A Software Lawyer’s Take on the Linux Foundation’s NEW Open Compliance Program

Jeremy Aber

August 12, 2010

On August 10, 2010 the Linux Foundation announced the Open Compliance Program. So what is this all about? Essentially, the Linux Foundation created this program to address a lot of the FUD relating to using open source software with proprietary software. I think this is a noble objective as there definitely is quite a lot of that FUD out there. So what are the components of the program (from the perspective of a proprietary Software or SAAS company). 

1) TOOLS  [Note to Self: need to check what OS these run on as it may not be that useful for us]

  • Dependency Checker – checks for dynamic and static links.
  • Code Janitor – scans for certain keywords before the code is released.
  • Bill of Material Difference Checker – provides the ability to more accurately track components of the software. 

2) SELF ASSESSMENT CHECKER [Note to Self: this may be the most useful item, but it is not released yet]

  • This checklist will be released in Q4 2010 and is meant to serve as a confidential internal checklist (made up of some of the best internal compliance programs). 
  • If you want to be notified when the tool becomes available, sign up here. 

3) SOFTWARE PACKAGE DATA EXCHANGE (SPDX). [Note to Self: While this sounds good on its face, it also sounds like they are trying to lead the industry into disclosing all embedded open source software to (a) customers and (b) partners, etc. (not sure this is a good thing or even necessary)]

  • Black Duck Software is deeply involved in this Working Group, so I understand why this benefits them. The more they can force the industry to become transparent about embedded open source, the more software companies will need tools like theirs. I am not saying they are bad folks (as I have only heard great things about this company), but I am trying to share my thoughts on the possible motivations and direction the industry may be heading in.
  • Read more about it here

4) COMPLIANCE DIRECTORY AND RAPID ALERT SYSTEM. [Note to Self: Sounds like a good idea, as it will help to create a direct link between the open source providers and the open source compliance officers at various companies]

5) TRAINING AND EDUCATION. [Note to Self: Only good things can come from this]

Whew. Ok, so if your company is looking for growth capital, or just working on your product and development activities, take a read of the new Open Compliance Program. It is probably worth your time, especially if you embed open source software in your software. These are the kinds of things I discuss with OpenView’s portfolio as part of their team of Venture Capital Advisors. 

President and Shareholder

<strong>Jeremy Aber</strong> consults OpenView portfolio companies on legal and contract matters. Jeremy runs his own IT focused law firm, the <a href="http://www.aberlawfirm.com/">Aber Law Firm</a>, and has over 18 years experience in technology and corporate law.