Linux Foundation Simplifies FOSS License Management
The Linux Foundation used this year’s LinuxCon in Boston to launch its new Open Compliance Program, aimed at making it easier for companies that are new to using Free and Open Source Software (FOSS) to ensure that their products comply with open source licensing.
According to the opening keynote from Jim Zemlin, the Linux Foundation’s executive director, a huge number of new companies are starting to incorporate Linux and FOSS within their own technology for the first time. In many cases this is not for ideological reasons, but because it is increasingly the only way to compete in their industry. However, these companies are often working within highly complex value chains where it can be difficult to manage licensing and legal complexity.
The result of these inexperienced FOSS users, combined with increasing complexity, is a growing number of FOSS license breaches. Zemlin maintained that almost all of these breaches were inadvertent and that the perpetrators were only too willing to comply with FOSS licensing terms once they had been made aware of any issues. Nevertheless, he admitted that the growing number of court cases was slowing the penetration of FOSS into some new industries by generating undue fear of the legal dangers of using open source.
“We wanted a pan-industry, holistic solution that will put any misunderstanding of how to use open source licensing behind us, and that will get rid of hundreds of millions of dollars of needless cost: Either the cost of having to learn from scratch how to manage this software within your company or money that is spend in (law) suits that you never needed to have,” said Zemlin explaining the aims behind the new programme.
The new programme is chiefly focused on delivering better training and education on licensing issues. “Linux Foundation staff can come in and teach an organisation in two days what it takes them a year to learn on their own,” Zemlin claimed. The foundation will also be improving online resources and delivering new open source tools to help with due diligence and code compliance, along with benchmarks, best practice examples and a self-assessment programme for corporations. More information and resources can be found here.
Specifically focused on licensing issues for those companies operating in complex value chains, the Open Compliance Program also includes a workgroup concentrating on developing the new Software Package Data Exchange (SPDX) schema. SPDX aims to deliver an industry schema that will allow companies to pass FOSS licensing information in a common standardised format across their supply chain. “Just like you have a hardware bill of materials, license information on software will also be included in that bill of materials,” Zemlin explained.
Wrapping up the talk, he concluded: “We’re excited about this programme because not only is it going to reduce the cost and ease the friction of using open source within the industry, but because we have tremendous support behind this effort. It is pretty much unanimous, every company that has any reasonable investment in open source and Linux has come out in support of this effort.”