How to Assure Legal Compliance from Software Development to Delivery

For organizations involved with software development and delivery, consciously implementing measures for legal compliance into the software development process itself is crucial. Equally important is incorporating effective software intellectual property management into the organization. Here, Knowledge Center contributors Sorin Cohn-Sfetcu and Kamal Hassin explain how to validate the intellectual property cleanliness of software, while ensuring it meets all legal obligations before market delivery.


In the age of open-source and large-scale outsourcing, both assuring the quality of software and taking it to market means ascertaining its legal compliance as well. In recent years, numerous legal cases have highlighted the business risks and the enormous costs incurred when this is not done properly. These costs stem from involvement in judicial procedures, software recalls, fixing legal compliance issues post-release, and missed market opportunities caused by delays in the development process. Other consequences include lowered valuations in due diligence processes triggered by customers, potential or existing investors, mergers and acquisitions, and other major transactions.

Software is a pervasive element in most products and processes, and its sources have multiplied over time. Sources now include internal developments, suppliers of subsystems and chips, outsourced development contractors, open-source repositories and the previous work of the developers themselves. Software, unlike hardware, is easily accessed, replicated, copied and re-used.

Open-source software has become a significant player in most software development life cycles, thanks to the wide availability of source code, its apparent free cost, and its high degree of stability and security. Open-source code is generally free on the surface but it's not without obligations. It comes laden with licensing and copyright conditions which are enforceable by law-sometimes with dire effects for users who are not careful to validate the pedigree of the code in their products (for example, the origin and any associated obligations of all software components).

This doesn't mean that leveraging outsourcing and/or open-source software is to be avoided. The issue is not with the use of open source, but with unmanaged adoption and lack of proper care to the copyright and licensing obligations it entails. It's paramount that industrial managers validate the intellectual property (IP) cleanliness of their products and services, and ascertain that they meet all legal obligations before they reach the market.