Official website for Linux User & Developer
FOLLOW US ON:
Sep
8

Linux Foundation Simplifies FOSS License Management

by Rory MacDonald

The Linux Foundation used this year’s LinuxCon in Boston to launch its new Open Compliance Program, aimed at making it easier for companies that are new to using Free and Open Source Software (FOSS) to ensure that their products comply with open source licensing.

This article is due to appear in issue 92 of Linux User & Developer magazine.Linux Foundation Simplifies FOSS License Management Subscribe and save more than 30% and receive our exclusive money back guarantee – click here to find out more.

Linux Foundation Simplifies FOSS License ManagementAccording to the opening keynote from Jim Zemlin, the Linux Foundation’s executive director, a huge number of new companies are starting to incorporate Linux and FOSS within their own technology for the first time. In many cases this is not for ideological reasons, but because it is increasingly the only way to compete in their industry. However, these companies are often working within highly complex value chains where it can be difficult to manage licensing and legal complexity.

The result of these inexperienced FOSS users, combined with increasing complexity, is a growing number of FOSS license breaches. Zemlin maintained that almost all of these breaches were inadvertent and that the perpetrators were only too willing to comply with FOSS licensing terms once they had been made aware of any issues. Nevertheless, he admitted that the growing number of court cases was slowing the penetration of FOSS into some new industries by generating undue fear of the legal dangers of using open source.

“We wanted a pan-industry, holistic solution that will put any misunderstanding of how to use open source licensing behind us, and that will get rid of hundreds of millions of dollars of needless cost: Either the cost of having to learn from scratch how to manage this software within your company or money that is spend in (law) suits that you never needed to have,” said Zemlin explaining the aims behind the new programme.

The new programme is chiefly focused on delivering better training and education on licensing issues. “Linux Foundation staff can come in and teach an organisation in two days what it takes them a year to learn on their own,” Zemlin claimed. The foundation will also be improving online resources and delivering new open source tools to help with due diligence and code compliance, along with benchmarks, best practice examples and a self-assessment programme for corporations. More information and resources can be found here.

Specifically focused on licensing issues for those companies operating in complex value chains, the Open Compliance Program also includes a workgroup concentrating on developing the new Software Package Data Exchange (SPDX) schema. SPDX aims to deliver an industry schema that will allow companies to pass FOSS licensing information in a common standardised format across their supply chain. “Just like you have a hardware bill of materials, license information on software will also be included in that bill of materials,” Zemlin explained.

Wrapping up the talk, he concluded: “We’re excited about this programme because not only is it going to reduce the cost and ease the friction of using open source within the industry, but because we have tremendous support behind this effort. It is pretty much unanimous, every company that has any reasonable investment in open source and Linux has come out in support of this effort.”

You can find our interview with Jim Zemlin from last year here, or you can click here to view our latest stories…

twitter follow us
  • Tell a Friend
  • Follow our Twitter to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
    • Pingback: Can Nokia Formulate It Big With MeeGo

    • ned flanders

      We have the stick, SFLC, for those that DONT want to cooperate.

      We now have the carrot for those that dont know how to cooperate.

      Having one without the other makes little sense.

      PS: Do you folks have an identi.ca account?