1 / 17

Update on The Open Compliance Program

Update on The Open Compliance Program. Phil Koltun, Ph.D. Director, Open Compliance Program pkoltun@linuxfoundation.org. Looking back, looking forward. Accomplishments since Open Compliance Program announced in August, 2010

paul
Download Presentation

Update on The Open Compliance Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Update on The Open Compliance Program Phil Koltun, Ph.D. Director, Open Compliance Program pkoltun@linuxfoundation.org

  2. Looking back, looking forward Accomplishments since Open Compliance Program announced in August, 2010 What to look for from the Open Compliance Program in the coming year

  3. Compliance Training Curriculum • 4 courses are now available • » LF488 Implementation and Management of Open Source Compliance (2 days) • » LF384 Overview of Open Source Compliance End-to-End Process (1 day) • » LF281 Executive Review of Open Source Compliance (4 hrs) • » LF272 Open Source Compliance Programs: What You Must Know (2 hrs) The training was structured and well organized from overview to in-depth details. Thank you for the great training. I found there were many items to be taken care of when using open source software that had not been in our organization. I think the content and the tone of the presentation was just right. The Linux Foundation’s neutral standpoint was also very important in making the course more appealing. It was a great opportunity to learn about open source compliance.

  4. Educational Material • 13 papers published • Also available in Japanese • 3 Webinars • 2 available from LF site: • “6 Tips for Getting Started With Open Source Compliance” • Self-Assessment Checklist • 1 in collaboration with the “Practicing Law Institute” • Compliance at LF Events • FOSS compliance track • SPDX track

  5. Self-Assessment Checklist • Released on 11/01/2011 • Available in English, Japanese and Korean • Over 1000 downloads, including 200+ for Japanese version • Companies are using this checklist as: • An internal self-administered benchmark to evaluate their compliance practices, and • A tool to engage their suppliers in discussion about needed compliance processes I have downloaded, printed and read the compliance checklist. I think it is a fine initiative and I believe I will let it inspire our process and handling of FOSS at <COMPANY>. Congratulation for your work. It is a precious working document. I believe that these efforts and specifically your Checklist will significantly help companies with their compliance efforts.

  6. Rapid Response Compliance Directory Goal Connect open source developers & GPL enforcers with companies to resolve compliance concerns as soon as possible and without unnecessary escalations What happened since Aug 2010? • Worked with developers / GPL enforcers / companies • Several compliance inquiries were resolved to the satisfaction of the inquirer • None of these cases became “news”

  7. Impact of the Compliance Directory Connect developers/GPL enforcers to companies. Contribute to resolving compliance issues before they become news. Less FUD.

  8. Identifies code combinations at the dynamic and static link level Offers a license policy framework to define combinations of licenses and linkage methods that are to be flagged Provides linguistic review capabilities to flag comments in source code about future products, product code names, mention of competitors, etc. Maintains a db of keywords that are scanned for in the source code files to ensure code released is safe and ready for public consumption Tools for Compliance Due Diligence

  9. SPDXTM Workgroup Goal: Create a set of data exchange standards to enable companies and organizations to share license and component information (metadata) for software packages and related content with the aim of facilitating license and other policy compliance

  10. SPDXTM Workgroup Open Source Organizations End-Users Integration & Services Device OEMs Applications OS Distributions Systems Semiconductor Vendors …and others Participation is from a range of organizations and across various roles

  11. SPDXTM Roadmap Jan 2010 Aug 2010 Apr 2011 Jun 2011 Aug 2011 Spec started Spec v1 Beta Spec v1 Release Candidate Start Beta Program Beta Program Feedback Spec v1 Final @ LinuxCon Partners in Beta Programs: HP & Wind River Motorola & TI Open Logic & Antelink

  12. SPDXTM Workshop @ Collab SPDX Sessions at Collaboration Summit: SPDX Technical Working Session Thursday 1:15pm – 5:30pm in Spring A SPDX Business Working Session Friday 9:00am – 12:15pm in Sakura C

  13. FOSSBazaar • A community focused on FOSS governance for the enterprise • Self-sustaining; publishes wiki, news items, FAQs, videos, etc.

  14. Compliance Challenges to Tackle • Extending compliance throughout the supply chain • Training courses, white papers, webinars, conference tracks • Self-Assessment Checklist, facilitated discussions, and on-site consulting • Reducing the cost of compliance, especially for small companies • White papers, open source compliance tools, SPDX, roadmaps

  15. Future Direction More of everything: education, papers, training, SPDX, events, tools, etc.) FOSS Compliance Certification (under consideration) 15

  16. Linux Foundation Compliance Resources Open Compliance Program: http://www.linuxfoundation.org/programs/legal/compliance Compliance Publications: http://www.linuxfoundation.org/publications The Software Package Data Exchange™: http://spdx.org/ FOSSBazaar: http://fossbazaar.org/ Got questions? compliance@linuxfoundation.org

  17. Q & A Phil Koltun, Ph.D. Director, Open Compliance Program pkoltun@linuxfoundation.org

More Related