 And today I am talking about open source projects and digital issues around it. So most of the things which I am going to talk about, you might have looked at it in some way or the other, sometimes you may not have even attention to the whole issue. But let's look at it from a different perspective and see what are the risks when you open source projects generally face and how you can mitigate those risks and what are the community way of looking at the risks and the issues which we face in the open source projects. And what are the global best practices when we look at some of the risks and some of the legal issues and how we can avoid all those issues. So when we talk about the legal issues, so first of all let me say this is not a legal advice. This is an educational approach because the laws across the globe is different. The corporate law in US and India or Singapore might differ. So it is not a legal advice but what I will be trying to make the attempt is to talk about the best practices globally. So let's look at copyright issues, trademark issues and paid issues. So as you have seen most of these things you would have noticed might not have paid attention to but so let's start from copyright. So what is a copyright? Basically generally for software the protection is generally in most of the decisions is through copyright. So is an exclusive legal right to control the rules for copying, modifying and distributing a copyright. And who could be a copyright owner? You could be the individual, you could be an association, you could be a foundation at first in your own company. And typically you would have seen, this is an example of a copyright notice. A copyright at the right seat and then here you have done that. You are a foundation, you should put your foundation's name. If you are an individual you should put your individual's name. If you are a company you should put your company's name. So that gives an idea to somebody who is looking at that piece of code or library or whatever you have done. That this has been done by this gentleman or this foundation or this individual. And all the rights for modification for distribution you should check with and under what license that we will talk about later. So this is the indication which gives you like okay this is the person or the foundation or the trust I should talk for anything I have to do with. And typically like in India the copyright right extends to 60 years. The lifetime of the author for 60 years. It varies in different jurisdictions. But broadly it is a long drawn protection. So when we look at open source projects, you know, irrespective of the, you would find that there is a copyright notice. So that provides the information of the rights of the owner of the users. So you might be the owner, you might be the user, your rights differ. And what are the rights typically would be understood from the copyright notice. So copyright notice and then the license information. So these are the two most important legal information which I look in for any open source project. If it is not there then there is something an issue. Because the downstream users will not able to understand what are these rights. So there are good chances that your team may not be using your project at all. Because most of this information is that. So you would also look at, you know, different projects have different ways of protecting the copyright. So the contributors license agreement is one way of protecting your, you know, copyright information. And the developer certificate of origin is another important legal agreement, you know, which protects the rights. Now let's move on to the trademark issues. So what is a trademark? The trademark is an object of this name. So whether it is goods or services, there is a trademark. So and there is an inferred source origin and quality. Let's say when we say a property, there is a quality. We know there is a company working behind it. So what this helps in is to create confusion. So later in the session I will be talking about in what all instances we have seen confusion. So the trademark owners have the obligation to protect their mark. It's not the users. Users have to comply with the trademark obligation. So open source projects needs to have trademark and also take trademark orders. So the way you write, you know, let's say Apache Foundation, the way, yeah, the trademark policy will tell you the way Apache Foundation has to be done. And who can use it? In what instances? So as I told you, it avoids confusion. It gives you a source of origin, quality, and all those things. So this is one point for another, every open source project in respect of the region you are in. So one example, good example was the Debian and the Mozilla Foundation issues around the Firefox trademark issue, which started in 2006 and added in February 2016. So for 10 years, this issue was going on. So it's always better when you are having starting a new project, please make sure that you have a proper trademark assigned and you have a trademark policy. So everybody is using that project knows that this is the way this has to be done. That should be illustrated in your website in your trademark policy. The other famous instance was when Amazon was sued by elastic search. So there are so many instances across the globe where companies projects have issues. So please safeguard your trademark and have a trademark policy. And the best projects across the globe has good trademark and trademark policy. And please search that such names are not used already. The other example is the Java trademark, which is owned by Oracle, but Eclipse Foundation used to use it for a long time. There was a lot of conversation around this and finally they had to give up. So unable to convince the Oracle to allow the users of trademark on Java to refer to the open source version of Java Enterprise Edition, Eclipse Foundation is asking those who care about such things to vote on. So it's a nice situation after using that name. It's like, you know, if somebody tells me you can't use the name with you after 50 years of my existence in the world. So it is quite difficult. And there is a lot of cost. If somebody has to change the project name, there is a lot of confusion it creates. So it's better at the start of the project itself to think about the project name, trademark, copyright and all these things. Don't put it to a later instance where there is a lot of confusion. So it is the interest of the trademark holder. So let's say I have got a trademark for my project, open source project. It is my obligation, my interest to safeguard that. If somebody is misusing my trademark, I should enforce my trademark against them and stop, you know, should not allow them to use that trademark. Because they are deriving, so there will be confusion. People will think that, okay, this is done by Apache Foundation. Let's say Apache Foundation doesn't enforce their trademark. Then people would see that, okay, this originated from Apache Foundation project. And there could be sometimes cyber security instance or threats or malwares in those projects. Because when I use those projects, I thought that it is from Apache Foundation, but it may not be. So it's very important that you protect if you are a trademark holder, you are the foundation of the trust. You should protect and enforce your trademark. Now let's look into the patents aspect. So if you see the preamble of GPL, it says, Finally, any program is threatened constantly by software patents. We wish to avoid the danger that redistributors of the free program will individually obtain patent license in effect, making the program proprietary. To provide this, we made it clear that any patent license will be used or not. Now let's look into Apache 2.0. Okay, 2.6. Grant of patent license. Subject to the terms and conditions of this license, each contributor hereby grants to you a perpetual worldwide, non-exclusive, no-charge, royalty-free, revocable, etc., as stated in this section. Patent license to make have made use, offer to sell, import and otherwise transfer the work. Where such license applies only to those patents is licensable by such contributor that necessarily influenced by the contributors, alone or by combination of their contribution with the work to which such contribution was submitted. So basically the whole free software community doesn't believe in software patent, most of them. That doesn't stop the patent frauds or operating entities. So the whole open source projects has been patent at various instances by two types of entities, earlier an operating entity. When I say the word operating entity, operating entities are entities which have products or services. And then there is another type of entity which is called non-practicing entities. Non-practicing entities are entities which justify patents and they don't have any products or services. Then they start asserting these various entities across the globe. So in the recent past, Genome Foundation was sued. So and one of the main reasons why open source foundations are a good target for patent frauds for the fundamental reasons that globally these projects are used. And in a typical scenario, in a perfect scenario, when one entity is sued, they have a patent portfolio which they can retaliate using that. But in an open source foundation, because open source foundations don't file for patents generally, they don't have the defensive capacity. So it is very important that open source foundations think of defensive strategies because they don't have patents and they don't file for patents. So they can't have an offensive strategy. So the only way they can look at it is having a defensive strategy. How as a community, we can come together and protect the community. So in 2019, Genome Foundation was sued by a big control called as CrowdShot. So when Genome Foundation was sued, they joined the community that is Open Invention Network community. What we did was we gave them priora. Using the priora, they went for crowd funding. Because patent litigation and defense is a very costly affair. So they then went for invalidation of this patent of CrowdShot, which is called CrowdShot. CrowdShot allows that Genome Foundation to be fixed. And that's the patent number. And once the invalidation proceedings started against CrowdShot, gave license to all the patents which they had. And this is a statement post this from Rothstein. I'm pleased to announce that the patent dispute between Rothstein and patent imaging and you know, I'm pleased that they managed to settle this issue amicably. I've always supported innovation of open source software and its developers and encourage its innovation and adoption. So in the first instance, they sued an open source foundation. And later on they made this statement. And the best part what happened after this was, after the settlement, using the priora which Open Invention Network gave, somebody went and invalidated the patent of Rothstein. So that is the final conclusion this time. So it is very important that the community comes together. I have a defensive strategy. So one of the biggest community in the defensive strategy is Open Invention Network. I'll put a disclaimer here. I'm part of Open Invention Network. I represent the Indian Union. So what we do at Open Invention Network is, it's the largest community in the world. Anybody can join, you are a project, you are a startup, you are a company. You are an individual developer. Anybody can join the community. This was initiated a 16 years back. And today we have companies, startups and projects. Even Linux Foundation is part of the project community. Anybody can join. They join through an e-license. The only obligation you have is that in case you have a Linux platform, you will not assert it against any other community member. Other community members watch out for the same reciprocal flags. And wherever you are in the world, you can be part of the community. There is no commercial to join the community. And so we have a cross license of 2.1 million product wagons. So this ranges from 3,885 software applications. And some of the protections we provide. So you can see the community members who are part of OAN, Open Source Projects globally. Not Rockstar. Not Rockstar. Not Rockstar. They will be happy to now join us. They will now join us. So the only people who don't join OAN is people who have an intent to be a patent group who want Rockstar. So if you see from the composition of the 3,885 software applications, it looks something like this. So almost all areas of technology is covered. Open Source technology is covered. So at various times in the past it was operating entities which behaved like patent groups. In recent times it is not just operating entities. It is non purchasing entities which are creating work. I work in the whole ecosystem. So there are various other, you know, entities which work on the defensive strategies. So Open Invention is the largest among them. So now let's move on to the Open Source complex. So this has various problems because in the whole supply chain of software, how do you ensure Open Source complex? Let's say you have vendors across the globe. Or you have contributors across the globe. How do you ensure that each of them are following the same set of groups? And ensuring that the level of education compliance is the same. So there is a Linux Foundation project called as Open Chain. Open Chain, the objective of Open Source, how Open Chain is to ensure that in the whole supply chain of software development there should be compliance. Let's take a scenario where you have people contributing to a technology group. How do we put a standard that, okay, this is the benchmark you should do? Because my understanding might be different. My friends' understanding who is contributing from a different region in the world might be different. How do we have the basic common platform? So that is taken care by Open Chain. So Open Chain 2.1 specification has now become the ISO standard. So you can do a self-certification. You can get a third party certification. And in fact, there is a security specification which is so in drama. And so all those issues related to license security around Open Source compliance because typically globally this is one of the biggest problems like Open Source compliance. That's the objective of this community. And we have seen that most of the companies globally are gearing and adopting Open Chain as the standard. Whether you're in telecom, whether you're in the security sector, you are. And that helps to mitigate. And the contribution is not just from one region in the world. The good part is that companies, individuals across the globe, across various domains are contributing to this project. And we all know that the documentation, license compliance, these are the issues which most of the companies projects face. So Open Chain would be a good answer to all those problems and solutions. You know, provides great solutions. And I would be happy if you could look into Open Chain 2.1, our specifications there. And I'm also looking forward for the security specification. And you would have seen globally there is a lot of security challenge which opens this space in the last 10 years. Which also has in certain cases affected the credibility in certain cases. So communities like Open Chain would be a great bet. So if you have any questions? Yeah, so if you see globally, in US there is this Alice judgment. But what happens to existing patents which has already been landed? And sometimes it's very difficult to decide between the software patents and if it is not just the software patents. Because the patent authority there in each region has different standards. So in US, of course the Alice judgment software patents are not allowed. But there has been various instances where software patents has been allowed. So in Europe software per se is not allowed. Patent per se is not allowed. But if it isn't for terms of the ROL, so that differentiation is very difficult. So somebody has to scrutinize each software application. And the rules of the game is different in different parts of the world. So maybe in New Zealand they have stopped software patents. Even in India, software per se cannot be patented. But we have CRI guidelines, completely related invention guidelines. So if you can pass that guidelines, you get a patent. So the rules of the game is different. So I don't think in the near future we will see software not being landed patents. Open game has not something to think. What Open Game does today is prescribes to the best standard. For example, if you are a company or a project, you should have one of those policies. So we also include that we train your team that what is the best practices. You review, confirm the license requirements. You train them, make them understand because generally license information obligations are left out by people. So whether it is copyright or there is a modification of it. All those things have to be looked into and then only you can be confirmed with Open Game. So there is 1.1 specification, 1.1, 1.1, 2 and 2.1. So only if you are confirmed with 2.1 that is equal to an ISO standard. So training, compliance, audit, review. So all these processes at least makes some level of compliance. So whether it is open type TPD or anything. These rules of the game are same. So training, compliance and enforcement. It doesn't matter if they use the stamp to set up. So the rules of the game are same. License compliance is required.