Understanding How Azul’s Zulu License Verification Process Protects Your IP
Azul Zulu Guarantee: Certified Non-Contaminating
Azul understands the protection of your intellectual property (IP) is critically important when choosing an open source offering, and you can rest assured knowing that your IP is protected when using Zulu. As a customer of Azul Platform Core, you may have access to specific Azul Zulu® Builds of OpenJDK which have undergone formal certification and verification to ensure that including, embedding and/or distributing Zulu in your products does not contaminate your products’ IP or code with license requirements (including but not limited to the source code disclosure requirements of GPLv2).
How Does Azul Guarantee Non-Contamination?
Every commercial Azul Zulu binary is 100% open source, but importantly many builds are also verified to ensure non-contamination. Through the use of specifically developed tools and analysis techniques, Azul scans and analyzes the more than 7 million lines of OpenJDK sources and the full set of build artifacts and object materials that are produced from the OpenJDK sources, including intermediate and dynamically-generated source files. This analysis covers all topological paths and relationships between any code that might run on the resulting Zulu build and all internal components. Azul verifies that the relationships between the multitude of open source and third-party licenses that exist in OpenJDK used by Zulu and any code that may run on Zulu will not result in contamination, and do not impose any requirements or restrictions on licensing of the code that runs on the Azul Zulu JDK or JRE.
Our license verification processes and tools ensure that your Java code is never contaminated by GPL or any other licenses that could require placing extra restrictions on the use or distribution of your code, forced sharing of your code under some specific terms, or mandate the purchase of additional third-party licenses.
What are the Key Components of our Analysis?
- In the process of certifying each specific Zulu binary package, Azul performs a detailed analysis of each build artifact.
- This analysis tracks and identifies any and all binary or object material that is accessible for linking by programs that may execute using the specific Zulu binary package.
- The specific source code used to produce each accessible binary or object material portion is identified, and the copyright and licensing associated with that source code are identified and classified.
- The detailed relationships and all possible topological paths between the various parts of the code and their respective licenses are fully analyzed.
- The result of this formal process is the assurance and verification that linking with the accessible APIs of the specific Zulu binary will not cause IP contamination.
Getting Your Questions Answered
We understand how important avoiding license contamination is for any business that sells or distributes software that contains open source components. Our Product Management and Legal teams can work with you and your organization to address your concerns fully, and explain the strength and rigor of our processes and our guarantees. To get started, just drop a note to your Azul representative or contact Azul at [email protected].