CMS Open Source Kit

What is the idea behind the CMS Open Source Kit? 

Open source software (OSS) is being used by the majority of companies in Germany in selected situations. However, as it isn’t possible to tell by just looking at a product which software components it contains, this can quickly become a problem due to a sharply rising number of risks and latent weaknesses. 

OSS has the advantage that it can be freely used and adapted, thus saving money. But it is not software that is outside the law. Any breach of a licence condition could have serious consequences.  

Risks facing open source non-compliant companies  

Benefits of the CMS Open Source Kit at a glance 

We have developed a modular system that allows companies to stay on top of open source compliance. The CMS Open Source Kit brings together legal tech and highly specialised legal advice tailored to the specific needs. It helps companies to benefit from open source software while managing the risks. 

The CMS Open Source Kit consists of five modules: 

OSS Code Scan: Codescan

What is the purpose of OSS Code Scan?  

• OSS Code Scan scans the source code of your software using CMS’s own infrastructure 
• It identifies open source licences and generates a report listing the identified licences (Bill of Materials) 

What output do I receive?  

You receive a PDF report with a Software Bill of Materials (SBOM) for the scanned software.  

OSS Review: identify and understand risks 

What is the purpose of OSS Review?  

• OSS Review is used to establish the status quo of open source software usage in your organisation  
• Risk assessment of the deployed open source software by checking it against CMS’s own licence database, which contains details of 100+ licences 
• Quick check of the policies and work processes relating to open source software that are in place within the company  

What output do I receive?  

You receive a PDF report with a risk assessment and recommended action. 

OSS Governance: managing compliance 

What does OSS Governance achieve? 

OSS Governance refers to the introduction of a system for ensuring OSS compliance within the organisation. A governance system consists of various components, including:  

• Generating “Stop” and “Go” lists of open source licences. The lists are generated following an individual risk analysis and on the basis of a standardised assessment of various risk dimensions that takes into account different degrees of risk (rather than just a yes/no assessment) 
• Guidance on ensuring licence compatibility when using multiple open source licences, based on a detailed compatibility matrix  
• Licence guide with a precise description of what needs to be done in order to comply with the obligations imposed by the open source licences  

What output do I receive?  

You receive a governance policy tailored to your specific needs, and support around implementing it within the organisation.  

OSS Cert: certification 

What is OSS Cert?  

OSS Cert is an independent verification of open source compliance using industry standards such as OpenChain (ISO/IEC 5230), carried out by CMS. 

What output do I receive?  

Once certification has been completed, you receive written confirmation from CMS, which can be used in the context of customer and supplier relationships. 

CMS Client Academy on OSS 

What is the CMS Client Academy on OSS?  

Training courses on the use of open source software in the organisation: 
Our CMS Academy offers a range of online training courses on dealing with open source software. The courses are aimed not only at in-house counsel, compliance officers and software developers, but also at management, product owners, purchasing and sales staff, and ultimately all levels of a company.  

CMS offers courses with differing degrees of specialisation. Companies can make the courses available to their employees, document successful attendance, and ensure that employees repeat the courses on a regular basis. The courses can be tailored to the specific requirements of your company.  

What output do I receive? 

You receive access to our online training system, CMS Client Academy. System access is enabled for the number of users you have booked, and the system can then be used online. 

Interested?  

Would you like to find out more about innovative ways of ensuring efficient open source compliance? More information is available on our insight page on Open Source Software, or contact us at: opensource@cms-hs.com