Company

Continuous Deployment, Continuous Delivery, Continuous Compliance

{metæffekt}

{metæffekt} GmbH supports and accompanies companies in the inventory and evaluation of used software components (Software Composition Analysis). Through many years of expertise and know-how in the area of software architecture, software development, continuous integration and license compliance management {metæffekt} is a sovereign partner for the continuation of the inventory, documentation and risk assessment of products and projects in dialogue with the various competencies and responsible parties in the company.

In addition to services in the product and project context {metæffekt} offers consulting on process and policy design, as well as training and seminars on the topics of License Compliance Awareness, License Compliance Management, Vulnerability Monitoring and Vulnerability Assessment.

Background

Modern software development makes use of current methods, common tools and a multitude of existing components, libraries, development and test kits. Demands for fast, cost-effective, quality-oriented and thus competitive product or project development underline this approach. Enterprises are requested to concentrate on their core authority and technical know-how and must fall back as much as possible to existing concepts and components other manufacturers or from community projects.

Coupled with legal requirements, contractual requirements for transparency and sovereign handling and requirements from information security standards (such as BSI-200, ISO-27001), the multitude and varying granularity of the software components used creates a complexity that must be evaluated not least in the risk management of a company. However, the challenge in the company already begins with the question of which software is used and how and which properties, obligations and restrictions must be taken into account.

In its approach, {metæffekt} differs significantly from other providers. By focusing on the software components actually used a defined data quality is achieved through the application of specialized tools and case-specific consulting, which is particularly necessary for implementing license compliance in the supply chain and for identifying and monitoring public vulnerabilities. In all operations, the focus is always on documentation of the end product and risk reduction in the respective business case. The procedures are applied with precision through automation and integration into the development processes and enable continuity in the lifecycle of the products and projects.

Philosophy

In particular, the correct handling of Open Source Software is of central importance to us. For this purpose, it is necessary to understand and comprehend the perspective of the actors in the Open Source Model. We have summarized our experiences and findings in this regard in the {metæffekt} Open Source Ethics.

The {metæffekt} Using Open Source Software Manifesto is derived from the Open Source Ethics. This manifesto clarifies and supports the position and actions of {metæffekt} GmbH.

We dare to hypothesize that the Open Source Model is a foundation of our future society. We move from the Open Source Model to the open society. Industry 4.0 or the concepts based on blockchains, cryptocurrencies and smart contracts are just prominent examples of change on this path.

For this reason in particular, it is necessary to clearly define the fundamental rules, moral and ethical aspects and obligations in dealing with Open Source Software as the foundation of these developments.