Here at The Linux Foundation, we’re preparing for next month’s Collaboration Summit, where we’re going to have a number of sessions dedicated to Open Compliance. We are hosting a FOSS Compliance track with talks reflecting the current state of compliance and new resources just over the horizon. We’re also hosting SPDX working sessions that will work on key technical and business issues prior to release of version 1.0 of the SPDX spec.
In parallel, our Director of Technology & Alliances, Ibrahim Haddad, will be participating at the IP Counsel Café April 7 at the Sheraton Palo Alto. We hope some of you can join us south of the city that day to hear Ibrahim discuss Open Compliance with co-panelists Alyssa Harvey, Associate General Counsel at Netflix, and Diane Honda, Vice President, General Counsel & Secretary of Extreme Networks. The three of them will be discussing the legal side of open source software and open source compliance programs. I know Ibrahim is planning to discuss the practical steps involved in building a corporate compliance program to manage the consumption of open source software while ensuring the fulfillment of license obligations.
I’m really looking forward to these face-to-face opportunities given how much work the community has been doing on Open Compliance since we launched the program last August. Here are a few of the resources we’ve produced that we know companies and individuals are already putting to use:
- Open source compliance training – 4 different course options for professional compliance training, varying in detail and delivery mechanism.
- Open Source Compliance Self-Assessment Checklist – An extensive checklist of compliance best practices, highlighting elements that must be incorporated in an open source compliance program to ensure its success. Companies are self-administering the checklist to benchmark their compliance practices against top tier compliance programs in industry. (If you’d like expert help administering the checklist, either internally or with your supply chains, just contact
- Compliance tools to help with compliance due diligence.
- Compliance Directory and Rapid Alert System that facilitates communications between companies and open source developers on compliance matters when other escalation attempts have failed. The directory and response system has been used numerous times with 100% success rate.
- SPDXTM (Software Package Data ExchangeTM) workgroup that is standardizing how companies report their open source bills of material to ease the discovery and labeling of open source components in their products.
Free educational material:
7 compliance papers, including
- Keys to Managing FOSS Compliance Program
- Achieving FOSS Compliance in the Enterprise
- A Glimpse into Recommended Practices in a FOSS Compliance Management Process
- More papers, as well as the ones above, can be downloaded from http://www.linuxfoundation.org/publications
- 3 papers on compliance tools
- Data sheets on the open compliance program and on compliance training
- 7 compliance papers, including
I hope to see many of you at the upcoming Linux Foundation Collaboration Summit April 6-8. For those of you who can join Ibrahim in Palo Alto on April 7, we welcome you and your questions. The week is certain to be a great opportunity to immerse yourself in open compliance resources.
If you have any questions about compliance or about the training courses, checklist, or other resources from the Linux Foundation, please email us at
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 12/17/2020
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 12/17/2020
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 12/08/2020