
192--- IP Policies & Processes
193
194Third party software:
195- Double edge sword: reduces cost, buys time, reliable and proven
196- risks are less understood - improper use could: potentially cost $$ in legal damages and fees, lead to court injunction that halts shipping product, damage reputation and cause significant internal disruption
197- Just one mistake can be extremely bad... 
198
199Strategic upside to IP assurance:
200- more than just WR compliacne
201- customers care too... alot.. for the same reasons wind river cares
202- customers constantly inquire about WR IP assurance.
203- A good IP discipline becomes part of Wind river's value proposition
204
205- ex: IP assurance is actually one of the top 10 reasons to pick linux product
206
207business objectives:
208- mitigate 3rd party ip usage risk
209- deliver on ip assurance value proposition
210- assist sales with ip terms negotiations
211- customer support 
212- open source guidance to support business 
213
214policies and supporting processes:
215- policies supporting processes that ensure repeated and consistent ip assurances:
216> disclosing all third party ip
217> ip analyst reviews
218> produce required release artifacts
219(Can view ip policy at ip.wrs.com)
220- 12 commandments of IP, on the ip portal
221
22212 commandments of IP:
2231. should attend IP training within the past 24 months
2242. honor both global and product line IP policies
225 > global policy applied to all products
226 > product specific policies (ex for vxworks, etc), trumps global policy
2273. Must obtain a license for each 3rd party ip component that ships with its products
2284. must disclose each use and license of each third party component included in wind river products
229> Analyst will verify for each component: a license exists, license grants rights (copy, ...), component and license are compatible with corporate policy and product policy, all applicable license obligations are satisfied (royalties, source code, required notices, etc.)
2305. must signoff for each release that they have disclosed all third party IP: signoff all 3rd party ip added or modified
2316. must include windriver copyright notice in all fiels created or material modified (both for opensource and proprietary)
2327. must not copy code from third parties and mark it as your own
2338. must not remove copyright notices from third party IP (unless under the guidance of WR legal)
2349. avoid conducting third party patent searches (unless authorized by WR legal)
23510. avoid expressing opinion about potential patent infringement or non-infringement of third party technology
23611. must not send emails detailing an ip problem to others - instead send a minimal email to WR legal or IP assistance for more details .
23712. when in doubt - do the right thing (better to over disclose than under disclose)
238
239--- Business Rationale and Processes
240
241Handling open source:
242- Open source complience program conforms to the Linux foundation's OpenChain compliance program quality standard:
243> open source policy exists
244> specific compliance roles and responsibilities are assigned
245> staff are sufficiently trained
246> disclosure and tracking of Open Source software
247> review of license and use case for each disclosure
248> delivery of opensource compliance artifacts (source, notices, ...) with the software
249
250Why an IP review?:
251- ensure rights to use and distribute third party ip in product offering
252- ensure royalties are paid
253- identify and remediate ip defects
254- prepare and deliver the required compliance artifacts to customers (notices, source code, compliance report, ..)
255- satisfy OpenChain certification requirements
256
257IP review stakeholders:
258- engineering - secure right to use and ship
259- wind river legal - risk mitigation
260- engineering program maanger - scheduling
261- product marketing - value proposition
262- sales - value proposition
263- TPG (shareholder) - managed IP -> company valuation
264
265Roles & responsibilities:
266- engineer/dev: pass ip test, submit all third party ip used disclosures, sign off third party disclosure, sign off no knowledge of malware
267- engineering program manager: schedule ip review with ip group, contact between ip group, engineering and marketing, follow up with engineering on ip review outstanding action items
268- ip analyst: conduct ip review for given release, review and clears ip disclosures submitted by engineering, remediate ...
269
270Common mistakes:
271- failure to disclose 3rd party ip (proprietary or open source)
272- submitting ip disclosures late in release cycle
273- commercial software license not obtained in time - mist removed prior to shipping
274- details regarding ip defect are communicated via email (want to use phone...)
275- company source files lack proper wind river copyright and license notices
276- engineer did not take ip training  as required, and are not  familiar with their responsibilities.
277
278Summary:
279- third party ip has benefits and risks
280- strategic upside: customers are concerned about risks, it becomes value proposition, prepare and deliver customer reports
281- multiple company stakeholders
282- know the roles and responsibilities (disclose early, sign off, ...)
283
284--- Summary
285
286Intellectual property:
287- four different systems to acquire property rights: copyright, patent, trademark, trade secret
288- third party IP is IP not owned by Wind River
289- must disclose all third party IP
290- one mistake can result in disastrous situation
291
292Copyright principles:
293- protects different forms of creative expression
294- does not protect ideas, facts, methods, algorithms
295- but it can protect creative expressions of ideas facts, methods, algorithms
296- right to copy, modify, distribute
297- need license to use third party IP
298- no licence -> no permission to use
299
300Types of licenses:
301- discussed four types of licenses:
302 > Proprietary/commercial: promotes win/win between parties
303opensource
304 > Attribution: promotes software donations (BSD, MIT, Apache)
305 > Strong copyleft: promotes strong software sharing (GPL)
306 > Weak copyleft: promotes weak software sharing (LGPL, MPL, EPL)
307
308Derivative work:
309- license impact on derivative work impacted by original work's license
310- license of new work is a function of the derived work's licenses it uses
311
312Business objectives:
313- mitigate 3rd party IP usage risks
314- deliver on ip assurance value promise to customers
315- assist sales  with ip terms negotiation
316- customer support 
317- open source guidance to support business
318
31912 commandments of IP...