FOSS Compliance: What Are the Basics You Must Know?
Software compliance isn’t exactly the sexiest topic we tackle at the Linux Foundation, but it’s one of the most important. While we focus *our* efforts on open source software, the vast majority of software compliance efforts are focused on proprietary licenses. Just ask a CIO of an enterprise who has been audited by one of their software suppliers recently, or look at the well funded efforts of the Business Software Alliance, an organization dedicated to stamping out piracy and keeping companies in compliance with their members.
At the Linux Foundation, we aren’t concerned with proprietary licenses and the well-funded and well-armed organizations that maintain compliance. We concern ourselves with helping companies use open source software, and in order to use open source software, you must keep in compliance with the license. After all to most open source projects the license is just as important, if not more so, than the code itself. Just ask Linus how important his choice of the GPL was to the success of Linux. “Making Linux GPL was the best thing I ever did,” he’s quoted as saying.
Licenses are so important to software freedom that I’m pleased to announce a new white paper series that will focus on the various aspects of ensuring free and open source software compliance in the enterprise. The first paper is “Free and Open Source Compliance: The Basics You Must Know.” This paper provides an overview of the following topics:
- The changing business environment moving to a multi-source development model
- The objectives of compliance and the benefits resulting from having a successful compliance program
- The consequences of non-compliance with the licenses of free and open source software
- The compliance failures that can occur, how to avoid them and prevent them from happening in the future
- The lessons learned from the various non-compliance cases with emphasis on the positive learnings
This paper is written by Ibrahim Haddad, our Director of Technology and Alliances at the Linux Foundation. While Ibrahim focuses on Mobile Linux initiatives and advancing the Linux platform for next-generation mobile computing devices, specifically the Meego project, he also is an expert on open source compliance. Luckily for us, he’s a prolific writer on these issues. Keep an eye out for more papers in this series. They’ll be available on linuxfoundation.org. If you have questions on open source compliance, you can also contact us here.