decoration decoration
Stories

GROKLAW
When you want to know more... 		decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.

You won't find me on Facebook

Donate

Donate Paypal

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments

Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
The Linux Foundation's Open Compliance Program - Updated: ForgeRock Joins OIN
Tuesday, August 10 2010 @ 11:29 AM EDT

The Linux Foundation has announced a new compliance program to help companies that wish to use Linux and other Open Source software responsibly know how to comply with licenses. The Software Freedom Law Center is backing it, along with gpl-violations.org, the Open Invention Network, and OSI, as is pretty much every major electronics company, including Adobe, AMD, ARM Limited, Cisco Systems, Google, HP, IBM, Intel, Motorola, NEC, Nokia, Novell, Palamida, Samsung, Sony Electronics, and more than 20 other companies and organizations -- even the Codeplex Foundation supports it. Here's the complete list.

There are some new tools, and they are open sourced too, and the program also includes "training, a standard format to report software licensing information, consulting and a self-assessment checklist that will help companies comply with open source licenses."

It's not hard to comply, certainly easier, I'd say, than with proprietary licenses, but anything new to you can feel harder, and this is designed help businesses easily and effectively incorporate open source tools into their products without friction.

I guess after this there really will be no excuse not to get it right. The press release has links to all the details.

Aside from the three tools listed in the press release, Dependency Checker, Bill of Material (BoM) Difference Checker, and Code Janitor, here are the rest of the tools they list on that tools page:

Other Open Source Compliance Tools

1) Binary Analysis Tool The Binary Analysis Tool is a modular framework that assists with auditing the contents of compiled software. It helps to discover what components were used to create compiled code. The tool is available here.

2) FOSSology FOSSology is a source code scanning tool which provides a framework for software analysis that allows you to discover licenses, parse RPM spec files, determines file types, and unpacks input files (such as .tar, .gz and .iso) into their component files. FOSSology is available here.

3) OSS Discovery is a free, open source scanning tool that helps enterprises find the open source software included in their internal applications and installed on corporate workstations and servers. OSS Discovery is available here.

Jim Zemlin of the Linux Foundation explains the program, and Steven J. Vaughan-Nichols has good coverage too on ComputerWorld.

Update: Speaking of OIN, ForgeROck has now joined OIN:

Open Invention Network (OIN) today extended the Linux ecosystem with the signing of ForgeRock as a licensee. By becoming a licensee, ForgeRock, the official stewards of the ForgeRock I3 Open Platform project, has joined the growing list of organizations that recognize the importance of participating in a substantial community of Linux supporters and leveraging the Open Invention Network to further spur open source innovation.

"We are pleased to welcome ForgeRock, with its high performance enterprise integration and identity platform built upon open source code, into the OIN community of licensees," said Keith Bergelt, CEO of Open Invention Network. "By signing our license, ForgeRock affirms that it values the continued openness of Linux. We applaud the company's foresight in taking this step to support both itself and the principles of open source."

"Software freedom matters. We view an OIN license as one of the key methods through which open source leaders and innovators can deter software patent aggression," said Lasse Andresen, CEO of ForgeRock. "While we respect the right of every developer to choose the license that it believes best reflects its desire and needs, we believe the decision to use software should be driven solely by the requirements of the user, and not by a mandate for a particular brand, vendor or development model."

And here's the Linux Foundation press release, so you can follow the links:

***********************************

The Linux Foundation Launches Open Compliance Program

Enterprise and Consumer Electronics Giants Join Forces to Help Address Increasing Complexities in Software Compliance

LINUXCON, Boston, Mass., August 10, 2010 – The Linux Foundation, the nonprofit organization dedicated to accelerating the growth of Linux, announced today the launch of the Open Compliance Program, a comprehensive initiative that includes tools, training, a standard format to report software licensing information, consulting and a self-assessment checklist that will help companies comply with open source licenses, increasing adoption of open source and decreasing legal FUD present in the marketplace.

As the use of Linux and other open source software has exploded in recent years, especially in mobile and consumer electronics products, the need has arisen for a trusted, neutral, non-commercial compliance program that offers a comprehensive offering of compliance training, tools and services. With today’s complex supply chains, it can be difficult to keep up with the code and licenses present in shipping products.

To address that complexity, The Linux Foundation has developed a set of tools, training curricula and a new self-administered assessment checklist that will allow companies to meet open source license obligations in a cost-effective and efficient manner. The Open Compliance Program also includes a new data exchange standard so companies and their suppliers can easily report software information in a standard way, a crucial missing link in the compliance landscape.

Founding participants of the program include enterprise computing and consumer electronics giants Adobe, AMD, ARM Limited, Cisco Systems, Google, HP, IBM, Intel, Motorola, NEC, Nokia, Novell, Samsung, Software Freedom Law Center, Sony Electronics and more than 20 other companies and organizations. Comments from all the participating companies and organizations can be viewed here.

“As Linux has proliferated up and down the product supply chain, so has the complexity of managing compliance,” said Jim Zemlin, executive director of The Linux Foundation. “Our mission is to enable the expansion of free and open source software, so we created this program to give companies the information, tools and processes they need to get the most out of their investment, while maintaining compliance with the licenses governing the software.”

“Compliance with free software licensing requirements is much easier for product manufacturers and distributors than certain industrial competitors want you to believe,” said Eben Moglen, founder and chairman, Software Freedom Law Center. “Free software licenses are designed to make it easy to copy, modify and redistribute software, commercially and non-commercially. But strong operational compliance engineering measures still play a crucial role, making risk avoidance both inexpensive and wholly effective. The Linux Foundation’s Open Compliance Program will make best operational practices for compliance accessible to all and will help commercial and non-commercial parties work together to improve those practices still further. Participation in this program, along with necessary legal advice and training, should allow any organization to meet its FOSS license compliance responsibilities completely, at very low cost.”

The six elements of The Linux Foundation’s Open Compliance Program are:

Training and Education: The Linux Foundation now offers the industry’s most comprehensive compliance resource for training and informational materials. Training modules cover the fundamentals of open source licensing and compliance activities and can be tailored for audiences ranging from corporate executives to working professionals. Training will be offered live onsite or online. Information assets include free white papers, articles, and webinars available from noted compliance experts. More information on training and education can be found here.

Tools: While there are many commercial and open source scanning tools available to identify the origin and license of source code, The Linux Foundation has developed complementary tools needed to help companies improve their open source compliance due diligence. The Linux Foundation has released initial versions of two of these tools as open source projects and urges other developers to contribute to them. They include:

  • Dependency Checker: capable of identifying code combinations at the dynamic and static link level. In addition, the tool offers a license policy framework that enables FOSS Compliance Officers to define combinations of licenses and linkage methods that are to be flagged if found as a result of running the tool.
  • Bill of Material (BoM) Difference Checker: capable of reporting differences between BoMs and therefore enabling companies to identify changed source code components and to better report included open source components in updated product releases. Development on the BOM Difference Checker will begin in late 2010.
  • The Code Janitor: This tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors, etc. The tool maintains a database of keywords that are scanned for in the source code files to ensure code released is safe and ready for public consumption.

Self-Assessment Checklist: The Linux Foundation has developed an extensive checklist of compliance best practices in addition to elements that must be available in an open source compliance program to ensure its success. Companies are invited to use this checklist as an internal self-administered exercise to evaluate their compliance in comparison to top tier best compliance practices. The checklist will be formally launched in late 2010.

The SPDX™ Standard and Workgroup: This workgroup enables companies to standardize their bills of material to ease the discovery and labeling of open source components in their products; this is especially important for consumer electronics manufacturers who assemble parts from a variety of suppliers into their shipping products. The end result is companies using free and open source software will all be following the same reporting method, thereby reducing costs and complexity. More information can be found at www.linuxfoundation.org/workgroups/spdx

A Compliance Directory and Rapid Alert System: The Linux Foundation has created a directory of compliance officers at companies using Linux and Open Source software in their commercial products so communication can be eased, information related to open source licenses can be easily disseminated and actions can be coordinated. This is a huge need in today’s market where it’s often times difficult for open source projects to identify the correct people at companies using their software to address issues of concern. Companies can add their contact information or developers can query the directory.

Community: The above resources join the existing FOSSBazaar workgroup, which has a thriving and informed community of software and compliance professionals. As the open source ecosystem continues to evolve with new opportunities and risks, this community will focus discussion on how the industry can best adapt to the changes. The Linux Foundation welcomes all interested companies to participate at www.linuxfoundation.org/workgroups/fossbazaar or www.FOSSBazaar.org.

You can find out more about the program at The Open Compliance website.

About The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux. Founded in 2007, the Linux Foundation sponsors the work of Linux creator Linus Torvalds and is supported by leading Linux and open source companies and developers from around the world. The Linux Foundation promotes, protects and standardizes Linux by hosting important workgroups, events such as LinuxCon, and online resources such as Linux.com. For more information, please visit www.linuxfoundation.org or follow the organization on Twitter at http://www.twitter.com/linuxfoundation.

###

Trademarks: The Linux Foundation, MeeGo and Linux Standard Base are trademarks of The Linux Foundation. Linux is a trademark of Linus Torvalds.


  


The Linux Foundation's Open Compliance Program - Updated: ForgeRock Joins OIN | 48 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
corrections here
Authored by: designerfx on Tuesday, August 10 2010 @ 12:05 PM EDT
please fix whatever needs fixing

[ Reply to This | # ]

The Linux Foundation's Open Compliance Program
Authored by: Anonymous on Tuesday, August 10 2010 @ 12:30 PM EDT
I didn't see M$ on the list.

[ Reply to This | # ]

Off Topic Thread Here
Authored by: artp on Tuesday, August 10 2010 @ 12:42 PM EDT
OFF, not ON.

---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley
sinks ?

[ Reply to This | # ]

News Picks Thread
Authored by: artp on Tuesday, August 10 2010 @ 12:44 PM EDT
URL appreciated, for when the article scrolls off the right side of the screen.


---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley
sinks ?

[ Reply to This | # ]

Comes submissions Goes Here
Authored by: artp on Tuesday, August 10 2010 @ 12:49 PM EDT

Check out the Grokla w Comes v MS Web page to see what is left to do.

I am impressed with the progress being made lately. I have no idea of how that ranks on total need, but I am impressed with the sustained effort.

---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley sinks ?

[ Reply to This | # ]

So, there IS such a thing as a Free Launch
Authored by: Anonymous on Tuesday, August 10 2010 @ 12:59 PM EDT
(apologies to Robert Heinlein)

John Macdonald

[ Reply to This | # ]

Contrast Open Compliance with BSA
Authored by: artp on Tuesday, August 10 2010 @ 01:05 PM EDT

From Jim Zemlin's comments at the Linux Foundation:

I also want to be very clear: complying with open source licenses is actually easier than complying with proprietary ones. (One reason: there is no money involved.) There are countless software audits of users every year, and settlements often range in the tens of millions for large companies. You may not have heard about those cases since they do not get the attention the very few open source cases do, but make no mistake, complying with proprietary licenses is not easy or cheap.

Not long ago, a Groklaw member mentioned that his company had decided not to use GPL software because of the risk. This didn't occur to me at the time, but Zemlin's remarks brought it back to the forefront. I'm not calling out the Groklaw member or his company. Such things happen all the time.

I worked for a Fortune 500 company that didn't want to use Samba because of the license. This despite the fact that if they had taken all the Open Source software in the company, the infrastructure would have collapsed. We had previously bought the Free Software Foundation CD so that the suits would have a Purchase Order to snuggle up with, but they weren't impressed when it came to Samba, which I don't think was on the CD.

So, in order to replace a failing PC-NFS scaling problem, we went with a product BASED on Samba, but that didn't work as well. 15,000 home directories, and there were operational problems that Samba would have fixed. More pain for the users. More projects delayed. There is enough cluelessness to go around, thank you very much.

And they still had the problem of doing license audits.

We have the BSA to thank for this mess, at least in part. Maybe someday, I will go to the local school board with this in hand. Schools have been a significant target for the BSA, including school districts in the Seattle area. Go figure!

---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley sinks ?

[ Reply to This | # ]

This is a BAD BAD Thing
Authored by: Anonymous on Tuesday, August 10 2010 @ 03:11 PM EDT
To use IBM's logic from the TurboHercules case:
Codeplex supports this initiative.

Microsoft has a member on Codeplex's Board (
http://www.codeplex.org/About2/FAQ/Governance.aspx )

Microsoft's involvement in Codeplex must be even deeper since their entire site
is based on ASP.Net ...

Ipso facto, this initiative must be some sort of ploy to do harm to the GPL.

[ Reply to This | # ]

The Linux Foundation's Open Compliance Program - Updated: ForgeRock Joins OIN
Authored by: hairbear on Wednesday, August 11 2010 @ 02:49 AM EDT
This looks really useful. I've just flagged this up at work now as we're
starting to get seriously into using and supporting open source (well ... more
using than supporting at the mo, but people are starting to see the advantages
of the model and are pretty much persuaded now). I think I will also recommend
we join.

hairbear

[ Reply to This | # ]
Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details ) 		Site layout based on Woodlands theme by Bryan Bell.
Groklaw logo by John Crowley.
News Picks logo by Ted Thompson.
Powered By GeekLog
Created this page in 0.03 seconds