Open Source Compliance Publications

Practical Advice to Scale<br />
Open Source Legal<br />
Support   Practical Advice to Scale Open Source Legal Support
Author: Ibrahim Haddad, Ph.D., Samsung Research America
In this article, we look closely at the role of the Legal Counsel in ensuring FOSS compliance and examine practical advice that a Legal Counsel can provide to the software development team. Such practical advice will enable software developers to make daily decisions related to open source licenses without having to go back to the Legal Counsel for every single question.
July 2013
Download Now
Generic OSRB Contribution Form   Generic OSRB Contribution Form
Author: The Linux Foundation
This document – Generic Open Source Review Board Contribution Form – is part of the free resources made available by The Linux Foundation OCP. It offers a template for the Contribution Form used by developers to request approval to contribute to existing FOSS projects or when starting a new FOSS project. You can use this template as a starting point in designing your own forms.
June 2012
Download Now
A Template for Approval Request Form For The Use of Free and Open Source Software   Generic FOSS Policy
Author: The Linux Foundation
Companies using FOSS often create a company-wide policy to ensure that all staff is informed of how to use FOSS (especially in products), to maximize the impact and benefit of using FOSS, and to ensure that any technical, legal or business risks resulting from that usage are properly mitigated. This document is a new free resource available from the Linux Foundation under the Open Compliance Program. It offers a generic FOSS Policy that companies can use as starting point in creating their own FOSS Policy. It provides a template policy that focuses on governing FOSS usage in externally distributed products that can be customized to the company’s specific needs.
April 2012
Download Now
A Template for Approval Request Form For The Use of Free and Open Source Software   A Template for Approval Request Form For The Use of Free and Open Source Software
Author: The Linux Foundation
This document is part of the free resources made available by The Linux Foundation Open Compliance Program. It offers a template for the Approval Request Form used by developers to request approval to use Free and Open Source Software (FOSS) in a commercial product. The company’s Open Source Review Board (OSRB) then reviews the submission and determines approval. In most cases, the submission, reviewal and approval of such requests is managed via an online submission system that is part of the company’s FOSS compliance management process.
March 2012
Download Now
Publishing Source Code for FOSS Compliance: Lightweight Process and Checklists   Publishing Source Code for FOSS Compliance: Lightweight Process and Checklists
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
This paper falls under the free educational resources made available by The Linux Foundation that focus on various practical aspects of achieving FOSS compliance in the enterprise. Our goal has been to assist organizations in recognizing and meeting their obligations when using FOSS in their commercial products. This paper discusses the aspect of publishing source code in meeting license obligations. It presents a sample process to follow when making source code available and offers checklists that you can use prior and post source code publication.
February 2012
Download Now
Open Source Compliance in the Application Development Space   Open Source Compliance in the Application Development Space
Author: Philip Koltun (Ph.D.), The Linux Foundation
This white paper will take an objective, neutral look at app development today and discuss open source license obligations that must be considered by app developers and app stores. We’ll highlight some of the compliance challenges and point out some of the resources available to assist those companies and app developers committed to respecting the open source community and fulfilling responsibilities.
December 2011
Download Now
Open Compliance Program Marks Its One-Year Anniversary   Open Compliance Program Marks Its One-Year Anniversary
Author: Philip Koltun (Ph.D.), The Linux Foundation
The Open Compliance Program was established with the goal of boosting adoption of Linux and other FOSS by making license compliance ever-easier to achieve. Over the last year, four training classes have been created on implementing compliance programs, a compliance self-assessment checklist has been published, many tutorial white papers have been written, compliance tools have been developed, and resources have been extended to the compliance community. Download the white paper for more details and access to the resources.
August 2011
Download Now
FOSS Compliance Practices for Supplied Software   FOSS Compliance Practices for Supplied Software
Author: Philip Koltun (Ph.D.), The Linux Foundation
This white paper examines compliance practices needed when software supplied by a third party vendor is brought into the code baseline of a product to be distributed externally. The white paper discusses requirements a company should impose upon its suppliers to disclose FOSS in their deliverables and to provide what’s needed to achieve compliance. The paper also discusses steps a company should take to review and validate the FOSS disclosures made by its suppliers. In addition to those topics, the white paper addresses measures a company can undertake to assess its suppliers’ compliance capabilities.
July 2011
Download Now
A Five Step Compliance Process for FOSS Identification and Review   A Five Step Compliance Process for FOSS Identification and Review
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
This white paper is one in a series that focuses on the various practical aspects of ensuring free and open source software (FOSS) compliance in the enterprise. This paper provides an example of a compliance process for FOSS identification and review that consists of five steps. The focus of the paper is around using and integrating FOSS with proprietary and third party source code in a commercial product.
June 2011
Download Now
Keys to Managing a FOSS Compliance Program   Keys to Managing a FOSS Compliance Program
Author: Philip Koltun (Ph.D.), The Linux Foundation
This white paper is sixth in a series that focuses on the various practical aspects of ensuring free and open source software (FOSS) compliance in the enterprise. This paper examines the managerial practices needed to plan, coordinate, and control a successful compliance program.
February 2011
Download Now
Achieving FOSS Compliance in the Enterprise   Achieving FOSS Compliance in the Enterprise
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
This white paper is fifth in a series that focuses on the various practical aspects of ensuring free and open source software (FOSS) compliance in the enterprise. This paper examines a sample end-to- end compliance process.
December 2010
Download Now
Self-Assessment Checklist   Self-Assessment Checklist
Author: The Linux Foundation
The Linux Foundation has compiled this extensive checklist of compliance practices found in industry-leading compliance programs. Companies can use this checklist as a confidential internal tool to assess their progress in implementing a rigorous compliance process and to help them prioritize their process improvement efforts.
November 2010
Download Now
A Glimpse Into Recommended Practices in a FOSS Compliance Management Process   A Glimpse Into Recommended Practices in a FOSS Compliance Management Process
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
This paper is one in a series that discusses the topic of FOSS compliance and it is part of the free educational material that the Linux Foundation is making available under the Open Compliance Program.
October 2010
Download Now
Free and Open Source Software Compliance: Who Does What   Free and Open Source Software Compliance: Who Does What
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
Ever since companies started integrating FOSS in their products, there has been the need to ensure compliance with applicable FOSS licenses. Different companies have used various ways to structure their teams responsible for fulfilling this function. Other companies have opted for a cross functional team that consists of a dedicated Open Source Compliance Officer who has access to various individuals and teams that contribute to the compliance effort without being part of a centralized team. In this paper, we examine the latter model of FOSS compliance team and discuss the roles and responsibilities of individuals and teams involved in the compliance process.
August 2010
Download Now
Establishing Free and Open Source Software Compliance Programs: Challenges and Solutions   Establishing Free and Open Source Software Compliance Programs: Challenges and Solutions
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
This white paper is a second in a series that focus on the practical aspects of ensuring free and open source software (FOSS) compliance in the enterprise. The first paper entitled “FOSS Compliance: The Basics You Must Know”, available from the Linux Foundation, provided a discussion on the multi-source development model, the need for compliance, objectives and benefits, the consequences of non- compliance, possible compliance failures, how to avoid them and lessons learned.
August 2010
Download Now
Free and Open Source Software Compliance   Free and Open Source Software Compliance: The Basics You Must Know
Author: Ibrahim Haddad (Ph.D.), The Linux Foundation
This white paper is a first in a series that will focus on the various practical aspects of ensuring free and open source software compliance in the enterprise. This paper provides basic discussion on the changing business environment moving to a multi-source development model, the objectives of compliance and the benefits resulting from having a successful compliance program and much more.
June 2010
Download Now

Tools

Dependency Checker Tool   Dependency Checker Tool
Authors: Stew Benedict and Jeff Licquia, The Linux Foundation
The paper is divided into two main parts: The first part provides a discussion on the role of tools in ensuring FOSS compliance with a listing of tools used in the compliance end-to-end management process, and the second part is dedicated to the Dependency Checker Tool design and implementation details.
Download Now
<br />
            Code Janitor Tool   Code Janitor Tool
Authors: Stew Benedict and Jeff Licquia, The Linux Foundation
Initiated by the Linux Foundation as an open source project, this Code Janitor tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors, etc. The tool maintains a database of keywords that are scanned for in the source code files to ensure source code comments are sanitized and ready for public consumption.
Download Now
<br />
            The FOSSology Project   The FOSSology Project
Author: Bob Gobeille, Hewlett-Packard
FOSSology (http://fossology.org) is an open source compliance toolset that provides license and copyright discovery. Every file submitted to the FOSSology system is saved in a file repository, scanned, and results are stored in a database. A web user interface displays results while the database and file repository remain for future scans and data mining.
Download Now

Data Sheets

Open Compliance Data Sheet   Open Compliance Data Sheet
Author: The Linux Foundation
The Open Compliance Program presents a wide-ranging array of tools, training, and informative guidance to help companies comply with open source license obligations, with the goal of increasing adoption of open source and decreasing FUD present in the marketplace. As a trusted, neutral, non-commercial source of expertise, advice, and assistance, the Linux Foundation will help organizations achieve their compliance objectives, a sometimes daunting task.
Download Now
Open Compliance Training Data Sheet   Open Compliance Training Data Sheet
Author: The Linux Foundation
Understanding what must be done to comply with license obligations takes knowledge and discipline. Companies achieve complete compliance only through a comprehensive process of audit, disclosure, review, and recordkeeping, not by ad hoc last-minute actions. Failure to comply can carry severe consequences, potentially including loss of license, compromise of intellectual property, lost ability to ship product, breach of contract, and financial penalties. The Linux Foundation now offers comprehensive training on open source compliance from industry experts, along with tools, information, and guidance to assist organizations in achieving their compliance objectives
Download Now