Linux Foundation offers open source compliance checklist

Organizations that are interested in using open source in their own products but are wary of intellectual property issues might want to examine a new, mostly free, assistance program just launched by the non-profit Linux Foundation.

The Open Compliance Program includes an assessment checklist, training programs and software tools to monitor open source software usage.

Especially in the growing field of mobile device and consumer electronics manufacturers, software development often involves use of multiple programs -- many open source -- in a single stack, said Jim Zemlin, executive director of The Linux Foundation.

"You have a really complicated supply chain, where you might get source code coming from lots of different places, whether it is a chipset vendor, a mobile handset provider or embedded software vendor," he said. "Managing open source license compliance is complicated."

Many companies are unaware of how different software licensing works with open source, or their executives fear being forced to divulge their own software code because it was intermingled with some open source code under the Gnu Public License (GPL). SAP, for instance, has set up an open source office and program specifically to deal with such issues.

"What we were looking for is [a way] to solve this complexity and to prevent needless lawsuits," Zemlin said. "Our community has the exact same goal that the industry has, to make using open source as low-cost and as easy as possible."

The Linux Foundation's program provides a range of tools and services to get such companies up to speed, Zemlin said.

The program includes a self-assessment check-list (available in late 2010), training programs, software tools that check programs for open source licensing or other issues, a community workgroup, a compliance directory of companies using open source software, and a new standard, called the Software Package Data Exchange (SPDX), that can be used to create a packing list of all supporting software components within an application.

All these services, except for the training courses, will be free, Zemlin said.

Organizations such as Adobe, Advanced Micro Devices, Cisco Systems, Google, Hewlett-Packard, IBM, Intel, Motorola, Novell, Samsung, the Software Freedom Law Center and Sony Electronics have endorsed this program.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com