Linux Foundation Announces Open Compliance Program
Major names in open source and enterprise lend support.
The Linux Foundation began LinuxCon with a bang when it announced the formation of the Open Compliance Program, Tuesday.
The Open Compliance Program is an initiative meant to help companies abide by open source licenses and alleviate legal concerns within the marketplace. The program consists of six elements:
Training: The Linux Foundation offers additional documentation and training models that cover open source licensing fundamentals and activities geared toward enterprise. The foundation also will offer offer on-site or online training.
Tools: The Linux Foundation also developed complementary tools to improve due diligence. This is done via three tools, a dependency checker that identifies code combinations at dynamic and static levels, a Bill of Material (BoM) Difference Checker, and a code janitor that provides linguistic review capabilities. The Code Janitor ensures that developers don’t leave comments in the source code by scanning source code files for a series of keywords stored in a database.
Self-Assessment Checklist: A checklist developed by The Linux Foundation that gives companies a list of compliance criteria to self-evaluate a given project’s level of compliance.
The SPDX Standard and Workgroup: A labeling standard meant to easily identify and categorize open source components within a project. Visit www.linuxfoundation.org/workgroup/spdx/ for more details.
A Compliance Directory and Rapid Alert System: The Linux Foundation created a master list of compliance officers at companies implementing open source code in their commercial products. The database can be accessed and added to by visiting http://www.linuxfoundation.org/programs/legal/compliance/directory/
Community: These tools join the FOSSBazaar workgroup. The workgroup can be found at FOSSBazaar.org or http://www.linuxfoundation.org/workgroups/fossbazaar/.
“Our mission is to enable the expansion of free and open source software, so we created this program to give companies the information, tools and processes they need to get the most out of their investment, while governing the software,” Jim Zemlin, executive director of The Linux Foundation said.
Along with those tools, The Linux Foundation also announced the founding participants in the program. HP, Intel, IBM, AMD, ARM Limited, Cisco Systems, Google , Novell, Samsung, Adobe, Nokia, NEC, Motorola, Sony Electronics, and Software Freedom Law Center are all members of the Open Compliance Program.
“By creating the Open Compliance Program, The Linux Foundation once again has stepped up to the challenge of providing the unifying force in an arena experiencing explosive growth, while decreasing the FUD around Linux and Open Source. IBM proudly supports the Open Compliance Program, which is an invaluable step in furthering the standards, tools, training and certification so needed by the industry,” said Dan Frye, VP open systems development at IBM.
Currently, the foundation has released initial builds of the complimentary tools and encourages developers to contribute to them. The BoM Difference Checker will be available later this year. A finalized version of the Self-Assessment Checklist will be formally released in Q4 2010. For more information about the Open Compliance Program, visit http://www.linuxfoundation.org/programs/legal/compliance/.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
FOSS community acts to protect freedom of choice for laptop devices.