This white paper examines compliance practices needed when software supplied by a third party vendor is brought into the code baseline of a product to be distributed externally. The white paper discusses requirements a company should impose upon its suppliers to disclose FOSS in their deliverables and to provide what’s needed to achieve compliance. The paper also discusses steps a company should take to review and validate the FOSS disclosures made by its suppliers. In addition to those topics, the white paper addresses measures a company can undertake to assess its suppliers’ compliance capabilities.
About the Author (Philip Koltun, Ph.D.)
Dr. Philip Koltun directs The Linux Foundation’s Open Compliance Program and works with the community to provide a full range of services and intellectual assets that enhance compliance activities.
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 12/17/2020
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 12/17/2020
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 12/08/2020