Linux Foundation Announces Open Compliance Program
Major names in open source and enterprise lend support.
The Linux Foundation began LinuxCon with a bang when it announced the formation of the Open Compliance Program, Tuesday.
The Open Compliance Program is an initiative meant to help companies abide by open source licenses and alleviate legal concerns within the marketplace. The program consists of six elements:
Training: The Linux Foundation offers additional documentation and training models that cover open source licensing fundamentals and activities geared toward enterprise. The foundation also will offer offer on-site or online training.
Tools: The Linux Foundation also developed complementary tools to improve due diligence. This is done via three tools, a dependency checker that identifies code combinations at dynamic and static levels, a Bill of Material (BoM) Difference Checker, and a code janitor that provides linguistic review capabilities. The Code Janitor ensures that developers don’t leave comments in the source code by scanning source code files for a series of keywords stored in a database.
Self-Assessment Checklist: A checklist developed by The Linux Foundation that gives companies a list of compliance criteria to self-evaluate a given project’s level of compliance.
The SPDX Standard and Workgroup: A labeling standard meant to easily identify and categorize open source components within a project. Visit www.linuxfoundation.org/workgroup/spdx/ for more details.
A Compliance Directory and Rapid Alert System: The Linux Foundation created a master list of compliance officers at companies implementing open source code in their commercial products. The database can be accessed and added to by visiting http://www.linuxfoundation.org/programs/legal/compliance/directory/
Community: These tools join the FOSSBazaar workgroup. The workgroup can be found at FOSSBazaar.org or http://www.linuxfoundation.org/workgroups/fossbazaar/.
“Our mission is to enable the expansion of free and open source software, so we created this program to give companies the information, tools and processes they need to get the most out of their investment, while governing the software,” Jim Zemlin, executive director of The Linux Foundation said.
Along with those tools, The Linux Foundation also announced the founding participants in the program. HP, Intel, IBM, AMD, ARM Limited, Cisco Systems, Google , Novell, Samsung, Adobe, Nokia, NEC, Motorola, Sony Electronics, and Software Freedom Law Center are all members of the Open Compliance Program.
“By creating the Open Compliance Program, The Linux Foundation once again has stepped up to the challenge of providing the unifying force in an arena experiencing explosive growth, while decreasing the FUD around Linux and Open Source. IBM proudly supports the Open Compliance Program, which is an invaluable step in furthering the standards, tools, training and certification so needed by the industry,” said Dan Frye, VP open systems development at IBM.
Currently, the foundation has released initial builds of the complimentary tools and encourages developers to contribute to them. The BoM Difference Checker will be available later this year. A finalized version of the Self-Assessment Checklist will be formally released in Q4 2010. For more information about the Open Compliance Program, visit http://www.linuxfoundation.org/programs/legal/compliance/.
New release comes with better semantic search and improvements to Kontact.
Annual code quality report shows FOSS is more secure at all project size levels.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers