170 likes | 443 Views
Update on The Open Compliance Program. Phil Koltun, Ph.D. Director, Open Compliance Program pkoltun@linuxfoundation.org. Looking back, looking forward. Accomplishments since Open Compliance Program announced in August, 2010
E N D
Update on The Open Compliance Program Phil Koltun, Ph.D. Director, Open Compliance Program pkoltun@linuxfoundation.org
Looking back, looking forward Accomplishments since Open Compliance Program announced in August, 2010 What to look for from the Open Compliance Program in the coming year
Compliance Training Curriculum • 4 courses are now available • » LF488 Implementation and Management of Open Source Compliance (2 days) • » LF384 Overview of Open Source Compliance End-to-End Process (1 day) • » LF281 Executive Review of Open Source Compliance (4 hrs) • » LF272 Open Source Compliance Programs: What You Must Know (2 hrs) The training was structured and well organized from overview to in-depth details. Thank you for the great training. I found there were many items to be taken care of when using open source software that had not been in our organization. I think the content and the tone of the presentation was just right. The Linux Foundation’s neutral standpoint was also very important in making the course more appealing. It was a great opportunity to learn about open source compliance.
Educational Material • 13 papers published • Also available in Japanese • 3 Webinars • 2 available from LF site: • “6 Tips for Getting Started With Open Source Compliance” • Self-Assessment Checklist • 1 in collaboration with the “Practicing Law Institute” • Compliance at LF Events • FOSS compliance track • SPDX track
Self-Assessment Checklist • Released on 11/01/2011 • Available in English, Japanese and Korean • Over 1000 downloads, including 200+ for Japanese version • Companies are using this checklist as: • An internal self-administered benchmark to evaluate their compliance practices, and • A tool to engage their suppliers in discussion about needed compliance processes I have downloaded, printed and read the compliance checklist. I think it is a fine initiative and I believe I will let it inspire our process and handling of FOSS at <COMPANY>. Congratulation for your work. It is a precious working document. I believe that these efforts and specifically your Checklist will significantly help companies with their compliance efforts.
Rapid Response Compliance Directory Goal Connect open source developers & GPL enforcers with companies to resolve compliance concerns as soon as possible and without unnecessary escalations What happened since Aug 2010? • Worked with developers / GPL enforcers / companies • Several compliance inquiries were resolved to the satisfaction of the inquirer • None of these cases became “news”
Impact of the Compliance Directory Connect developers/GPL enforcers to companies. Contribute to resolving compliance issues before they become news. Less FUD.
Identifies code combinations at the dynamic and static link level Offers a license policy framework to define combinations of licenses and linkage methods that are to be flagged Provides linguistic review capabilities to flag comments in source code about future products, product code names, mention of competitors, etc. Maintains a db of keywords that are scanned for in the source code files to ensure code released is safe and ready for public consumption Tools for Compliance Due Diligence
SPDXTM Workgroup Goal: Create a set of data exchange standards to enable companies and organizations to share license and component information (metadata) for software packages and related content with the aim of facilitating license and other policy compliance
SPDXTM Workgroup Open Source Organizations End-Users Integration & Services Device OEMs Applications OS Distributions Systems Semiconductor Vendors …and others Participation is from a range of organizations and across various roles
SPDXTM Roadmap Jan 2010 Aug 2010 Apr 2011 Jun 2011 Aug 2011 Spec started Spec v1 Beta Spec v1 Release Candidate Start Beta Program Beta Program Feedback Spec v1 Final @ LinuxCon Partners in Beta Programs: HP & Wind River Motorola & TI Open Logic & Antelink
SPDXTM Workshop @ Collab SPDX Sessions at Collaboration Summit: SPDX Technical Working Session Thursday 1:15pm – 5:30pm in Spring A SPDX Business Working Session Friday 9:00am – 12:15pm in Sakura C
FOSSBazaar • A community focused on FOSS governance for the enterprise • Self-sustaining; publishes wiki, news items, FAQs, videos, etc.
Compliance Challenges to Tackle • Extending compliance throughout the supply chain • Training courses, white papers, webinars, conference tracks • Self-Assessment Checklist, facilitated discussions, and on-site consulting • Reducing the cost of compliance, especially for small companies • White papers, open source compliance tools, SPDX, roadmaps
Future Direction More of everything: education, papers, training, SPDX, events, tools, etc.) FOSS Compliance Certification (under consideration) 15
Linux Foundation Compliance Resources Open Compliance Program: http://www.linuxfoundation.org/programs/legal/compliance Compliance Publications: http://www.linuxfoundation.org/publications The Software Package Data Exchange™: http://spdx.org/ FOSSBazaar: http://fossbazaar.org/ Got questions? compliance@linuxfoundation.org
Q & A Phil Koltun, Ph.D. Director, Open Compliance Program pkoltun@linuxfoundation.org