Is Your Business Compliant with Open Source Licenses?

There are many ways that vendors of proprietary products try to scare business customers away from open source software, and one of the more commonly heard examples involves vague fears about compliance with open source licenses. There’s nothing like the specter of a good lawsuit to scare a company back into a paid vendor’s welcoming arms.

Open source software such as Linux does involve licenses, it’s true, but complying with those licenses should not impose any significant burden on the company using such software. Nor should it be a reason to use proprietary products instead.

Aiming to help quash such fear, uncertainty and doubt, and to help companies focus their compliance efforts, the Linux Foundation this week unveiled a free self-assessment checklist designed to reduce the cost and complexity involved for the increasing number of companies using Linux.

Open Compliance Program

The Linux Foundation actually runs a full-fledged compliance program aimed at easing the adoption of open source software, and it includes a variety of free tools and education materials, comprehensive professional training, an online compliance community for exchanging compliance best practices, and more.

Founding participants of the program include Adobe, AMD, ARM Limited, Cisco Systems, Google, HP, IBM, Intel, Motorola, NEC, Nokia, Novell, Samsung, the Software Freedom Law Center and Sony Electronics.

The new checklist, meanwhile, is designed to provide a confidential internal tool that companies can use to assess their progress with a rigorous compliance process, and to prioritize their improvement efforts.

A process failure modes effects analysis (FMEA) approach, for example, identifies the ways a compliance attempt can fail, as well as practices that can help prevent that from happening. More than 100 practices are identified in the checklist, all focusing on what needs to be done.

The checklist can help companies prioritize process improvement efforts in the areas of greatest payoff. Plus, it can be used to assess a supplier’s compliance practices and gauge the likely reliability of its open source disclosures. Based on practices found in industry-leading compliance programs, the tool will improve the effectiveness of such programs and deliver tangible benefit relative to the cost of those practices, the Linux Foundation says.

A Free Download

While it’s not a guarantee of compliance, nor does it provide specific guidance on interpreting the GNU General Public License (GPL)–there are companies for hire that offer such assistance–the checklist does help companies make sure that they have the necessary policies, tools, and resources in place to comply with open source licenses.

“Compliance is essential if companies are to gain the maximum benefit from use of free and open source software while respecting license obligations,” as the foundation points out.

How does your company measure up? Find out by downloading the Self-Assessment Checklist (registration required) and trying it out for yourself.

Follow Katherine Noyes on Twitter: @Noyesk.