ABOUT

An independent open source risk advisory, built around the relicensing wave.

OpenSource Risk Experts is an independent open source risk advisory for the enterprise. We advise CISOs, general counsel, and procurement and engineering leaders on the license exposure buried in the open source they run, and we are paid only by the buyer.

BUYER SIDE

We sit on your side of the table in every negotiation and every audit. The vendor's interests are not our interests.

NO RESALE

We carry no software to push and no quota to hit. A recommendation to do nothing is one we can make freely.

CONFIDENTIAL

What we find stays between us. Engagements are confidential by default, and findings are never anonymized into someone else's sales deck.

ABOUT THE FIRM

A practice built around one risk that most firms still miss.

We were built around the relicensing wave, when projects the enterprise had treated as permanently open began moving to source available terms overnight. HashiCorp moved Terraform, Vault, and Consul to the Business Source License as of August 2023. Redis moved to the SSPL and the RSALv2 as of March 2024. Elasticsearch and Kibana moved to the SSPL as of 2021, and MongoDB did so in 2018.

We speak the difference between the Business Source License, the Server Side Public License, and the GNU AGPL plainly, and we translate it into the language of exposure, cost, and containment. We provide commercial and licensing risk advisory, not legal advice, and we point you to your own counsel for interpretation and compliance questions.

01We map before we advise. No recommendation lands without the tree behind it. See our open source license risk services.
02We quantify in board language. Exposure and cost to cure, not vague severity ratings. Read the case studies.
03We leave you defensible. Every engagement ends with evidence you own. Learn why independence matters.

COMMON QUESTIONS

Questions buyers ask.

What does an independent open source risk advisory do?

An independent open source risk advisory maps the open source you run, quantifies the exposure created when a project changes its license, and helps you contain it. Because we take no vendor fees and resell no software, the advice reflects your risk rather than someone else's sales target.

Are you a law firm?

No. We provide commercial and licensing risk advisory, not legal advice. We map and quantify exposure from the buyer side. For interpretation of license terms and compliance questions, we recommend you engage your own counsel.

How are you paid?

We are paid only by the buyer. We do not resell licenses, take referral fees, or hold a position in any project we assess.

Who do you work with?

We work with CISOs, general counsel, procurement leaders, and engineering leaders who carry production exposure from open source that has relicensed, such as HashiCorp, Redis, and Elastic.

CONTAINMENT

Map your blast radius before it spreads.

A confidential open source license risk assessment. Independent, buyer side, paid only by you.

Not ready to talk? Read the free open source license risk guides first.

Map your blast radius