The Open Compliance Program continues its mission of making it ever easier for companies to achieve compliance with FOSS license obligations. I am pleased to announce the publication of our sixth white paper, titled “Keys to Managing a FOSS Compliance Program,” which can be freely downloaded (along with all our other white papers) from the Linux Foundation’s publications website. Our new white paper examines the managerial practices needed to plan, coordinate, and control a successful compliance program. Managing a FOSS compliance initiative requires establishing a plan, gathering sufficient resources, allocating the resources where they will do the most good, tracking accomplishments to plan, adjusting the plan as needed, and so on. This white paper focuses on a handful of the critical project management techniques needed to assure a successful compliance outcome, namely resource estimation, progress tracking, metrics collection and analysis, and use of management tools.
Another addition to our complement of compliance resources is a new training class: LF272, “Open Source Compliance Programs: What You Must Know.” LF272 discusses open source compliance requirements and industry best practices in organizing and managing the compliance function. This two-hour condensed look at compliance programs will be offered live over the internet once a month. Advance registration is required at the open source compliance training webpage on the Linux Foundation’s site. Two separate class sessions will be scheduled each month, timed to enable people in the U.S. and Europe and those in Asia to participate. As with other Linux Foundation classes, a modest fee will be charged to sustain our training efforts.
Besides the white paper and the training class, I had a great opportunity to team with attorneys Karen Copenhaver of Choate Hall & Stewart LLP and Mark Radcliffe of DLA Piper on an audio webcast for the Practising Law Institute (PLI). Delivered February 16, the seminar was titled “Signposts of an Effective Open Source Compliance Program.” The webcast focused on providing practical advice to attorneys who oversee corporate compliance programs on the subject of critical compliance success factors. Participants earned continuing legal education (CLE) credit. People interested in the content can obtain a recording of the webcast at PLI Live Seminars – Signposts of an Effective Open Source Compliance Program (Audio-only). (Please note that PLI charges a fee for its courses to support its programs.)
In addition to these new compliance resources, previously introduced resources continue to gain traction. Consider this:
- The Open Source Compliance Self-Assessment Checklist has now been downloaded more than 700 times from Linux Foundation sites in the U.S. and Japan. (The checklist has also been translated into Korean. Contact me if you’d like a copy.) Many people are using the checklist to benchmark their own compliance programs and to guide improvement efforts. And I’ve been working with supply chain managers who are using the checklist to assess their suppliers’ compliance practices.
- The SPDXTM workgroup continues progress on its goal of enabling suppliers to convey systematic FOSS bills of material along with their software deliverables. A pilot program for trial use of SPDXTM among pairs of trading partners has been spun up for launch in late March of this year. (There’s still time to get in on the pilot! Let me know if you’re interested.) Two half-day workshops have been set for the Linux Foundation’s Collaboration Summit coming up April 6-8 in San Francisco to make even more progress on technical and business issues related to the SPDXTM project. (Request your invitation for the Collaboration Summit at 2011 Linux Foundation Collaboration Summit | Overview | Linux Foundation Events.)
Please visit the Open Compliance Program website for updates on our open source compliance white papers, open source compliance tools, FOSSBazaar open source governance community, open source compliance directory, and other resources. And let me know how the Open Compliance Program can help!
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 12/17/2020
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 12/17/2020
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 12/08/2020