Hello, Heather—
Long-time listener, first-time caller. 😄
Lawyers often like to include OSS disclosure obligations and/or audit rights or responsibilities. Is disclosure or audit better in your view? Can disclosure obligations lead to over-disclosure or inaccurate disclosures that create risk?
MDH
Audits are useful, but they can be overkill depending on the situation. They are never wrong, of course. I like to say that they are like insurance -- it's never wrong to buy it, but you might be insuring against risks that are very unlikely to arise. Disclosures are very important, not only for the information they convey, but how they demonstrate internal open source compliance processes. If a company (usually in an M&A, investment or sales deal) delivers a disclosure that is unprofessional or lacking information (or the clearly-inaccurate "we don't use any open source"), then it's often best to do an audit. But if the disclosure looks good, then an audit usually doesn't yield any additional material risks.
Thanks for the question!
For further actions, you may consider blocking this person and/or reporting abuse
A community for COSS builders, founders, consumers, investors, and fans.
Hello, Heather—
Long-time listener, first-time caller. 😄
Lawyers often like to include OSS disclosure obligations and/or audit rights or responsibilities. Is disclosure or audit better in your view? Can disclosure obligations lead to over-disclosure or inaccurate disclosures that create risk?
MDH
Hi Melody!
Audits are useful, but they can be overkill depending on the situation. They are never wrong, of course. I like to say that they are like insurance -- it's never wrong to buy it, but you might be insuring against risks that are very unlikely to arise. Disclosures are very important, not only for the information they convey, but how they demonstrate internal open source compliance processes. If a company (usually in an M&A, investment or sales deal) delivers a disclosure that is unprofessional or lacking information (or the clearly-inaccurate "we don't use any open source"), then it's often best to do an audit. But if the disclosure looks good, then an audit usually doesn't yield any additional material risks.
Thanks for the question!