“Collectively, the term IT hardware describes all equipment necessary to enable IT services utilization. Yet, each hardware configuration item may have distinct operational characteristics and controls.” Therefore, as with any critical IT development, representatives from information security and IT audit should be considered key project participants. Information security’s primary role in an open source hardware development project is to ensure appropriate safeguarding mechanisms are deployed. Whereas, IT audit’s primary role in an open source hardware development project is to assure adequate preventive, detective, and/or corrective controls are implemented.
IT hardware design documents, in addition to the software associated with enabling IT hardware functionality, can be released utilizing an open source software agreement. However, most hardware licenses are fundamentally different due to heavy reliance on patent law rather than copyright law. Consequently, a patent-based license may control the utilization and manufacture of a physical IT device built from design documents; whereas a copyright-based license may control the distribution of source code as well as design documents. If the Tucson Amateur Packet Radio (TAPR) Open Hardware License is selected as the basis for an agreement, particulars regarding the distinction between hardware and software licensing characteristics are addressed in the preamble to ensure an understanding of contractual intent.
Open Source Software Development Considerations
Simplistically, open source software “refers to any program whose source code is made available for use or modification as users or other developers see fit. Open source software is usually developed as a public collaboration and made freely available.” Depending on the product, as with open source hardware, open source software can be licensed.
Open source software developers utilize intellectual property licensing — through various types of open source licensing agreements — in order to sustain open source project integrity. In fact, for an IT program to be classified as open source software, the object must commonly address specific criteria established through the Open Source Initiative (OSI). Interpretively, to meet the OSI Open Source Definition requires permitting: the right to make source code copies, the right to freely distribute source code copies, unrestricted access to source code, and the freedom to modify the source code.