Working as an outside counsel, it has happened to me more than once that our firm has been asked to legally validate an open source / FOSS package that somebody else already asked us to validate.

The validation work, comprising of reviewing the technical and legal qualities of a software package, is conventionally done in each company separately, i.e. many times. The basic part of the work is very similar in every user (redistributor) entity.  

So, with this in mind, I realised that companies should actually co-operate in the validation effort. Instead of each company validating each component separately, this could be done together, only once. This method provides several advantages. To describe the most obvious ones:

 

  • Reduced costs of FOSS development management, since the generic part of the validation is done only once.

  • Easier and faster decision on whether to use FOSS, own development or third party product. When you don't have to wait for a validation process to return a value (the value can be directly gotten from the database of the collaborative body), you do not rely on your own development that often any more.