informa
/
2 MIN READ
News

Linux Foundation Launches License Compliance Program

The non-profit foundation is trying to remove barriers to open source code adoption by easing compliance issues including providing code scanning tools that identify if open source code is linked to commercial code.



Image Gallery: Yahoo!'s Hadoop Implementation
(click for larger image and for full photo gallery)
Another tool is the Bill of Material Checker, capable of detecting changes in the bill of materials that indicates new code components have been added to product. The tool can report on new open source components added to a product, something that's hard to do with rapidly changing mobile devices and embedded systems, said Zemlin.

Another tool is the Code Janitor, which checks comments in the source code to insure developers didn't leave statements about future products, product code names, references to competitors. The tool checks code against its database of keyword to make sure the code is ready for public consumption.

Moglen said in the announcement of the foundation's program that its tools will make "best operational practices for compliance accessible to all and will help commercial and non-commercial (such as open source projects) parties work together…"

The tools are designed to drive down the cost of staying in compliance with open source licenses, Zemlin said.

There are already commercial products to help you do so. Black Duck Software offers license management products. Palamida offers code analysis and compliance products. Coverity offers code analysis and comparison products. HP has produced a multi-tool framework for managing open source code that it calls Fossology.

But the foundation has drawn many compliance elements together and is presenting them as a free, comprehensive program. It offers a self-assessment checklist of best practices that can be used to compare with existing company policies. It also offers a standardized bill of materials for clearer labeling of what open source components are in products. By following the same reporting method, manufacturers will know they are on firmer ground in dealing with their suppliers and each other, Zemlin said. The foundation will also maintain a directory of compliance officers at companies so that changes, or questions about changes, can be dealt with quickly and directly. Names of compliance officers may be reviewed or added to the directory at www.linuxfoundation.org/services/compliance/directory.

IBM, Motorola, Nokia, Adobe, Intel, AMD, Cisco, Google, HP, Sony and Novell are supporting the initiative, along with other companies. Black Duck and Palamida are also supporters.