# Licensing Models and Agreements One-sentence definition: Legal agreements governing software/content use, including commercial (EULA, enterprise) and open-source (e.g., MIT, Apache, GPL) models. ## Key Facts - EULA/Per-seat/Per-core/Subscription define usage scope and limits. - Enterprise/site licenses simplify admin; may include audit rights. - Open-source: permissive (MIT/Apache) vs copyleft (GPL) obligations. - Third-party/embedded components create compliance obligations (attribution). - License management via inventory, SAM tools, and audits. - Contracts/SLAs must align with licensing and security requirements. - **Label:** **Obligations** vary; noncompliance risks penalties. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose license implications; identify compliance risks. **Mnemonic:** “Permissive vs Protective.” ## Mini Scenario Q: Can we include GPL library in closed-source app without releasing source? A: Typically no—GPL requires derivative works to be GPL (copyleft). ## Revision Checklist - Distinguish permissive vs copyleft. - Name two commercial license metrics. - Explain how to manage license compliance. ## Related [[Intellectual Property (IP) Basics]] · [[Compliance and Regulatory Concepts]] · [[Contracts, SLAs, OLAs, MOUs]] · [[Third-Party Risk Management (TPRM)]] · [[Security Governance]] · [[Domain 1 - Index]]