Licensing

The use of commercial licensed tools or frameworks must always be approved by management. This ensures that the company is in compliance with licensing and regulatory requirements, and that the software is secure and reliable.

In contrast, the use of open source software is generally encouraged, as it can save time and money while providing access to high-quality software. However, any third-party open source software used must comply with certain criteria to ensure that it is secure and reliable.

Firstly, the software should be licensed under the MIT, BSD-3-clause, or other similarly permissive license that allows commercial usage. This ensures that the software can be used without any legal issues.

Secondly, every license should be reported and inventoried. This is important for maintaining an accurate record of the software that is being used and ensuring that the company is in compliance with all relevant licensing requirements.

Finally, projects should not be deprecated by the author and must be available in a public repository or package manager, such as yarn, npm, pip, apt, or brew. This ensures that the software is up-to-date and that any security vulnerabilities are promptly addressed.

In summary, while the use of open source software is generally encouraged, it is important to ensure that any third-party software used meets certain criteria to ensure that it is secure and reliable. By following these guidelines, companies can benefit from the use of open source software while minimizing any potential risks.

Resources

These resources provide more information on how to manage and view licensing information in popular package managers, including Yarn, Conda, Homebrew, and Poetry.

• Yarn: Checking package licenses
• Conda: Licensing information
• Homebrew: Viewing package licenses
• Poetry: Managing licenses