Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Development
    • Mobile
    • Servers

    Linux Foundation Launches Open Compliance Program

    By
    Darryl K. Taft
    -
    August 10, 2010
    Share
    Facebook
    Twitter
    Linkedin

      The Linux Foundation on Aug. 10 announced the launch of the Open Compliance Program, which it described as “a comprehensive initiative that includes tools, training, a standard format [in which] to report software licensing information, consulting and a self-assessment checklist that will help companies comply with open-source licenses.”

      The Linux Foundation, a self-described “nonprofit organization dedicated to accelerating the growth of Linux,” made the announcement at the LinuxCon event in Boston.

      The goals of the Open Compliance Program include “increasing adoption of open source and decreasing legal FUD [fear, uncertainty and doubt] present in the marketplace,” the organization said.

      The statement continued:

      ““As the use of Linux and other open source software has exploded in recent years, especially in mobile and consumer electronics products, the need has arisen for a trusted, neutral, non-commercial compliance program that offers a comprehensive offering of compliance training, tools and services. With today’s complex supply chains, it can be difficult to keep up with the code and licenses present in shipping products.To address that complexity, The Linux Foundation has developed a set of tools, training curricula and a new self-administered assessment checklist that will allow companies to meet open source license obligations in a cost-effective and efficient manner. The Open Compliance Program also includes a new data exchange standard so companies and their suppliers can easily report software information in a standard way, a crucial missing link in the compliance landscape.Founding participants of the program include enterprise computing and consumer electronics giants Adobe, AMD [Advanced Micro Devices], ARM Limited, Cisco Systems, Google, HP [Hewlett-Packard], IBM, Intel, Motorola, NEC, Nokia, Novell, Samsung, Software Freedom Law Center, Sony Electronics and more than 20 other companies and organizations.”“

      “Efforts like the Open Compliance Program from the Linux Foundation can make the difference between healthy open source use and chaos,” Chris DiBona, open-source and public sector engineering manager at Google, said in a statement. “Google is happy to see the Linux Foundation creating this program to assist people with this complicated subject.”

      “By creating the Open Compliance Program, The Linux Foundation once again has stepped up to the challenge of providing the unifying force in an arena experiencing explosive growth, while decreasing the FUD around Linux and open source,” Dan Frye, vice president of Open Systems Development at IBM, also said in a statement. “IBM proudly supports the Open Compliance Program, which is an invaluable step in furthering the standards, tools, training and certification so needed by the industry,”

      In an Aug. 10 blog post, Jim Zemlin, the executive director of the Linux Foundation, said, “We have the collective experience of our staff as well as the ability to galvanize our members to deliver information, training, tools and a standard that will help the industry coalesce around best practices and save money at the same time. Just as in open source, we feel collaborative development and reuse of resources in compliance matters will deliver great efficiencies of scale. We fully expect the Open Compliance Program to deliver real cost savings to all who participate as well as enable companies to fulfill their license obligations.”
      In the Linux Foundation’s statement, Eben Moglen, founder and chairman of the Software Freedom Law Center, said, “Free software licenses are designed to make it easy to copy, modify and redistribute software, commercially and non-commercially. But strong operational compliance engineering measures still play a crucial role, making risk avoidance both inexpensive and wholly effective. The Linux Foundation’s Open Compliance Program will make best operational practices for compliance accessible to all and will help commercial and non-commercial parties work together to improve those practices still further. Participation in this program, along with necessary legal advice and training, should allow any organization to meet its FOSS [free and open-source software] license compliance responsibilities completely, at very low cost.”

      Ease of use and low cost appear to be the themes of the Open Compliance Program. Zemlin said in his blog:

      ““I also want to be very clear: complying with open source licenses is actually easier than complying with proprietary ones. (One reason: there is no money involved.) There are countless software audits of users every year, and settlements often range in the tens of millions for large companies. You may not have heard about those cases since they do not get the attention the very few open source cases do, but make no mistake, complying with proprietary licenses is not easy or cheap.”“

      The Linux Foundation’s statement said, “The six elements of The Linux Foundation’s Open Compliance Program are: training and education … tools … [a] self-assessment checklist … the SPDX [Software Package Data Exchange] standard and workgroup … a compliance directory and rapid alert system … [and] community.”

      The tools include a Dependency Checker, “capable of identifying code combinations at the dynamic and static link level. In addition, the tool offers a license policy framework that enables FOSS Compliance Officers to define combinations of licenses and linkage methods that are to be flagged if found as a result of running the tool.”

      Also, a new tool called the Code Janitor “provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors” and similar subjects, the Linux Foundation statement said. “The tool maintains a database of keywords that are scanned for in the source code files to ensure code released is safe and ready for public consumption.”

      Another tool in the works is the Bill of Material Difference Checker, “capable of reporting differences between BoMs and therefore enabling companies to identify changed source code components and to better report included open-source components in updated product releases. Development on the BoM Difference Checker will begin in late 2010.”

      Meanwhile, Zemlin said there are three things everyone should bear in mind about the Open Compliance Program.:
      “1. It will lower costs for every company who uses open source by giving training, a guidebook of best practices and access to resources to make it much simpler to comply with license obligations.

      2. It will help spread the use of open source software as it will eliminate the very few legal cases and most importantly the FUD around legal compliance that some vendors like to spread.

      3. It’s a collaborative project. The tools are open source and we welcome participation in making them better. The SPDX workgroup welcomes participation from all in the consumer electronics supply chain. Please download our resources and sign up to receive the checklist and give us your best practices at compliance (at) linuxfoundation dot org.”

      Darryl K. Taft
      Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×