Liferay Trust Center /
FOSS / IP Compliance
Liferay understands how critical it is for our prospects and customers to find secure and compliant digital solutions for their business needs. We are committed to being not just a vendor, but a trusted partner for our customers.
Our focus is to ensure that the valuable information you entrust to us is secure and treated in accordance with the applicable data protection laws. As part of the FOSS community, we apply best practices when it comes to IP and FOSS licensing. We also believe in conducting business with integrity, ultimately fostering strong relationships with our customers and our community.
This Trust Center provides a comprehensive collection of resources designed to aid every customer’s due diligence process and demonstrate our commitment to security and compliance.
FOSS / IP Compliance
When it comes to its own IP and FOSS licensing compliance, Liferay follows the OpenChain ISO/IEC 5230 standard and first self-certified in 2019 following the 2.0 version of the standard. This assures that we have the appropriate people, policies and processes in place for effective IP compliance.
To assist our customers with their IP/license and security compliance we offer our paying customers and partners Software Bills of Material (SBOM) for Liferay DXP in the ISO/IEC 5962 SPDX format (as well as CycloneDX, if required). Both formats fulfil the requirements as set up in the (US) Executive Order on Improving the Nation’s Cybersecurity (EO 14028) and the definition of the EU Cyber Resilience Act (CRA).
We mark our own source code following the REUSE.software community best practices. This makes working with our code base very predictable, as you can very simply tell which code is ours and under which license.
While we do take both our and others’ IP seriously, we do realise that sometimes accidents happen. Which is why for all our LGPL- and GPL-licensed code we pledge (since 2018) to apply the more lenient cure and reinstatement provisions from GPL-3.0, following the GPLv3 Common Cure Rights Commitment.
When it comes to patent protection, Liferay Inc. is member of the Open Invention Network – the largest patent non-aggression community.
If you believe that your, or another party's, intellectual property has been copied in such a way that constitutes infringement, please follow the instructions on the Claims of Copyright Infringement web page.
If you have any further inquiries relating to our Open Source use or compliance, please address them to foss@liferay.com.
29 rue Taitbout
75009 Paris
France
+33 (0)1 84 21 11 80