Summary

Colin Walls examines the assumptions around supplying source code for licensed software components and argues that providing source is not always necessary — and can sometimes be a liability. Readers will learn how to weigh license obligations, maintenance costs, IP risk, and practical alternatives for embedded and productized software.

Key Takeaways

• Evaluate when source distribution is legally required versus when binaries or minimal artifacts suffice for product support.
• Balance compliance and IP protection by understanding obligations under GPL/LGPL and permissive licenses.
• Require reproducible-build artifacts, SBOMs, and build instructions from suppliers to enable long-term maintenance without full source disclosure.
• Plan for secure update mechanisms and supplier traceability to reduce supply-chain and maintenance risks.

Who Should Read This

Intermediate embedded firmware engineers, architects, and engineering managers responsible for integrating third-party components, licensing compliance, and long-term product support.

Still RelevantIntermediate

Topics