The Risk Grid was created by a Special Interest Group made up of delegates from the European Legal Network, and development was governed by Chatham House Rule. The work was chaired by Andrew Katz from Moorcrofts and he is also rapporteur for the final release document. This is a discussion document and the contents do not constitute legal advice or necessarily reflect the opinions of any contributor.
Background
A Special Interest Group of the European Legal Network discussed issues around the commercial procurement of Free Software, and methods to reduce or contain risk in transactions related to the supply chain. The initial focus of this group was on creating generic contractual language for use by Customers when establishing a relationship with a Supplier. However, it quickly became apparent that for a true solution far more than generic contractual language was required. There needed to be a guidance document to contextualise the scope of potential issues and to describe the potential remedies available for both Customer and Supplier regardless of their relative experience in Free Software. To do this the members of the Special Interest Group created the Risk Grid, a table designed to describe the different ways in which publicly available code could be infringed, with rows to separate out each instance, and with example wording to help in drafting procurement contracts for software projects which make use of Free Software components. The Risk Grid was first published in issue one of the 'International Free and Open Source Software Law Review.'
Licensing
The Risk Grid is copyright © 2009-2010 Andrew Katz, Amanda Brock, Malcolm Bain. It is licensed under a Creative Commons UK (England and Wales) 2.0 licence, no derivative works, attribution, CC-BY-ND. As a special exception, the author expressly permits faithful translations of the entire document into any language, provided that the resulting translation (which may include an attribution to the translator) is shared alike. This paragraph is part of the paper, and must be included when copying or translating the paper.
Files
Download:
Appendices
The Risk Grid is intended to be a largely self-contained reference document, but it will also be usable in conjunction with the planned precedent purchasing agreement. However, to assist with contextualising the transaction between Customer and Supplier it makes references to three appendices. These would have to be created by the Customer and/or Supplier to meet their requirements and annexed to the final contract between the parties. There is an overview of the intended content of each appendix below. These appendices will also be referred to in the planned precedent purchasing agreement.
Appendix [1]
This appendix should list the locations from which any and all Publicly Available Code incorporated in the Software has been acquired.
Appendix [2]
This appendix should list any and all guidelines to be followed to accurately document the source of each acquisition of Publicly Available Code incorporated in the Software.
Appendix [3]
This appendix should list any and all licences regarded by the Purchaser as acceptable for the purposes of this transaction and/or the contractual relationship directly related to this transaction.