Legal Compliance Assurance in Development Process

By S. Cohn-Sfetcu and K. Hassin  |  Posted 2010-01-18 Print this article Print

Legal compliance assurance in development process

Mitigating business risks associated with software legal compliance is best addressed by building legal considerations into the development process itself. The following options address compliance measures at different points in the development process. Some of the options listed, such as periodic and real-time assessment, can be used in combination for best results.

Option No. 1: Ignore

Deciding to ignore the compliance issue carries the lowest up-front cost but bears the highest risks.

Option No. 2: Preventative: Developer training and project planning

Some companies (especially small and midsize businesses) consider proper training and project planning sufficient in normal situations, accepting to undertake an audit during imposed due diligence efforts. Naturally, the more the developers are trained on matters of software legal compliance issues, the more effective the development process. However, this is a rather expensive proposition given the explosive growth in the number of distinct software licenses, the high cost of developer training, and the constant churn within the development environment. With this option, compliance rests solely on developers and any assurances are their responsibility.

Option No. 3: Post-development

Taking action later in the project life cycle can take the form of external or internal auditing, and impacts the final stages of testing as well as the quality assurance process. This option can bear higher costs due to professional services, the cost of any necessary changes to the software after the fact, subsequent retesting and re-auditing. This option gets results, does not impact development workflow, and can be rendered more cost-effective with software tools designed for this purpose. It can, however, prolong the project life cycle near the end, resulting in delays to the delivery of the final product that are hard to predict.

Option No. 4: Periodic

Periodic auditing of software during development involves course corrections along the way if any policy violations are detected. This can be done with automatic tools. It's also less expensive than waiting until after the development process thanks to the shorter delays in getting the fixes done and retested.

Option No. 5: Real-time

The most proactive measure for software compliance assurance is to detect license violations immediately at the developer workstation in real time. This way, the development process is not disturbed. Plus, the cost of corrections is minimized, as any necessary corrections (which might include justification of selection, code changes or replacement) are done on-the-spot. Any necessary corrections can also be done without involvement of other resources and without the need for retesting. This process can be automated via software tools in ways that are unobtrusive, easy to adopt and, most importantly, do not require developer training in matters of legal compliance.

Detecting possible violations in real time is the most cost-efficient and lowest risk option in the long term. The later in the software life cycle such fixes are affected, the more expensive they become. If the legal compliance issues are discovered during the development process, the fixes become less onerous and the business risks are reduced.

Sorin Cohn-Sfetcu is involved in Marketing at Protecode. Sorin brings over 30 years of entrepreneurial involvement in technology and business management in multinational (Nortel) and small companies, with a significant portfolio of market successes, innovative products and publications. Sorin holds several patents in Web services, wireless, and digital signal processing. Sorin has a Ph.D. from McMaster University, a Masters of Science degree from University of Calgary, and a Masters of Engineering degree from Polytechnic Institute of Bucharest. He can be reached at Hassin is responsible for product portfolio capabilities at Protecode. Kamal is a thought leader in the area of open-source licensing. Kamal is the author or co-author of a number of papers on Software Intellectual Property management. Kamal has a Bachelor of Engineering degree and a Masters degree in Technology Innovation Management from Carleton University. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel