Linux Foundation Announces Open Compliance Program
Major names in open source and enterprise lend support.
The Linux Foundation began LinuxCon with a bang when it announced the formation of the Open Compliance Program, Tuesday.
The Open Compliance Program is an initiative meant to help companies abide by open source licenses and alleviate legal concerns within the marketplace. The program consists of six elements:
Training: The Linux Foundation offers additional documentation and training models that cover open source licensing fundamentals and activities geared toward enterprise. The foundation also will offer offer on-site or online training.
Tools: The Linux Foundation also developed complementary tools to improve due diligence. This is done via three tools, a dependency checker that identifies code combinations at dynamic and static levels, a Bill of Material (BoM) Difference Checker, and a code janitor that provides linguistic review capabilities. The Code Janitor ensures that developers don’t leave comments in the source code by scanning source code files for a series of keywords stored in a database.
Self-Assessment Checklist: A checklist developed by The Linux Foundation that gives companies a list of compliance criteria to self-evaluate a given project’s level of compliance.
The SPDX Standard and Workgroup: A labeling standard meant to easily identify and categorize open source components within a project. Visit www.linuxfoundation.org/workgroup/spdx/ for more details.
A Compliance Directory and Rapid Alert System: The Linux Foundation created a master list of compliance officers at companies implementing open source code in their commercial products. The database can be accessed and added to by visiting http://www.linuxfoundation.org/programs/legal/compliance/directory/
Community: These tools join the FOSSBazaar workgroup. The workgroup can be found at FOSSBazaar.org or http://www.linuxfoundation.org/workgroups/fossbazaar/.
“Our mission is to enable the expansion of free and open source software, so we created this program to give companies the information, tools and processes they need to get the most out of their investment, while governing the software,” Jim Zemlin, executive director of The Linux Foundation said.
Along with those tools, The Linux Foundation also announced the founding participants in the program. HP, Intel, IBM, AMD, ARM Limited, Cisco Systems, Google , Novell, Samsung, Adobe, Nokia, NEC, Motorola, Sony Electronics, and Software Freedom Law Center are all members of the Open Compliance Program.
“By creating the Open Compliance Program, The Linux Foundation once again has stepped up to the challenge of providing the unifying force in an arena experiencing explosive growth, while decreasing the FUD around Linux and Open Source. IBM proudly supports the Open Compliance Program, which is an invaluable step in furthering the standards, tools, training and certification so needed by the industry,” said Dan Frye, VP open systems development at IBM.
Currently, the foundation has released initial builds of the complimentary tools and encourages developers to contribute to them. The BoM Difference Checker will be available later this year. A finalized version of the Self-Assessment Checklist will be formally released in Q4 2010. For more information about the Open Compliance Program, visit http://www.linuxfoundation.org/programs/legal/compliance/.
Report from the X-Force group says attackers are using TOR to hide their crimes
Future Firefox extensions will be compatible with Chrome.
Better read this if you bought your computer before 2011
Users should upgrade to the new version as soon as possible
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.