In the last 3 months, how often did you write or review production code?
- Daily
- Several times a week
- Weekly
- Less than weekly
- Not in the last 3 months
Which one ecosystem do you primarily use most often?
- JavaScript/Node
- Python
- Java
- C/C++
- .NET
- Go
- Rust
- Ruby
- Mobile (Android/iOS)
- Data/ML (e.g., R, Julia)
In the past 6 months, were you involved in selecting, reviewing, or complying with open-source licenses for your code?
How confident are you in interpreting common open-source licenses for your own code?
Range: 1 – 10
Min: Not at all confidentMid: Moderately confidentMax: Very confident
How clear is your organization’s open-source license compliance process to you?
Range: 1 – 10
Min: Very unclearMid: Somewhat clearMax: Very clear
How clear are the following activities in your current workflow?
| Rows | Very unclear | Unclear | Neutral | Clear | Very clear |
|---|
| Identify licenses of direct dependencies | • | • | • | • | • |
| Identify licenses of transitive dependencies | • | • | • | • | • |
| Check compatibility with internal policy | • | • | • | • | • |
| Record obligations (e.g., attribution, notices) | • | • | • | • | • |
| Handle copyleft requirements (if present) | • | • | • | • | • |
| Approve or request new packages | • | • | • | • | • |
Where do you typically get guidance on open-source license compliance?
- Internal engineering policy
- In-house legal counsel
- Automated tooling documentation
- Community docs/blogs
- External legal resources
- Package manager or registry guidance
- None of the above
Do you use any tools for license compliance (e.g., SCA, scanners, SBOM generators)?
Which one type of tool is most useful in your projects for license compliance?
- Software composition analysis (dependency scanning)
- License text scanners
- SBOM generators
- Package manager audit commands
- CI/CD policy gates
- Custom scripts/queries
Overall, how satisfied are you with your current license compliance tooling?
Scale: 10 (star)
Min: Very dissatisfiedMax: Very satisfied
Which one barrier most affects effective open-source license compliance in your work?
- Unclear obligations or terminology
- Limited time or competing priorities
- Tooling noise/false positives
- Lack of internal policy or ownership
- Legal review is slow or unavailable
- Complex transitive dependencies
- Inconsistent guidance across teams
Rank the top blockers to improving license compliance in your organization.
Drag to order (top = most important)
- Understanding obligations
- Tool false positives
- Lack of time/resources
- Missing or unclear policy
- Legal review delays
- Transitive dependency complexity
How valuable is having a software bill of materials (SBOM) for managing license compliance in your projects?
Range: 1 – 10
Min: Not valuableMid: Moderately valuableMax: Extremely valuable
About how many hours in a typical month do you spend on license compliance tasks?
Accepts a numeric value
Whole numbers only
What is your primary role?
- Software engineer/developer
- Engineering manager
- Security/compliance engineer
- DevOps/SRE
- Legal/compliance
- Product/Program manager
- Other
How many years of professional coding experience do you have?
- 0–1
- 2–4
- 5–9
- 10–14
- 15+
- Prefer not to say
Approximately how many employees are in your organization?
- 1–10
- 11–50
- 51–250
- 251–1,000
- 1,001–10,000
- 10,001+
- Prefer not to say
Where are you primarily located?
- North America
- Latin America
- Europe
- Middle East & Africa
- Asia
- Oceania
- Prefer not to say
Attention check: Please select “I am paying attention.”
- I am paying attention
- I am not paying attention
- Prefer not to say
What would make license compliance clearer or easier for you?
Max 600 chars
Welcome! This brief survey should take about 5 minutes. Please answer based on your recent work. Thank you for participating.
AI Interview: 2 Follow-up Questions on open-source license compliance
AI InterviewLength: 2Personality: Expert InterviewerMode: Fast Thanks for your time—your input helps improve clarity and tooling for open-source license compliance.